US Cyber Criminal Underground a Shopping Free-For-All

itwbennett writes: According to a new report by Trend Micro, the North American cyber criminal underground has "[essentially] become a gun show for everyone as long as they can participate and are willing to pay," said Tom Kellermann, chief cybersecurity officer at Trend Micro. Their research revealed that 15% of underground sites sell offer crimeware and allow criminals to buy a variety of malware and hacking services, such as crypting. It's the hottest-selling item, other than drugs, said Kellermann. In case you're wondering, murder for hire sites make up just 1% of the underground mall.

So only certain types of hacks are sold?

[xxxJonBoyxxx]

>> has become a gun show

So...only "small arm", non-automated hacks are for sale then?

Re:

[zlives]

for that you have to go to the big players like the US and Chinese govt's per norm.

Re:

[ageoffri]

And you have to go through a background check run either by the FBI or your Steve level BI.

Re:

[wyHunter]

You beat me to saying it!

Re: So only certain types of hacks are sold?

[Anonymous Coward]

The proper term is semi automatic hacks. In the state of New York you are limited to 10 hacks per tcp connection before you have to disconnect and reconnect.

Re:

[KGIII]

Do you have to re-crimp new CAT-6 every time in California or is there a special tool that locks the cable in and you have to press a recessed button in order to remove the cable before you can reinsert a new one?

Re:

[ebvwfbw]

More like a church bizarre.

Law Enforcement?

[Locke2005]

Doesn't making it easy for cybercriminals to find your business also make it easy for law enforcement to find your business? Why isn't law enforcement spending money to try to contact each of these, as well as put up multiple honeypot sites to go after their customer base? How many of the murder-for-hire sites were created by law enforcement in the first place? Much like beautiful women on dating sites, I suspect the count of criminal enterprises is greatly exagerated by ringers put up by law enforcement personnel.

Re:

[fluffernutter]

You think these people go through all the trouble of figuring out the darknet to place an ad, and then come waltzing up the sidewalk of anyone who contacts them? Interesting.

Re:Law Enforcement?

[ShanghaiBill]

Doesn't making it easy for cybercriminals to find your business also make it easy for law enforcement to find your business?

Not if you pay with Bitcoin and download with Tor. Do you really think they pay with a Visa card, and have FedEx deliver a CDROM to the billing address?

Re:

[Fire_Wraith]

Only if you want it to come with the special FBI Party Van add-on package.

bitcoin blockchain

[DrYak]

Not if you pay with Bitcoin

Except that, with the bitcoin protocole, every single transation is broadcast to the whole network (on purpose, that's the way it works without a central authority.

And eventually, the guy will want to actually spend them. These bitcoins arent going to sit collecting dust.
Which means either using them to pay for something (and thus sending them to a payment processor) or exchange them (and thus sending them to an online exchange platform).
And these sites (exchage and payment processors) are require by law (l

Bitcoin anonymity

[DrYak]

It's common to just trade the bitcoins for cash,

Either you do it on a small scale (as do normal people, and which would be of limited use for a criminal earning a LOT of BTC money).
Or you need to constantly exchange huge wads of cash (so you need to find a neighbourhood with HIGH needs for bitcoins, and trade a LOT of money which is bound to attract the curiosity of law enforcement and/or tax services)

Remember the discussion is not about "how can I anonymously trade my 0.03 BTC ?" the discussion is about criminals whose main source of revenue is in BTC a

Re:

[JesseMcDonald]

Which means either using them to pay for something (and thus sending them to a payment processor)

You can make purchases with Bitcoin without going through any payment processor. Sure, a lot of sites use BitPay or Coinbase or similar, but there are some that accept bitcoins directly. For that matter, not all of the ones that do use a payment processor require any personally-identifying information, particularly for online services or digital goods. (Obviously if you need something shipped to you, that isn't going to be very anonymous.) The payment processor itself doesn't collect any of this information

Re:

[rtb61]

Still basically it is nothing but script kiddies for profit. The coders and distributors try to make as much money as possible out of idiot amateurs and it is the idiots who get caught and provide cover for the coders and distributors activities. Nothing new just another investigatory frothing beat up for, we need more money and power now. One second the biggest culprits are other governments, then it is terrorists and then it is back to organised crime. Personally I am waiting for the alien hackers threat

Any proof murder for hire is a real thing?

[swb]

About the only time I ever hear about contract killings is when people get arrested trying to hire somebody to commit murder on their behalf. It never works, they always seem to get caught. As they say, good help is hard to find.

Have there been any actual killings attributed to a murder for hire website? It sounds like a scam.

Re:

[wyHunter]

It probably is a scam, or at least, an urban legend. Here's the scenario: LE puts up such a website and gets some bozo to inquire. They arrest bozo.

Re:

[mccrew]

Alternatively, they get bozo to pony up a large payment, then disappear... Profit!

Re:

[PPH]

I don't know. I spent the last 4 years looking for my ex-wife's killer. Nobody would take the job.

Re:

[ShanghaiBill]

About the only time I ever hear about contract killings is when people get arrested trying to hire somebody to commit murder on their behalf. It never works, they always seem to get caught.

If "it works" then you don't hear about it. There is just a dead body, and nobody knows who killed them or why. Often, there isn't even a body. There are thousands of unsolved murders every year, and many more people that go missing.

Re:

[swb]

There are thousands of unsolved murders every year, and many more people that go missing.

I hear that "thousands of unsolved murders" but how many are there really? I believe there are a fair amount of murders that go unsolved, but aren't most of these like gang killings or something? The kind of deal where some guy is found shot dead in a shitty part of town -- the cops don't know who the trigger is, but through gang intelligence they have a pretty decent idea what group killed him and often a fair guess (they can't prove in court) who the trigger probably was.

Actual disappearances that are n

Re:

[Ed Tice]

I wish I had mod points. Most people wouldn't know where to look for a contract killer and, unless the first person they ask happens to be one, there is a string of evidence starting at the first inquiry. If somebody from my community asked if I knew a hit man, I'd have to politely decline any knowledge. I would probably assume that they were just venting some anger and ignore it. But if a week later, some bizarre murder happened in town, I would probably remember pretty quick. So would the other dozen

Re:

[rockmuelle]

Not sure about in the US, but back when I was in Thailand in the early 90s, I remember a Bangkok Post feature article that interviewed a number of "hit men". It seemed fairly legit, even if the stories were embellished. Most of it was centered around the regional drug trade. Of every newspaper article I've read, that's one I wish I'd kept. It was one part John Woo, one part local news investigative reporting.

Here's a recent article about one being captured: http://www.bangkokpost.com/pri... [bangkokpost.com]

Of course, I doub

Re:

[houstonbofh]

I am sure the report was totally unbiased...

I'd like to mention..

[fluffernutter]

This is as much a part of the 'if they can't enforce laws against you then screw them' economy as Uber and Lyft are.

Re:

[Anonymous Coward]

You left out Google, Boeing, IBM, probably more I can't think of at the moment.

Re:I'd like to mention..

[DarkOx]

Well the moral of the story here is you should not pass laws you can't enforce you should not outlaw things people generally don't see as terribly objectionable.

Letting people use apps t get rides and paying people to take them places in cars does not offend anyone other than rent seeking cabbies. The result is you get a general public that breaks the law. Ditto for soft drugs like weed, gambling, more discrete prostitution eg call girls who do happy endings, etc.

Other people see people they know and respect being scoff laws and respect for the law is lost. After that its only short mental leap to 'i probably won't get caught so what the hell' and that is why we can't have nice things.

Re:

[fluffernutter]

It offends me. It offends me because I live in a city where I know I can go to the nearest hotel if I need a cab, something I will not be able to do when they are gone. Where some of the infrastructure is too narrow, and there is enough traffic as it is. Where I know that my disabled relatives can also get cabs only because the companies are legislated to have a certain number of handicapped equipped cars. When people vote with their wallets, they make very selfish choices. This is why there are laws.

Re:

[Locke2005]

"When people vote with their wallets, they make very selfish choices."

So in other words, you're against personal choices and in favor of government forcing you to subsidize special interests against your will? Doesn't sound like "freedom" to me.

Re:

[fluffernutter]

It's still freedom because the government only prevents you from hurting others in ways that may be lost on the individual. I'm willing to pay an overhead if it means more people get what they need, yes.

It happens all over.. prescription meds, buildings, power grids, city planning, etc etc Nothing new. It's called civilized society.

Re:

[BlueStrat]

It offends me. It offends me because I live in a city where I know I can go to the nearest hotel if I need a cab, something I will not be able to do when they are gone.

First, only the largest major hotels in the largest US cities have cabs waiting and/or continuously picking up & dropping fares. You'd have to hope the clerk doesn't tell you to leave the property if you simply walked in and asked them to call a cab for you as a non-guest, in most places.

Second, why would you assume all the existing taxi companies would disappear? Having to actually compete, some will surely fail, but it's not a given that would be equally true for every taxi company. The ones that offe

Re:

[fluffernutter]

"Second, why would you assume all the existing taxi companies would disappear?"
Because you're allowing a company to ignore the laws that hold their market together. No enforcement, no laws. No laws, no market. No market, no taxis. that much is pretty clear, actually

Why should people of limited mobility only have 'special' services to use? A lot of government agencies only support the vary disabled. There is a whole group in the spectrum in between that should not be taking resources from the ones

Re:

[KGIII]

Well the moral of the story here is you should not pass laws you can't enforce you should not outlaw things people generally don't see as terribly objectionable.

Letting people use apps t get rides and paying people to take them places in cars does not offend anyone other than rent seeking cabbies. The result is you get a general public that breaks the law. Ditto for soft drugs like weed, gambling, more discrete prostitution eg call girls who do happy endings, etc.

Other people see people they know and respect being scoff laws and respect for the law is lost. After that its only short mental leap to 'i probably won't get caught so what the hell' and that is why we can't have nice things.

That's insightful? You can't enforce laws against murder - you can only punish after the fact and then only if there's evidence to do so. So we shouldn't have laws that make murder illegal? That's not so insightful, I think.

Laws have never been about stopping anything. They've been about establishing punishment for what is deemed harmful behavior by the powers that made those laws.

Re:

[NostalgiaForInfinity]

This is as much a part of the 'if they can't enforce laws against you then screw them' economy as Uber and Lyft are.

Which is why we shouldn't be passing unenforceable laws in the first place. If we didn't have the taxi monopolies and the laws supporting them, Uber and Lyft wouldn't be such a big deal because we would already have large numbers of small companies. But by passing first the monopolistic taxi laws and then passing more laws to try and regulate Uber and Lyft, you're pretty much ensuring that onl

Re:

[houstonbofh]

There is something to be said for some regulation, however. This is from having seen the unregulated "Black Taxis" of South Africa...

Re:

[NostalgiaForInfinity]

There is something to be said for some regulation, however. This is from having seen the unregulated "Black Taxis" of South Africa...

Those aren't really "taxis" but minibuses, like you find in many third world nations. And the problem isn't with lack of regulation, it's with lack of enforcement of criminal law (or alternative private mechanisms).

It's also hard to say whether the current situation is worse than the original situation. After all, large numbers of people are transported by the current system,

Re:

[Grishnakh]

Uber and Lyft are perfectly legal. Your mistake is thinking that taxi laws apply to them; they don't. They don't have taximeters, and therefore are not taxis. They're limosines, and operate under those laws.

Re:

[Volda]

I wouldn't say they are perfectly legal. I do not think that most of those working for Uber or Lyft have commercial insurance to be transporting people for profit and do not follow DOT guidelines for safety and drug testing. That's part of why they are getting in trouble.

Re:

[epyT-R]

you lefties are a riot. Equating murder for hire with taxi services is the mark of crazy.

Re:

[fluffernutter]

I would think righties wouldn't want to see millions more on welfare. Uber will decimate an entire industry that has been promised to people. Families are depending on this income, and now no one will make significant money driving people in cars again. In the end the entire economy will take another spin downwards. But I guess you righties tend to complain a lot about people who live off the system but as long as you are happy you'll let the industries fail like dominos. The funny thing is you'll prob

Re:

[epyT-R]

Yeah, but it's the left that's been anti uber/lyft. You can bitch about uber's pricing but it's not like taxi service hasn't been a ripoff. Some competition should help settle market prices. Look what lack of competition did to the american car market. There's a reason americans buy foreign, and why detroit is now a hellhole. Competition is a needed element to keep businesses limber. Otherwise, they turn into bloated, inefficient monopolies like any other state service.

Part of the problem of 'living wage'

Re:

[fluffernutter]

The taxi service has been charging exactly what they need to charge according to the laws and regulations that were made by the people who live in the cities they operate in. If we yank the carpet out from underneath them now, there will be all kinds of lawsuits and rightfully so. If someone took something the value of my house away from me (ie. the value of a medallion) just because they didn't like my house and how it was built, I'd need to sue as well.

Re:

[epyT-R]

Laws and regulation != competition. Therefore what is being charged isn't necessarily represented by what the market will bear. This leads to crazy fares. Of course, that's ok, but when uber does it, it's the end of the world, right? There's nothing special about transportation services that requires 'medallions' and artificial exclusivity.

Re:

[fluffernutter]

Uh, Medallians only came about because too many people were on the road trying to be a taxi so I'm not quite sure how you can say there is no purpose to them. There were a lot of accidents and injuries because cars were literally swarming the roads looking for fares and it had to be restricted,

What is "crypting"?

[Anonymous Coward]

What is it?

Re:What is "crypting"?

[DaTrueDave]

But the bad guys didn’t exactly take this innovation laying down; rather, they responded with their own innovations. What they came up with is known as the “crypting” service, a service that has spawned an entire industry that I would argue is one of the most bustling and lucrative in the cybercrime underground today.

Put simply, a crypting service takes a bad guy’s piece of malware and scans it against all of the available antivirus tools on the market today — to see how many of them detect the code as malicious. The service then runs some custom encryption routines to obfuscate the malware so that it hardly resembles the piece of code that was detected as bad by most of the tools out there. And it repeats this scanning and crypting process in an iterative fashion until the malware is found to be completely undetectable by all of the antivirus tools on the market.

http://krebsonsecurity.com/tag... [krebsonsecurity.com]

Re:

[houstonbofh]

Let's do those crimes! Let's get some sushi and not pay!

Nice analogy

[rfengr]

Nice F'ing analogy; a gun show. Has he ever been to a gun show? Most of the tables selling guns are FFL. The rest beef jerky, tools, ammo, etc. Sheesh, you have to be an FFL to be a "dealer". There are no unlicensed "dealers". Sure, there are a few with signs hung on their backs with a long gun on shoulder, advertising a private sale, but they are few.http://yro.slashdot.org/story/15/12/07/203211/us-cyber-criminal-underground-a-shopping-free-for-all#

Re:Nice analogy

[rfengr]

...and I forgot to mention the loads of undercover ATF just waiting to bust someone. A gun show is really no different than a gun store, just more like a flea market.

Re:

[ksheff]

Don't forget the little old ladies selling jelly, salsa, or other stuff they made at home. They're the ones that really rake in the cash.

At least we know

[tsotha]

In case you're wondering, murder for hire sites make up just 1% of the underground mall.

Well, sure. There aren't that many FBI agents.

gun show

[Yonder Way]

That quote is ridiculous. Anybody who's ever been to a gun show can tell you it's one of the safest most orderly mass congregations of people you'll ever have the pleasure of attending. The stuff that's for sale adheres to strict local, state, and federal laws. And there is no tolerance by the show management, attendees, or other vendors of shenanigans.

Re:

[SuperBanana]

That quote is ridiculous. Anybody who's ever been to a gun show can tell you it's one of the safest most orderly mass congregations of people you'll ever have the pleasure of attending. The stuff that's for sale adheres to strict local, state, and federal laws. And there is no tolerance by the show management, attendees, or other vendors of shenanigans.

six people shot in one week at gun shows [thinkprogress.org].

That's just one example. Googling "man shot gun show" yields a veritable treasure-trove of examples of accidental d

Re:

[ebvwfbw]

Ok, problem with the story. Do you know anything about guns? At all? It says he slid the 25 caliber pistol's slide back. Well if he did that, it can't shoot. As soon as the slide moves it disables striking or it will blow up were the cartridge to go off.

BTW, did you know I'm a French Model?
Must be, you read it on the Internet. Bon Jour!

What do they think goes on at gun shows?

[Anonymous Coward]

The authors have no clue about gun shows. Almost every gun show I have visited had a cop at the front door, and I have been to a lot of gun shows.

Since the authors of this story imply that gun shows are places where lots of illegal guns are sold to criminals, I wonder how well they understand criminals. Probably not very well.

It's time to take note of their names and remember to search for them monthly for a few decades. This ridiculous misunderstanding of criminality will be very useful in discrediting them for decades to come.

Re:

[EdwardFurlong]

Probably the last place, even with what they call the "gun show loophole" you would ever want to make an illegal buy or sale. The slightest whiff you are either a criminal, a narc, or a gov setup, nobody will have anything to do with you, buying or selling. Maybe these people should go to gun shows to sell their drugs, or why not sell guns online if it is so easy to sell drugs? One cow is not the same as another.

Re:

[EdwardFurlong]

I thought the "gun show loophole" was private citizens selling to other private citizens, in most states you can sell a firearm to someone else, of course they want to stop that as well, but something about it being at a gun show makes it a bad thing. If you want to buy from a private party, just go to armslist.com, check the box private party.

Two tickets..

[modi123]

Sweet! Now when I flex my pale muscles to pickup chicks I can ask them if they want two tickets to the _cyber_ gun show!

And again, you fail at the summary

[Anonymous Coward]

Using the GREAT BIG GRAPH from the story we see 2% of traffic is gun-related, but somehow it's a "gun show"? I guess you are one of the gun-hating crowd, amirite? Sheesh.

Wow a free for all?

[burtosis]

If its free for all count me in - i love free stuff!

Cyber

[aaaaaaargh!]

Sorry, whenever I see the word "cyber" in an article, I know it's crap and stop reading. Doesn't matter whether it's about cybernetics or the "US cyber underground".