The criminal underground's black market is a place filled with much criminal activities and also trade. All fraudsters around the world gather just to trade stolen informations – informations like personal information, credentials for online banking and credit card infos. What these frauds do can be considered as organized crime, but still it is not comparable to mafias and such. Yes, these fraudsters have administrators in their forums, but they are not crime boss which every members of the fraud community has to follow.
Underground forums is organized like regular forums are; laws are placed to be followed by buyers and as well as sellers; there are also services that are designed to resolve disputes and secure all parties involved. There are different statuses that can be obtained in the forum; although there is hierarchy in the group, all the members are treated as equal as long as they are not rippers. Indeed, they may be equal in rank, but they are not equals when you consider the levels of sophistication. It is the same in the community of hackers, the population of those individuals are lesser as the levels of sophistication increases.
Most hackers are script users who only use the scripts that are invented by elite hackers; fraudsters are the same. Imagine a pyramid divided into three major levels, where the top is the elite fraudsters and hackers using cutting edge fraudulent methods; they can produce their very own malware, can find ways to circumvent security systems of EMVs. The least sophisticated fraudsters scavenge the internet to rip off a few dimes and nickels to different individuals. Each fraudulent activity can also have a part in the pyramidal hierarchy; each activity is arranged accordingly – the more sophisticated they are the higher they are in the pyramid and the lesser the number who can accomplish it.
Let us consider Trojan scripts, phishing and botnet methods.
Trojan methods are more sophisticated than phishing attacks, thus the number of individuals who can launch Trojan attacks are fewer in comparison to the number of individuals who can launch phishing attacks. While using botnets to distribute malwares is not as sophisticated as the other two and can be used by many regular fraudsters. However, people who are already breached can find a way to strengthen their security system and that is to hire people to man their system who have already passed a computer forensics training or a computer forensic course.
We can say that these levels of sophistication can be beneficial to the underground economy. It is because fraudsters who are experts in specific fields rather than the whole process can help those less sophisticated individuals; they create markets where their commodities and the services they have can be shared. For example, less sophisticated fraudsters and hackers can have the information or tools they want from the elites for a certain price or for free. However, the bad thing about this is that even the smaller fish in the fraudulent community can conduct sophisticated attacks that would be troubling to many companies and individuals.
Opportunities for anti-fraud professionals are also open because they can use the current model or structure of the underground community to disrupt or reduce the activities of fraudster – even if it is temporary. For example, if there is a proliferation of MITB scripts in the underground community, they can device a temporary solution like adding SpyEye or Zeus to thwart fraudulent transactions by the MITB.
When issuing a fraudulent transaction automatically, Man-in-the-browser modules for Zeus and SpyEye are programmed to auto-fill a transaction form based on the name or location of each field in the form. A simple addition to a bank's website, one that would generate random field names as well as place hidden fields in a random order, could thwart the Trojan's ability to make fraudulent transactions. However, this solution would work against unsophisticated fraudsters; the elites could find ways to bypass this security measure.
Even if it is just temporary, it could still help prevent fraud attacks from less sophisticated fraudsters, thus reducing loss from Trojans. Once the newest version of security is released, everything will be back from the start. The developers of these Trojans would then focus their attention into their existing malware – making it much better than making new fraudulent methods. Temporary disruptions in the system will make many kits for phishing unusable, thus the fraudsters would have to target others instead of the intended target.
Security professionals of banks would consider one question first; the number of sophisticated and unsophisticated fraudsters who are targeting the bank because the answer to this question would help in how the banks could build their defenses and thwart the vile plots of fraudsters. Another good way to build up defenses is to hire someone who is good in digital computer forensics