North American cyber underground is more open that most think: Report

There are lots of words to describe cyber criminals: Bold, imaginative and suspicious come to mind from the experts I’ve talked to in the past 12 months. A news story and a security vendor report both out today paint sometimes contrasting pictures about the capabilities and confidence of these gangs.

Trend Micro released a report that says at least some North American groups selling hacking tools, bulletproof hosting services, stolen accounts, products and services, fake documents, murder for hire and illegal drugs operate more openly than their counterparts in other geographies, with sites on the surface Web — not the deep Web as you might expected. Meanwhile security writer Brian Krebs recounts the story of a law enforcement officer who was somehow exposed while trying to make a buy of stolen credit card data, showing how skilled one group is.

Trend Micro describes the North American criminal sites it has discovered as “not a locked vault accessible only to the tech-savviest of hackers, but rather a glass tank—open and visible to both cybercriminals and law enforcement. Cybercrime operations are treated like regular businesses. Several goods and services are blatantly advertised on Surface Web forums and even on popular sites like YouTube to draw in customers.”

In most cases, malware bought include technical support from their developers. The Xena RAT Builder, for example, can be purchased with any of two service packages—Silver or Gold. The Gold package comes with crypting services to ensure that the malware the kit creates would be fully undetectable.

However, drugs are the focus of the underground sites Trend Micro looked at, making up 62 per cent of sales, followed by stolen data dumps (16 per cent) and crimeware (15 per cent). That doesn’t mean these sites of less interest to infosec pros, but those who run these marketplaces aren’t thinking — yet — of aiming them at cyber criminals.

“The open nature of North American underground can mean greater profit for sellers and overall market growth,” the report notes, although it also points out many sites don’t stay up long. For the time being their openness could give law enforcement agencies here an edge.

Law enforcement keeps tabs on cyber thieves by making buys of supposed stolen data. The hope is that the data will identify the source of a theft so the victim company can be alerted. But recently one investigator was somehow caught just as his purchase was making its way to the checkout. Krebs says it’s possible the person was caught on a blacklist of IP address ranges known to be used by law enforcement.

Whatever the reason, it’s “another example of the growing sophistication of large-scale cybercrime operations,” Krebs concluded.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now