Cyber attacks bought ‘as easily as online shopping’

Connecting buyers with sellers via the internet — the so-called “platform” economy — has enabled companies such as Amazon, eBay, Uber and Airbnb to build vast global businesses. Now cyber criminals are using the same technique, and even the same platforms, to buy and sell their tools.

Surrey University criminologist Michael McGuire estimates that more than $1.5tn in profits a year are acquired, laundered, spent and reinvested by cyber criminals through “platform criminality”.

“The role of platforms in sponsoring and supporting the cyber crime economy more widely is quite unlike anything we have seen before,” he says.

“Would-be criminals no longer need to be computer experts to conduct cyber crime, because they can buy in the various components they need as easily as online shopping.”

The ecosystem includes platforms created specifically to sell and distribute tools for cyber crime. One example was Webstresser, a cyber crime marketplace, which was taken down by British and Dutch police in April.

On sites like these, customers can hire hackers or purchase software, data, log-in details and hardware such as credit card skimmers and fake mobile phone masts. They can even get rated to gain privileges and access rights to further products and services.

Daniel Cohen, director of fraud and risk intelligence at RSA, a security company, says: “If I want to steal credit cards I don’t need to understand how to put together a phishing kit or how to host it or distribute it, or spam 500,000 people with it. I just have to go to a credit card store and buy compromised credit cards.”

The idea of cyber criminals as hackers working from their bedrooms is out of date, says Mr McGuire. “They still exist, but they are increasingly being utilised, or ‘farmed’, by much more sophisticated groups.”

Cyber crime platforms allow less sophisticated cyber criminals to do what only nation states and the most sophisticated could do a few years ago, says Ian Pratt, co-founder of Bromium, a cyber security company.

More than $1.5tn in cyber crime profits pass through online platforms each year

Mainstream platforms, too, are increasingly used by criminals to distribute malware, phishing emails and other cyber criminal tools.

Google’s DoubleClick advertising system, for example, was hijacked by a Russian group that exploited it to distribute malware to users. The hackers injected fraudulent content into adverts appearing on the sites of retailers such as Sears, Walmart, Target and eBay. The malicious code stole account credentials, hijacked search queries and tracked user activity. Some 3,000 retailers were affected.

Services such as eBay, Airbnb, Uber and PayPal are also being misused for money laundering. Fraudsters set up fake shops, pretend lettings and “ghost” taxi rides, in order to take illegal payments. Large payments are often broken into hundreds of thousands of smaller ones to escape detection limits.

“You can buy [a stolen credit card] for as low as $1, then with a friend, or even by yourself, you can list a property on Airbnb and charge this card for a stay. The money comes to you pretty quickly. By the time the fraud is identified, either by the issuing bank or by the card holder, it could be too late,” says Mr McGuire.

Airbnb says it uses a number of techniques to detect illegal activity and works closely with law enforcement when cases come to light. “We have zero tolerance for any type of financial fraud,” the company says.

Social media are widely used by fraudsters to communicate with each other and build their brand, says Mr Cohen, which recently published a report on platform-based cyber crime. These cyber criminals want to find potential customers, so they are not trying to hide. “In most cases, they’ll have an online store selling compromised credit cards.

“On Facebook it is easy to find posts offering full credit card information on individuals, with their name, address and date of birth. There are lots, and it is hard to say exactly just how many. A simple search of the term “carder” or “carding” [a carder is someone who engages in credit card fraud] will reveal tens of such profiles.”

Mr Cohen adds that many fraudsters are extending their presence to Telegram, Whats­App, Instagram and Snapchat. WhatsApp’s end-to-end encryption makes it popular with fraudsters, while Snapchat is often used for conversations because it automatically removes all messages when a chat ends.

Instagram’s Stories feature, which lasts for only 24 hours, can also help criminals avoid detection.