Press "Enter" to skip to content

Do you have five euros? You can go online to buy a virus (and you will have money left over)

cream_ph (Getty Images)

“Very good seller … Recommended 100%”, “I found it very Simple tutorial ”,“ This guy is legit ”,“ 5/5 Great service ”. It could be your typical Amazon reviews, perhaps for a seller of coffee pods or dishwasher tablets. But not. The praised services cannot be found on the mainstream internet, they are only accessible from browsers like Thor, which lead to the dark web or dark internet. What's more, what these anonymous users have bought is not even legal: it is the Trojan known as Zeus Botnet, which allows you to steal banking credentials and use the network of infected computers (known as botnet ) to commit malicious actions. And it costs less than three euros.

“There are different types of sellers of malware . Normally, the more specialized ones are more expensive ”, explains researcher Carlos H. Gañán, from the Cybersecurity group at the University of Delft (Holland), who has shared the aforementioned examples with Newsfresh. In its selection there are offers for all budgets: Zeus Botnet samples range from a few cents to just over 30 euros, but there are also services that exceed 1,000 euros.

The catalogs are as varied as the prices. According to a review by security firm Armor, the most economical option for those with the necessary knowledge is to separately purchase basic tools such as exploits that exploit vulnerabilities to access foreign systems, samples of ransomware (hijack virus computing) or code to extend the reach of botnets like Zeus. “You have the entire supply chain. You can buy a package in which the criminal does everything to you, or a particular part of the crime, ”Gañán says. “You can hire from the entry part of the malware to the mules that will put the money in your account or the mixer that reduces the traceability of cryptocurrencies. ”

Among the more elaborate services are platforms designed to allow launching a denial of service attack (DDoS) with a few clicks and set the cost based on the volume of machines participating in the server overload or the duration of the offensive. “It's quite simple: you pay with bitcoin, with monero or even with a card and they give you access to a panel where You can do whatever you want. You put the URL, the time and the type of attack ”, sums up Marc Rivero, senior security researcher for the GReAT team at Kaspersky. According to the expert, it would be possible to launch a “quite large” attack for about 90 euros.

More information
Medium-sized cybercrime: when the cyber attack is regular

These “digital goods” to do evil are increasingly in demand and offered on the dark internet, long referred to as the market for sordid things: from weapons to drugs to child pornography. “Physical products are more complicated because you need an address to send them to. It is very easy to sell software because you can receive it anywhere in the world and with total anonymity ”, explains Gañán. In addition, the competition between suppliers brings their uses and customs closer to those of any seller who tries to gain a foothold in an e-commerce platform: they establish customer service channels, improve the experiences of their users, care about their good name and adjust your prices. “If you are a beginner, you have no reputation. Those are the ones that normally offer the lowest rates ”, adds the expert. Malignos also contributes to the expansion of the digital ecosystem. Just seven years ago and according to data from IoT Analytics, there were about 3,600 million devices connected to the Internet of Things, which includes activity wristbands, surveillance cameras or virtual assistants, among others; in 2020 they exceeded 11.3 billion. When those machines are not adequately protected, they are easy prey for attackers looking to access a network or build a botnet . “Also, keep in mind that if these devices are in a large company or in a university, they have a lot of bandwidth,” explains Rivero.

There are less computerized proposals, such as “sinking someone's business.” For just over 150 euros, the victim will be overwhelmed by a tsunami of telephone spam, will receive unsolicited shipments at their premises (for example, pizzas) and will appear in advertisements that damage their reputation. You can also buy cloned credit cards and PayPal credentials whose value is determined by the funds available in the associated accounts. Personal data such as full name, date of birth, address, country, telephone number, social security number or driver's license would be for sale for about 20 euros for a Spanish citizen and for almost 50 for a British one. If what we are looking for is a training course that provides us with skills such as accessing the administration panel of a router and find the right targets in your network, just over 100 euros is enough. “And there are also free tutorials”, Gañán emphasizes.

If a layman can launch a cyberattack, can he also avoid the consequences? According to Gañán, given that the main interest of the security forces is to identify the operators of these markets to root out the problem, sellers and buyers remain in a moderately discreet background. The key is to take all measures that preserve the identity of the buyer. Rivero, who has seen cases of employees who end up badly in a company and seek revenge with a computer attack, argues that absolute anonymity is not so easy to achieve. “This type of thing usually ends badly because the inexperienced person ends up leaving a trace,” he says.

Unsecured Success

In 2019, a A team of researchers from the University of California, San Diego went into the dark web to test different theft providers of email and social media credentials. They hired 27 criminals and only five of them did their job. “The market had low volume, poor customer service and multiple scammers,” the study sums up.

The need to build a system of minimal trust in a criminal market justifies the appearance of comment models like the ones we find on Amazon. The operators of the large markets previously controlled who accessed their platforms, admitting only those who carried a recommendation from another seller or buyer. “Now since there is so much competition, they basically ask you to pay an amount. If you pay it, you are welcome ”, says Gañán. Trial versions are also offered, such as those that allow us to enjoy a week of access to a streaming platform .

But not even best practices ensure lasting business. The history of the black markets of the dark internet is full of fallen leaders. Every so often a new closure of “the largest illegal store” in this part of the network that cannot be accessed from conventional search engines reaches the headlines. The last one was DarkMarket: “This dark internet market has been closed down,” read the sign left by the authorities on the site's page. Next to the message, the fairy that the portal used as a logo appeared under a fly swatter.

According to Europol In this last great bazaar, some 2,400 sellers offered their goods and services to almost half a million users. Since its inception in May 2019, DarkMarket amassed at least € 140 million trading drugs, counterfeit money, stolen credit cards and, of course, malicious programs. Before they fell Silk Road, Alphabay or Empire Market. Yet this secluded digital souk continues to bustle with buyers and sellers. “As soon as one closes, another appears”, Gañán sentence

You can follow Newsfresh TECHNOLOGY at Facebook and Twitter or sign up here to receive our weekly newsletter .

Be First to Comment

Leave a Reply

Your email address will not be published.