On the forums frequented by hackers, many scammers take advantage of the mass of data sold to deceive hackers looking for information or services.
The first rule in criminal circles is never to trust anyone, including other criminals. On the forums frequented by hackers, more and more scams abound as data leaks multiply. Cyber researchers at Sophos published a two-chapter report on December 14, detailing the many scams found on these famous platforms.
In total, hackers would have lost more than 2.5 million euros in 2022 on the three most popular forums, according to Sophos researchers who have accumulated complaints from injured hackers. If your digital life revolves around social networks, for many hackers, the first step of the day is rather to hang out on these sites which serve both as a place of exchange and a market place to sell stolen data. .
Naturally, as activity escalated — covid and then telecommuting spurred information leaks — scammers saw an opportunity to rip off hackers looking for a list potential victims. Phishing being the most common way to trick an Internet user, lambda or an employee – before attacking his company – criminals are looking for these files containing a whole lot of personal information.
False leak and accomplice guarantor
Just like on eBay or the good corner, the most ordinary method is ” stealing » : the buyer pays for the product, but never receives it, or vice versa, he receives what he ordered, but does not pay the money.
Another popular scam is leak recycling. A member of the forum is going to sell a database, but it turns out that these files have already been put online. The scammer simply recovered all the documents and resold them by inflating the ad: ” 10 million citizens hacked », « recent facebook credentials “we can read. Prices vary for a database depending on the amount of victims and the importance of this information. The files usually cost a few thousand euros when it is a viable, recent leak from a multinational.
Databases are not the only good for sale on these platforms, the services and talents of each are also offered for a salary. A hacker does not necessarily develop his own malware, so he calls on programmers. The latter will be recommended by another member of the forum, who will be responsible for being his guarantor. These two are accomplices in the crime: once the pirate has the assurance that he can trust the developer, he will pay this service provider, who will disappear without ever having worked on the software. The money will then be split between the scammers.
No shoulders to cry on
It even happens that hackers even try to trap other “colleagues” with their favorite weapon, phishing. Thus, false forum login pages sent by email have been identified by Sophos researchers. Here, the criminal will probably seek to steal the work tools or the loot of his victim.
Be careful, trapping hackers is not without risk. Proven scammers on the forums have already been hacked in the process by anti-heroes who have come to restore order on the platform.
On one of the most famous forums, victims of scams can always file a complaint with the administrators. The latter will then reveal the identifiers as well as the IP address of the culprit. However, he can always come back with a different email and a VPN. And of course, injured criminals will not be able to go to the police station to file a complaint for false data leakage. These are the hazards of the trade, the hackers will tell you.
