In the past 12 months hackers have scammed more than $2.5 million from other cybercriminals on three separate hack forums alone (Exploit, XSS and BreachForums), according to Sophos researchers.
You might also be interested in reading All About Hacker Motivation: Why Do Hackers Hack?
Experts spoke about the results of studying darknet forums during a report at the Black Hat Europe conference, and then the study was published on the company’s blog.
Fraud on the three hack forums that were studied turned out to be so widespread that there are special “arbitrage rooms” on all resources.
For example, the Exploit forum has 2,500 scam messages and has a separate section for filing complaints, as well as a blacklist where cases of confirmed fraudulent activities are recorded.
In turn, 760 cases of fraud are reported on XSS, and the forum maintains a “list of rippers” with fraudulent sites.
Thus, Exploit’s “arbitration room” contains 211 complaints totaling $1,021,998, while the blacklist includes 236 incidents that cost other criminals $863,324. For example, in one case, an Exploit user filed a complaint trying to negotiate with the operators of the Conti ransomware to decrypt company data. However, forum administrators have closed this statement as ransomware is not allowed on Exploit.
The media also wrote that Neutrino Botnet Seizes Web Shells of Other Hackers.
Meanwhile, XSS, by comparison, has 120 complaints totaling $509,901, while BreachForums, which has only been in existence since April this year, already has 21 complaints worth $143,722.
While most of the scams that criminals complain about involve five- and six-figure amounts, some victims open claims for much smaller losses (there are cases where the amount of damage is as low as $2).
The report notes that such proceedings on hack forums often end in mutual insults and complete chaos, when the accuser accuses the defendant of fraud. In some cases, the intended victims themselves are blocked altogether.
While a ban is the most common punishment for cheating, BreachForums also practices doxing, posting the banned users’ email address, registration details, and the last IP address from which they accessed the forum.
Despite this, Sophos lists several cases “involving serial scammers” who were blocked from hack forums, but then simply created new profiles, paid a registration fee and continued to deceive their “colleagues”.