21st August, 2020
Trading for stolen loyalty currency, data etc. on the dark web is quite similar to any online marketplace, with options varying from shopping categories to what’s available within various categories to the profile of the fraudster and criminal gang, and lot more.
The modus operandi is quite sophisticated and it is reflected in what and how fraudsters run their respective accounts.
“Fraudsters need to show they do legitimate business, sell authentic data and work on their reputation...even offer the option of refund,” mentioned Tobias Wieloch from Europol (European Cybercrime Centre or 3C), during Loyalty Security Association’s (LSA) webinar today. The fraudsters also stipulate refund and replacement policy. He added that the majority of attacks rely on existing modus operandi and benefit from known vulnerabilities.
Identification, Attribution and Data Enrichment
Wieloch also explained how the team works on its database, identifiers etc. to work on user matches and user duplication, and identify cybercriminals. Working with the private industry, the team also looks at attribution of losses and evaluates how the data has been fraudulently used, assesses sold compromised credit card or account details, and the financial damage per user. The team also looks at criminals’ details – user name, email address, IP Address + time stamp, login history, device details and phone number.
Wieloch also cited the case of Grant West, a hacker known as Courvoisier, who reportedly stole 78 million usernames and passwords to sell on the dark web with cyber attacks on Uber, Argos etc.
By Ritesh Gupta