Reports of hacking of shadow forums began to appear this year with enviable regularity. The question arises: why do hackers hack their own? Everyone's motives are different: eliminating competitors, revenge, financial gain. And if with the first two reasons everything is relatively simple (no enemy, no problem), then the monetization of information obtained after an attack is a more complex issue.
Of immediate interest to hackers may be electronic wallets used by competitors on shadow forums. Some of them accept money for purchasing access to the site: a one-time fee averages $50–100, and the funds are most often immediately transferred and accumulated in other administrators’ wallets.
There are also forum deposits - wallets that provide a guarantee fund for the community. In case of fraud in transactions, this “deposit” is written off in favor of the deceived party to compensate for losses. The amounts of such guarantees can reach several thousand dollars.
A “guarantor” of the transaction is also often used - an analogue of a bank escrow account. The money for the goods is transferred to the wallet of the “guarantor”. He checks the goods and, if everything is in order, transfers the money to the seller, keeping a percentage for himself. The purchase price usually does not exceed $1 thousand, but since transactions occur constantly, quite large amounts accumulate in the account. The Verified forum, for example, estimated possible losses from its electronic wallets at $150 thousand, but the administrators called the amount “small.”
Of interest to the hacker is the direct data of forum users, which can be sold. After Verified was hacked on one of the competitive sites, the forum database, including private correspondence of participants, was put up for sale for $100 thousand. The attack can also be monetized through blackmail: by hacking the forum, identify several users and demand a ransom from them in exchange for maintaining their anonymity. Or you can compromise the data that the forum user himself is selling and try to resell it. The amount in this case is limited only by the imagination of the attacker.
In reality, such attacks on forums are less likely to provide direct financial benefits to lone hackers, who can find easier and more profitable targets. For them, the attacks have rather a moral motivation. One should not lose sight of the fact that the hacks occurred in a short period of time and concerned specifically Russian-language sites. It is possible that we are talking about competition at an international level.
Another option is “hacktivism” in the interests of another country. In this case, it is not the direct benefit of hacking that is assessed, but the ability to prevent potential damage from future attacks. There is a possibility that compromised hackers may cease their activities or even help law enforcement agencies to reach a larger hacker network or professional cyber group. But this is one of the least likely reasons for hacking: attacks on such resources are rather unprofitable for law enforcement agencies and intelligence agencies, since they draw data from there for their investigations.
It is difficult to say for sure whether the recent string of hacks is a coincidence or a deliberate campaign. But it is obvious that hacks will complicate the “work” of cybercriminals, at least in the short term, and some, for fear of being discovered, may even retire.
(c) Anton Yudakov, Operations Director of the Solar JSOC Cyber Threat Monitoring and Response Center at Rostelecom.
Of immediate interest to hackers may be electronic wallets used by competitors on shadow forums. Some of them accept money for purchasing access to the site: a one-time fee averages $50–100, and the funds are most often immediately transferred and accumulated in other administrators’ wallets.
There are also forum deposits - wallets that provide a guarantee fund for the community. In case of fraud in transactions, this “deposit” is written off in favor of the deceived party to compensate for losses. The amounts of such guarantees can reach several thousand dollars.
A “guarantor” of the transaction is also often used - an analogue of a bank escrow account. The money for the goods is transferred to the wallet of the “guarantor”. He checks the goods and, if everything is in order, transfers the money to the seller, keeping a percentage for himself. The purchase price usually does not exceed $1 thousand, but since transactions occur constantly, quite large amounts accumulate in the account. The Verified forum, for example, estimated possible losses from its electronic wallets at $150 thousand, but the administrators called the amount “small.”
Of interest to the hacker is the direct data of forum users, which can be sold. After Verified was hacked on one of the competitive sites, the forum database, including private correspondence of participants, was put up for sale for $100 thousand. The attack can also be monetized through blackmail: by hacking the forum, identify several users and demand a ransom from them in exchange for maintaining their anonymity. Or you can compromise the data that the forum user himself is selling and try to resell it. The amount in this case is limited only by the imagination of the attacker.
In reality, such attacks on forums are less likely to provide direct financial benefits to lone hackers, who can find easier and more profitable targets. For them, the attacks have rather a moral motivation. One should not lose sight of the fact that the hacks occurred in a short period of time and concerned specifically Russian-language sites. It is possible that we are talking about competition at an international level.
Another option is “hacktivism” in the interests of another country. In this case, it is not the direct benefit of hacking that is assessed, but the ability to prevent potential damage from future attacks. There is a possibility that compromised hackers may cease their activities or even help law enforcement agencies to reach a larger hacker network or professional cyber group. But this is one of the least likely reasons for hacking: attacks on such resources are rather unprofitable for law enforcement agencies and intelligence agencies, since they draw data from there for their investigations.
It is difficult to say for sure whether the recent string of hacks is a coincidence or a deliberate campaign. But it is obvious that hacks will complicate the “work” of cybercriminals, at least in the short term, and some, for fear of being discovered, may even retire.
(c) Anton Yudakov, Operations Director of the Solar JSOC Cyber Threat Monitoring and Response Center at Rostelecom.
