3 Alan Kakareka, CISSP, GSNA, GSEC, CEH, MCP, MCDST, Net+, Sec+ sh-3.2# whoamiAlan Kakareka, CISSP, GSNA, GSEC, CEH, MCP, MCDST, Net+, Sec+Masters degree in science from Florida International UniversityCTO and founder of Demyo, Inc.Based in Miami, Florida, USA.Demyo, Inc.
4 And I enjoy green letters on black background Demyo, Inc.
5 What are the most dangerous countries? Demyo, Inc.
6 Where all the goodies are? Unknown – Unknown:Forums, various websitesKnown – Known:IM, typically ICQDemyo, Inc.
7 Lets take a look at 2 underground forums https://exploit.in/forum/ - pretty smallhttps://forum.antichat.ru/- one of the bigger onesDemyo, Inc.
9 https://exploit.in/forum 341k messages, 35k users.Demyo, Inc.
10 How many of all messages are sale / buy / trade? Roughly 10-15% of all messages are related tosell / buy / tradeAnother 90% is how to program this, how to hack this, how to solve this kind of issue, etc.Demyo, Inc.
15 Auction system for serving malware - “vDele” Demyo, Inc.
16 Software to build your own botnet – “andromeda botnet” Demyo, Inc.
17 Also available Demyo, Inc. Credit card numbers Paypal accounts Online banking accountsspamming servicesCell phone spamming services (by text messages) and / or calls0-day exploits (rarely)Custom malware, spyware, toolsPlain hacking servicesDDOSFull identity (CC + SSN + DOB + address + with password + online banking credentials + mothers maiden name + dogs name + etc.)Demyo, Inc.
18 0-day exploits (rarely) If a black hat has 0-day it is much more profitable do something with it than selling itIf you are white hat hacker, sell it to company’s who are buying bugs like ZDIDemyo, Inc.
23 Another way is by endorsing from the forum owner Demyo, Inc.
24 Means of payment Demyo, Inc. No paypal….. WHY???? Webmoney Liberty ReserveYandex MoneyBitCoin – not so muchF2F – almost neverMost popular is WEBMONEYDemyo, Inc.
25 Closed sections Typically there are 3 access levels 1st level – make some useful posts2nd level – get to know somebody and post some sensitive data3rd level – be well known in community, post some real goodiesDemyo, Inc.
26 Limiting access only to higher profile people Demyo, Inc.
27 Prices… How much is this, how much is that? Demyo, Inc. Depends what language you speakIf you ask in Russian – 100 bucksIf you ask in English – 200 bucksDemyo, Inc.
28 SPAM Emails sent vs Emails in Inboxes 1 million SPAM s in inbox – 200 USDDemyo, Inc.
29 Actual pricingPrivate virustotal.com type service – 40 USD / month, unlimited amount of filesWhy do you need a private virustotal.com service? When virustotal.com is free???DDOS – 100 to 400 USD a day, depending on traffic amount.DDOS sales/discussions are getting forbidden in many public Russian forums, why???CC – 0.1 USD to 5 USD depending on amount and/or qualityDemyo, Inc.
30 Actual pricingPaypal – 1% to 10% of the balance, also depending on account type and other factorsOnline Banking – 1% to 10% percent of the balance, depending on the bank, account type and other factorspass combo – FREE, unless it is sorted, verified for validity, and is bundled with other accountsFull identity (CC + SSN + DOB + address + with password + online banking credentials + mothers maiden name + dogs name + etc.) – about 100 USDMany, many, many other types of services and goods – agreed priceDemyo, Inc.
31 OTHER FACTORSPaypal and Online Banking – 1% to 10% of the balance depending on account type and other factors.User logs in into his account once every 6 monthsPassword to users is available as wellThis particular bank DOES allow online transfersUser logs in into his account dailyPassword to users is not available This particular bank DOES NOT allow online transfersDemyo, Inc.
32 How many Russian resources are there? A LOT OF THEM1,5 million messageshttps://forum.k0d.cc/index1.phphttps://forum.xeksec.com/And so on….Demyo, Inc.
33 How to find Russian resources Russian search enginesClassic Google dork‘Site:ru hacking’Or…..Demyo, Inc.