For a one-off fee of $125, you too can become one of those scumbags who preys on elderly Internet users and small online businesses.
Cybersecurity software provider Armor this week revealed in its latest annual threat report that it has found a so-called ‘hacker university’ offering online courses that teach students how to commit various cyber crimes. These include how to access a router’s admin software; deploying ransomware; locating targets on compromised networks; and trafficking stolen credit card information, among others.
According to Armor, the ‘university’ also plans to sell its own range of ransomware, keyloggers password stealers, and trojans.
All of this is accessible for the low price of $125, paid in Bitcoin or Monero – a cryptocurrency that prides itself in offering anonymous payments.
“Creators of the site advertise that they want to ‘teach people about cybercrime and how to become a professional cybercriminal. By taking the course offered you will gain the knowledge and skills needed to hack an individual or company successfully with whatever malware you have at your disposal’,” said Armor, in its threat report.
Charming. Presumably the university doesn’t offer a course on ethics, where students are encouraged to try and reconcile their idealised image of hackers as modern-day outlaws with the reality that all they are really doing is stealing old peoples’ pensions.
Among the other findings in Armor’s report is an a la carte menu of various dark-Web products and services and their prices.
These include but are not limited to perennial favourites like an individual’s credit card information ($5-$35 depending on nationality and type of card) or DDoS attack ($100-$250 depending on the size of Website), to something a little more exotic, like personal identifiable information – street-name ‘fullz’ – or a white-label turnkey e-commerce platform that enables anyone to set up their own darkweb online store. There is even a service that offers to destroy a rival small business by bombarding it with spam and unwanted items ($185).
“One of the most worrisome items the TRU (Threat Resistance Unit) team saw this year was an array of business fullz for sale, as well as fullz culled from financial loan applications. Business fullz contain everything a criminal needs to appear as if they are a corporate officer of an actual business, whereas personal fullz from loan applications contain all kinds of personal identifiable information on an individual, enough to commit identify theft,” Armor said.
According to the US Federal Trade Commission’s most recent Consumer Sentinel Network Data Book, there were 3.2 million reports of fraud and identity theft in 2019, up from 3.1 million a year earlier. The rate of fraud and identity theft has more than doubled over the last decade.
Once they’re bored of nabbing Netflix credentials, today’s graduates of hacker university could conceivably go on to postgraduate study that involves compromising critical infrastructure upon which lives will come to depend.
Gartner uses the term cyber-physical systems (CPSs) to describe those systems that monitor or interact in some way with mission-critical, physical infrastructure. It predicts that the financial impact of CPS attacks that result in fatalities will top $50 billion by 2023.
“Even without taking the actual value of a human life into the equation, the costs for organisations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant,” Gartner said.
As a result, it expects that by 2024, 75 percent of CEOs will be held personally liable for CPS security incidents. Here’s hoping that hacker university is a bust, and doesn’t evolve into the MIT of cyber-attacking.