Web Fraud 2.0: Cloaking Connections
These days, nearly every aspect of the underground online economy that supports commercial crime operations has been automated. Online forums and criminal social networking sites have long offered aspiring newbies tips on getting started. But a slew of extremely popular Web sites increasingly are making it possible for newcomers to begin reaping profits from their activities through point-and-click Web interfaces that even the most novice hackers can navigate.
What follows today and throughout the rest of the week is a look at some trends and tools Security Fix observed being used by cyber crooks, as a result of several months of lurking on some of the more popular (and in some cases invite-only) cyber criminal forums.
Even the greenest cyber crook knows you never use your own Internet connection to conduct business. In the past, masking your true Internet address online meant configuring your browser to use multiple "open proxies," connections belonging to hacked or misconfigured systems that will happily forward any Web traffic.
But why bother with that manual, labor intensive process, when you can download a tiny program and subscribe to a service that handles it for you? That's the idea behind services like infecter.net, 5socks.net and anyproxy.net. Subscribers pay for a certain number of proxies weekly or monthly, and can even download a tiny program that automates the process of switching from one proxy to the next, whenever the customer wants to appear to be coming from a new or different Internet address.
Have a look at the screen shots I took of perhaps the slickest, most user-friendly proxy-changing tool for sale in the underground at the moment: XSOX. $50 USD buys you a month's worth of "unlimited" proxies (more accurately, access to roughly 500-600 hacked PCs). But don't count on paying with American Express. XSOX's operators only accept Webmoney, a virtual currency most popular in Russia and Eastern Europe. Furthermore, you will unlikely be able to get the service started without reaching the owner on instant message, and for that you'll need a firm grasp of the Russian language.
This type of service is especially appealing to criminals looking to fleece bank accounts at institutions that conduct rudimentary Internet address checks to ensure that the person accessing an account is indeed logged on from the legitimate customer's geographic region, as opposed to say, Odessa, Ukraine.
With XSOX, if your victim lives in Indianapolis, no problem. Just scroll down the list of available proxies, or sort by state and country, and double click the Internet address in Indianapolis. After that, every Web site you visit thinks you're coming from Indianapolis, regardless of the true Internet address you are using to access the XSOX service.
August 19, 2008; 10:01 AM ET
Categories: Fraud , From the Bunker , Latest Warnings , Web Fraud 2.0
Save & Share: Previous: Q&A With FBI's Cyber Division Chief
Next: Web Fraud 2.0: Validating Your Stolen Goods
Posted by: Mackenzie | August 19, 2008 10:54 AM | Report abuse
Posted by: Benjamin Wright | August 19, 2008 11:01 AM | Report abuse
Posted by: Hal | August 19, 2008 4:46 PM | Report abuse
Posted by: Bk | August 19, 2008 6:24 PM | Report abuse
Posted by: Infexion | August 21, 2008 2:15 AM | Report abuse
The comments to this entry are closed.