This site may earn affiliate commissions from the links on this page. Terms of use.

A new post from security blogger Brian Krebs has focused attention on a growing trend in the cybercrime underground: cooperation. It'southward not like regular organized crime, in which physically localized gangs can dominate a local underworld, only a oversupply-based system of skills-sharing that could cease up being far, far more than unsafe.

The post focuses on the now-defunct Enigma hacking forum, which served as a skillful instance of the sorts of activities Krebs warns almost. The forum allowed would-be attackers to post some specific detail of the attack they want to consummate — say, they need to get through the security on a detail brand and model of router. If the forum'southward user base had someone with the required skills, access, or connections, then an ad-hoc cybercrime team tin be created.

crime forums 2Each sub-step in an overall information breach tin thus exist assembled a la carte, spanning national borders and socio-economic barriers. With the impersonal, distributed nature of these forums, a hacker in People's republic of china might buy his way through a barrier by enlisting the services of a Spanish teenager, who is herself using a piece of software purchased from an American off of servers run out of South America.

This non only makes cyber crime incredibly hard to rail both before and after the fact, simply information technology also means that a much college proportion of would-exist attackers take access to the full spectrum of personnel necessary to safely complete an operation. This ways that more "ops" are likely to actually begin, and more of those that do brainstorm and probable to succeed.

crime forum 3About alarmingly, one of the cadre skillets beingness sought by pure hackers is more classical intelligence gathering, the ability to collect personal information about someone either in person or over the web. One hacker can enlist the services of another to dig into a target's life and come back with allurement needed to plow a transparent phishing attack into a devious spear-phishing attack. It'south the difference between getting an email from a Nigerian prince, and seemingly from your cousin Sally — someone who is already supposed to be emailing you right around that fourth dimension, anyway. Spear-phishing has been the original betoken of ingress in some of the biggest hacks e'er, and these sorts of criminal networks make them far easier to consummate.

This world of undercover activity is worthwhile for anyone who works in the shadows — criminal or otherwise. Krebs recounts the story of an Enigma user ordinarily referred to as The Samurai, who users had colloquially agreed was probably a Chinese government agent. The Samurai was interested in ownership any and all large dumps of stolen information — any information — and he would pay immediately without haggling over prices. In the criminal underworld, that means he's almost certainly making purchases with somebody else's coin — like, for instance, that of the People'southward Republic.

Hackers (the movie) -- scarily prescient tagline?!Nobody, non even those who sold such information to The Samurai, know for sure who or where he is, which is of course the signal. These markets offering a way for "state actors" to easily outsource their hush-hush attacks on a country to that country's own criminal elements, insulating themselves from danger. A different hacker forum, called The Gentleman's Club, had a postal service about an attack on Ashley Madison 3 weeks before the AM hack hit the papers — is it related, or a pure coincidence?

Nobody knows. Merely as loftier-profile data breaches dominate the news with greater and greater frequency, the question volition be pressing. Can nosotros really stop hackers, if they always fully encompass the power of well-funded oversupply-sourcing?

Once once again, nobody really knows for certain.