Cybercriminals Brush Up On Skills With Online Courses

Welcome to “Dark Web University”

We all know about the ongoing illicit activity that takes place on the dark web, but did you know that aspiring cybercriminals and fraudsters can attend online courses to sharpen their skills in specific areas? It’s all there, thanks to “benevolent” threat actors sharing their knowledge with cybercrime cadets looking to make their way in this underground industry.

Several dark web forums offer online courses — either homemade or advertised on behalf of a third party — that will take you from “zero to hero” in a specific cybercrime vector. These courses illustrate the degree to which underground criminal communities serve as enablers for cyber criminal activities, such as by lowering the barriers to entry for those with few skills and giving them the knowledge they need to commit fraud.

IntSights dark web research tools expose a vast array of online courses and mentorship programs. In this post I’ll share some of these, which are really just a drop in the ocean of educational offerings that can be found on underground forums and closed web channels.

Carding from A to Z

Since February 2014, a well-known Russian cybercrime forum has offered a carding course that includes 7 weeks’ training with more than 10 lectures. The course is advertised for potential students as a way to get a new profession and earn money that will upgrade them to a higher standard of living.

The course price is 66.000 Russian rubles (about $900 USD) and will require an additional $200 for “extra expenses.” After the group is formed (with a maximum of 10 participants), the training starts in private conference rooms in a secure messenger with an opportunity to ask moderators and other professionals questions.

This carding course covers everything that’s necessary for a fledgling cybercriminal to execute a full cycle of fraud: anonymization, credit cards in-depth knowledge, workstation preparation, and hands-on practice on how to execute different types of fraud. In addition, the course covers real-life practices such as working on US, European and Asian markets, electronic gift cards, bank accounts, PayPal, verification procedures, order shipping, and more.

Verification with IDs

Today, an increasing number of online services require a more advanced user verification procedure that usually includes submitting a personal ID and another document (such as a utility bill) as proof of identity and/or residency.

For the low low price of 9500 Russian rubles (about $130 USD), one popular dark web service offers an opportunity to enroll in 16 classes (45 minutes each) to become a professional in working with digital documents. The course will teach you how to work with Adobe Photoshop, nuances of different countries’ ID templates and utility bills, generating MRZ codes, and additional features that will help to pass anti-fraud systems.

After a fraudulent document is created using these methods, it can be submitted as a part of the user's verification procedure and, when the account is activated, it can be potentially used for further types of fraudulent activity.

Charity on the Dark Web

Unlike the previous examples where the threat actors monetize their knowledge while converting it to an online course, another reputable Russian threat actor claims that he will donate all his earnings to charity.

This threat actor currently offers 3 online courses: working with payment systems, an introduction to brute-force attack methods, and the basics of refunds from US and European stores. In doing so, he believes that the course alumnus will generate a proper cash flow that will help them to explore the world. Thus, to earn new knowledge that will help to promote the underground community and the forum.

What We've Learned

The various educational offerings available via the dark web are helping advance the underground cybercrime economy through knowledge and profit sharing. Furthermore, these activities are circumventing regulatory and compliance initiatives before they even go into effect. For more on this, read the new report from IntSights and Riskified: “The Dark Side of PSD2: Fraudsters’ Reaction to the EU Regulation.”