Hackers και οι εγκληματίες του κυβερνοχώρου συγκεντρώνονται συχνά σε “υπόγεια” forum για να αγοράσουν exploits, ή για να συνεργαστούν μεταξύ τους.
They may advertise upcoming projects they need help with, sell databases of stolen passwords and credit card information, or advertise exploits for new security vulnerabilities that can be used to break into devices or computing systems.
However, these deals often don't always go according to plan.
Η νέα έρευνα, που δημοσιεύτηκε σήμερα από την εταιρεία ασφαλείας Sophos, εξετάζει αυτές τις αποτυχημένες συναλλαγές και τα παράπονα που έχουν κάνει μέλη αυτών των forum.
"Scammers are scamming scammers on illegal forums and the amounts are much higher than we first thought," says Matt Wixey, a researcher at Sophos X Ops who studied illegal markets.
Wixey examined three of the most important illegal forums: the Russian-language Exploit and XSS, as well as the English-language BreachForums, which it replaced RaidForums when it was seized by US law enforcement in April.
While the sites operate in slightly different ways, they all have “arbitration rooms” where their members can complain if they believe they have been cheated or wronged by others.
For example, if someone buys malware and it doesn't work, they can complain to the site administrators.
Complaints can sometimes help get their money back, but more often they act as a warning to other users, Wixey says.
In the last 12 months – the period covered by the investigation – criminals on these forums lost more than $2,5 million to other scammers, according to the investigation's analysis.
There are some who complain about as little as $2, while the average scam on each of the sites ranges from $200 to $600, according to the research, which will be presented at security conference BlackHat Europe.