Hackers and cybercriminals often gather in "underground" forums to buy exploits, or to cooperate with each other.
They can advertise upcoming projects they need help with, sell stolen databases codeς πρόσβασης και πληροφορίες πιστωτικών καρτών ή να διαφημίσουν exploits για νέα κενά σημεία ασφαλείας που μπορούν να χρησιμοποιηθούν για να εισβάλουν σε Appliances or computer systems.
However, these deals often don't always go according to plan.
New research, published today by security firm Sophos, examines these failed transactions and the complaints made by members of these forums.
"Scammers are scamming scammers on illegal forums and the amounts are much higher than we first thought," says Matt Wixey, a researcher at Sophos X Ops who studied illegal markets.
Wixey examined three of the most important illegal forums: the Russian-speaking ones Feat and XSS, as well as the English-language BreachForums, which it replaced RaidForums when it was seized by US law enforcement in April.
While the sites operate in slightly different ways, they all have “arbitration rooms” where their members can complain if they believe they have been cheated or wronged by others.
For example, if someone buys malware and it doesn't work, they can complain to the site administrators.
Complaints can sometimes help get their money back, but more often they act as a warning to other users, Wixey says.
In the last 12 months – the period covered by the investigation – criminals on these forums lost more than $2,5 million to other scammers, according to the analysis of research.
There are some who complain about as little as $2, while the average scam on each of the sites ranges from $200 to $600, according to the research, which will be presented at security conference BlackHat Europe.