Cyber justice: the scammers scammed by scammers
Some cybercriminals find that what goes around comes around as they fall victim to the crimes they set out to inflict on others. And for the hundreds of millions impacted by cybercrime every year, this may be the most enjoyable example of schadenfreude.
How does a scammer get scammed?
A recent report from Sophos has revealed a great deal that your average black hat hacker would prefer to keep quiet. It turns out that some scammers are targeting other scammers with the lure of lucrative deals that are attractive to cybercriminals. And they are also leaving behind some trade secrets in the process.
Unsurprisingly, these activities occur on the dark web, where cybercriminals have apparently lost $2.5 million to scammers. And as this figure is based on data from three leading cybercrime forums, the actual figure is thought to be even higher.
Scammers are being scammed in a few different ways.
Most scams involve products used for cybercriminal activity and sold on dark web marketplaces. Such products could be information about security vulnerabilities that hackers can exploit or databases of stolen personal or financial details.
There are also “rip-and-run” scams, where the seller gets the money but doesn’t provide the goods. Then there are the scams on the dark web where the data is delivered, but not everything is as it should be. For example, the information for launching a scam is all there, but it’s either faked or inaccurate.
Sometimes scams work the other way around. The Sophos report details a case on the Exploit forum, where a Windows kernel exploit was delivered before payment was taken because the buyer said they wanted to test it first. After that — you guessed it — the buyer made themselves scarce, and a complaint on the forum featured a lengthy account of the exchange.
The value of scammer scams
While scammer scams might be good news for the perpetrators, this strategy might catch up with them.
One bonus for the scammers is that when they are defrauding fellow criminals, these victims are unlikely to report them to any authorities for fear of any unwanted attention it might bring them. Instead, scammers are often reported to the dark web forum where the scam originated, but this can only result in the person running the scam being banned from that forum.
But in the bigger picture of the war against cybercrime, these uber scammers could be doing a service to cybersecurity. That’s because those working to combat cybercrime can gain intelligence and learn from the ways that cybercriminals work by watching how criminals take advantage of each other.
When there are arbitration processes on dark web forums, the process might bring to light more information on the scammers and how they operate. These people would usually remain anonymous, but arbitration makes this more difficult.
The forums usually demand proof of the scams, which could be in the form of screenshots, communications, negotiations, chatlogs, email addresses, cryptocurrency addresses, or source code. And for security researchers, this kind of information is a goldmine.
A ZDNet report from the end of 2021 found that a “ransomware-as-a-service” named REvil, which provided ransomware services for other cybercriminals, had been scamming its clients.
REvil often loaned its ransomware to other cybercriminals with the agreement that the group would receive a cut of the bitcoin extorted. But a mere share of the loot isn’t enough for the ransomware gang. REvil left a secret backdoor in the code of its product that allowed them to access encrypted files stolen, take over the negotiations, and claim all the ransom for themselves.
So there really is no honor amongst thieves.
REvil’s activities caused a lot of accusations on dark web forums. One would-be ransomware extortionist complained that REvil thwarted their plans to receive a ransom of $7 million. Another forum user said that attempting to arbitrate such situations was about as effective as negotiating with Stalin.
But rather than worry about REvil’s activities against fellow scammers, you could direct your sympathy to the innocent victims of ransomware attacks, who were collectively extorted by as much as $766 million in 2021. Ransomware gangs have no qualms of conscience over launching attacks on the healthcare sector, even during the pandemic.
Unfortunately, cybercrime is a reality that no one can avoid, and we need to be aware of the various dangers. Learn more about what you can do to stay safe in our online security guides.