lolloj - Fotolia
UK information security firm Digital Shadows has discovered a service for setting up online shops that is perfectly suited for cyber criminals.
This means there is effectively no barrier to setting up a cyber criminal business because all the necessary infrastructure and customer support is provided, eliminating the need for technical skills.
Researchers made the discovery while investigating the infrastructure underlying darkside.global, an online shop associated with cyber criminal entity Tessa88, which has been linked to data breaches at MySpace, Twitter and LinkedIn.
On the surface, deer.io is just another Amazon or eBay-like site that offers businesses a framework for setting up online shops, but it is highly geared towards supporting criminal operations.
The researchers note that deer.io proves that cyber crime services are no longer confined to the dark web, but are easily accessible to anyone with an internet connection.
The administrators of deer.io warn their hosted shops not to sell illegal goods and deny all responsibility for any illegal items advertised.
While there are some legitimate businesses to be found using deer.io – such as one selling tennis training videos – most of them offer illegal or semi-illegal digital goods that would breach Amazon’s or eBay’s terms and conditions.
“Deer.io appears to be custom-built for cyber criminals as it offers bullet-proof hosting services and distributed denial of service (DDoS) protection,” said James Chappell, co-founder and chief technology officer at Digital Shadows.
“The built-in payment systems are geared up for digital currencies and other money transfer systems favoured by cyber criminals,” he told Computer Weekly.
Read more about cyber crime
- A majority of businesses do not comprehend the methods and motivations of cyber attackers or fully understand the scale of the threat.
- More than half of UK organisations say they expect to be the victim of cyber crime in the next two years, suggesting it will become the UK’s largest economic crime, says a PwC report.
- UK ranks highly in phishing, social media and ransomware attacks as cyber criminals professionalise and take advantage of unpatched websites.
The provision of payment systems that enable transactions to take place around the clock without requiring attention, he said, is another indication that deer.io services are mainly aimed at users with low-technical capabilities who would find it challenging to orchestrate these services themselves.
Most of the “shops” offer things such as bulk auto-registered social media accounts, stolen social media accounts and stolen bank, payment, gift card and Uber accounts.
There are also dedicated servers and domain names for sale. A number of the shops advertise “coupons” to services that artificially increase the popularity of social media accounts or posts, most commonly focussing on social networks such as VKontakte, Odnoklassniki, Instagram and Facebook.
Cyber crime set to increase ‘significantly’
Deer.io’s existence is a continuation of a trend of lowering the barrier to entry into the cyber criminal world, said Chappell, which started with DDoS-as-a-service and the rental of exploit kits.
For legitimate businesses, he said it means the kinds of cyber crime the “shops” on deer.io enable will increase significantly because there is a bigger market for these services with a bigger volume of trade going through it.
“The more commoditised end of cyber crime is likely to get worse because we have now got places trading things such as legitimate log-in credentials,” said Chappell.
The deer.io service appears to have been active since at least October 2013, but activity has ramped up significantly since January 2016, the researchers said. Administrators claim that its users have enjoyed profits of more than $3.8m to date.
The researchers estimate there are around 1,000 “shops” hosted on the service, but said because some are hosted on separate domains and some as subdomains there could be a significant number of duplicates or mirrors.
“Deer.io is the first fully flexible framework we have come across that provides all the necessary paraphernalia associated with cyber crime and setting up a cyber crime business,” said Chappell.
Understanding the cyber crime world
Although the deer.io site appears to be aimed mainly at the Russian-speaking market, he said Digital Shadows analysis of the site is aimed at providing insights into the cyber crime ecosystem to help organisations better understand, mitigate and contain the effects of cyber crime.
“The fact that these services are available online means they are available to potential customers worldwide. Although we have seen sites offering single, specialised cyber crime services before, this is the first time we have come across a one-stop-shop for setting up online criminal businesses,” said Chappell.
Digital Shadows analyses a company’s digital footprint on the internet. It looks at all the information businesses expose online through social media channels, cloud services and mobile devices to find risks to the company’s reputation and security.
According to the research report, the company alerted a global airline that credentials for company user accounts were being sold on one deer.io domain.
For organisations that are mentioned in deer.io shops, gaining awareness can allow them to help mitigate and contain the effects, the report said.