Uncovering the face of cyber crime: How a hacker scammed over $100 000

Researchers from cyber crime solutions company, Check Point, have painstakingly uncovered the identity of a prolific cyber criminal known as ‘Dton’.

When you spot a phishing attempt or an email with a suspicious document attached in your inbox, have you ever wondered who actually sent it to you, and how they got your details? Or even how much money they really make from their activities?

The cyber criminal Dton has been active for over seven years, and earned at least USD 100 000 from his work. In fact, it’s likely he has earned several times that amount.

Who is Dton?

Dton is 25, single, and lives in Benin City. From his resumé, Dton seems like a model citizen. But he also has another identity: Bill Henry, a career cyber-criminal who buys goods with stolen credit cards and launches phishing and malware attacks.

Uncovering the face of cyber crime Image by B_A from Pixabay
When you spot a phishing attempt or an email with a suspicious document attached in your inbox, have you ever wondered who actually sent it to you, and how they got your details?

Getting started: stolen credit card scams

Bill / Dton started out by speculating a little: he spent around $13 000 buying the details of 1000 credit cards from a special online marketplace specializing in stolen payment card credentials. With each stolen card – costing around $4 to $16 each – Bill usually tried to charge about 200 000 Nigerian Naira (NAN), equivalent to around $550 US. If the transaction is blocked, he tries another merchant, or another card until one succeeds. From his ‘investment’ in the 1000 stolen cards, Bill has been able to charge at least $100 000.

However, it seems that constantly buying new blocks of stolen card details started to irritate Bill/Dton: he resented having to pay upfront and wanted higher margins and profits. So he started buying ‘leads’ – bulk email addresses of potential targets, so he could launch his own exploits.

Moving into multi-level malware marketing

Bill/Dton started buying up the tools of the trade to help him craft malware to spam out to his list of targets. These tools include off-the-shelf packers and crypters, infostealer and keylogger components, and exploits. With these tools, he could custom-build his own malware, insert them into a benign-looking document, create his email, then blast it out to his large list of marks.

This quickly delivered lots of user credentials that Bill could exploit, earning him more money – and also satisfying his boss. Yes, Bill/Dton is not a sole trader: he has a manager, who in turn reports to another manager. These managers pass seed capital down to Bill/ Dton, but they also expect strong returns on their investments. It’s the cybercrime equivalent of a ‘pyramid selling’ or multi-level marketing scheme.

Once again, Bill/Dton started to get irritated (as we all sometimes do) by his boss nagging all the time, and by the diminishing returns from buying and using off-the-shelf malware toolkits. He decided to develop his own malware from scratch – malware that has no known signature, and that can bypass most security defences – so he could work for himself.

It’s a RAT eat RAT world

As Bill/Dton is not a coder, he hired a person named ‘RATs &exploits’ to develop his malware for him. But it seems the expression ‘there is no honour amongst thieves’ is true: Bill/Dton compromised Mr RATs &exploits’ machine with a RAT, so he could spy on his work and hopefully steal some of his secrets. When that wasn’t enough, he also engaged – and then fell out with – another shady character behind a specialised malware packer program, by arguing with him on underground forums over prices and usage. The result was that when Bill/Dton didn’t get what he wanted, he reported the other party to Interpol. The cyber-crime economy is certainly a rat-eat-rat world – but all the while and despite these minor setbacks, Bill/Dton carried on earning illicit cash.

Dton’s journey into cybercrime shows how even a relatively unskilled, and undisciplined individual can profit handsomely from fraud and malicious online activity. This is simply because, like many other criminal activities, cyber-crime is a numbers game. It doesn’t matter if 499 people don’t open a malware-spiked email: the 500th person will. And when you can target hundreds of thousands of people at a time, you only need to infect a handful to get hold of your ill-gotten gain.

To protect yourself against becoming a victim of the thousands of Dtons / Bills out there, you should follow these best practices:

· When shopping online, ensure you are ordering goods from an authentic source. Don’t click on promotional links in emails, and instead Google your desired retailer and click the link from the Google results page to avoid having your personal and payment details skimmed.

· Beware of ‘special’ offers. An 80 percent discount on a new iPhone or ‘an exclusive cure for Coronavirus for $150’ is usually not a reliable or trustworthy opportunity.

· Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.

· Protect your organisation with an holistic, end to end cyber architecture, to prevent zero-day attacks.

ALSO READ: How SMEs can stop cyber attacks on their businesses

Since uncovering Dton/Bill’s identity and activities, Check Point’s research team has notified law enforcement authorities in Nigeria and internationally and shared its findings with them. Full details of Dton’s exploits are available on the Check Point Research blog.



Latest


20 Jan 2021
Reflecting on more than 50 years of labelling and coding excellence

As Pyrotec approaches its 55th anniversary next year, Rowan Beattie, the company’s managing director, reflects on the long history of…

Reflecting on more than 50 years of labelling and coding excellence

As Pyrotec approaches its 55th anniversary next year, Rowan Beattie, the company’s managing director, reflects on the long history of this privately-owned and managed business. Pyrotec has always been an innovative, forward-thinking, and proudly South African organisation that has built a strong reputation for its expertise in industry-leading, on-pack product…

18 Jan 2021
RS Components stocks extensive range of environmental T&M instruments

RS Components is now stocking a wide range of its own-brand RS PRO environmental test and measurement equipment. These high…

RS Components stocks extensive range of environmental T&M instruments

RS Components is now stocking a wide range of its own-brand RS PRO environmental test and measurement equipment. These high precision instruments and devices are for engineers and scientists to monitor environmental conditions such as heat, moisture, sound, and light. RS PRO The RS PRO infrared thermometer is a handy…

13 Jan 2021
Rand Air gets its hands wet with handwashing project for rural schools

Having already teamed up in 2018 with Atlas Copco’s ‘Water for All’ initiative, as the key sponsor, in 2020 Rand-Air…

Rand Air gets its hands wet with handwashing project for rural schools

Having already teamed up in 2018 with Atlas Copco’s ‘Water for All’ initiative, as the key sponsor, in 2020 Rand-Air saw the opportunity to once again make a meaningful contribution to the community, by providing disadvantaged schools – particularly in outlying rural areas – with handwashing facilities to enable them…

12 Jan 2021
How water insecurity is compounding the pandemic in Africa

By: Simon Thomas director of Megapipes Solutions Limited The COVID-19 pandemic has starkly illustrated how multiple water security risks affect…

How water insecurity is compounding the pandemic in Africa

By: Simon Thomas director of Megapipes Solutions Limited The COVID-19 pandemic has starkly illustrated how multiple water security risks affect the lives and livelihoods of millions of people across Africa, Kenya included. The pandemic has compounded the severity of the impacts resulting from water-related climate hazards, such as floods, droughts…


Top stories


29 May 2020
Electra Mining Africa 2020 cancelled due to pandemic

Electra Mining Africa 2020, due to take place from 7 to 11 September at the Expo Centre in Johannesburg, has…

Electra Mining Africa 2020 cancelled due to pandemic

Electra Mining Africa 2020, due to take place from 7 to 11 September at the Expo Centre in Johannesburg, has been cancelled due to the COVID-19 pandemic. The next edition of the show will be held from 5 to 9 September 2022 at the same venue. Continued prohibition of large…

01 May 2020
JF Equipment launches innovative mobile unit for sanitisation in public places

In the midst of the COVID-19 pandemic JF Equipment has launched the revolutionary and durable Sani-Tunn, a mobile unit that…

JF Equipment launches innovative mobile unit for sanitisation in public places

In the midst of the COVID-19 pandemic JF Equipment has launched the revolutionary and durable Sani-Tunn, a mobile unit that can sanitise an individual as well as whatever they may be carrying. As the world adjusts to the new social norm, it’s encouraging to see how innovative our resilient nation…

18 Mar 2020
Coronavirus-triggered recession will change how we do business but could speed up Industry 4.0

The recovery from a coronavirus-triggered recession will usher in a new era in which the way we live, do business…

Coronavirus-triggered recession will change how we do business but could speed up Industry 4.0

The recovery from a coronavirus-triggered recession will usher in a new era in which the way we live, do business and invest will fundamentally change. This according to Nigel Green CEO and founder of the deVere Group, one of the world’s largest independent financial advisory organisations. These comments come as…

20 Apr 2020
The importance of digital solutions during the COVID-19 pandemic

Digital solutions can provide a safe way for consumers and businesses to manage their day-to-day tasks during the COVID-19 crisis…

The importance of digital solutions during the COVID-19 pandemic

Digital solutions can provide a safe way for consumers and businesses to manage their day-to-day tasks during the COVID-19 crisis without compromising their health or safety. As a result, businesses have to adapt to the new demand for digitised services in order to stay relevant. The pandemic has taken its…


Visit the official COVID-19 government website to stay informed: sacoronavirus.co.za