The way black hats and other cyber criminals have approached their operations has diversified over time. From hacking collectives to business-like operations, the life of a cyber criminal is very different from 20 years ago. According to recent observations from security researchers at FireEye, it appears that black hats are approaching their work like corporations. In a report, FireEye identified two hackers they call the Vendetta Brothers who act just like a major business.
The Vendetta Brothers, made up of the hackers“1nsider” and “p0s3id0n,” outsource and delegate a majority of their cyberattacks to other people. Operating entirely on the Dark Web, the Vendetta Brothers focus primarily on point-of-service systems and stealing information for monetary gain. As FireEye states, the Vendetta Brothers “have been observed using everything from phishing to installing physical skimmers to steal payment card data, and their targets have mostly been located in the U.S. and Nordic countries.” The outsourcing comes in when the Vendetta Brothers eliminate a lot of the work by hiring or teaming up with individuals who have already hacked into POS systems or any other target.
Another part of the Vendetta Brothers’ operation is running a business of selling stolen credit card information and other sensitive data. FireEye identified the Vendetta Brothers operating an e-commerce shop where “cyber criminal customers can search for payment cards from specific banks or geographical regions.” To truly solidify their corporate-esque operation, there is even a customer service portion to the site where complaints can be logged. Such complaints have included clients threatening to expose — hilariously — the entire operation to cybersecurity professionals if they do not have adequate customer service (see image below).
This is not to say that the Vendetta Brothers never conduct their operations solo. In the same report, FireEye identifies certain times in which they “sometimes compromise systems on their own using spam campaigns, possibly leveraging leads provided by their criminal partners.” Even here, however, the “company” is still utilizing its massive network within the Vendetta Brothers infrastructure.
It is very possible that InfoSec experts will be dealing with more organizations like the Vendetta Brothers in the near future. As the past has proven, when cyber criminals find a method that is effective, they tend to stick with it until something better emerges. The Vendetta Brothers are a two-person operation with many individuals under them; imagine what bigger hacking collectives may be able to do with the same business mindset?
Photo credit: FireEye, Vlad Lazarenko