Researchers from cloud security-as-a-service provider Armor’s Threat Resistance Unit (TRU) have been taking a deep dive into a dozen dark markets and forums. Analysis of the data compiled from trawling these English and Russian-speaking criminal marketplaces has been published in the annual Armor Black Market Report. As well as the usual tracking of the prices for stolen credit cards, bank account credentials and Distributed Denial of Service (DDoS) for-hire operators, there was one surprising new trend: a Bitcoin to cash conversion scheme that offers criminal buyers the opportunity to buy cash for pennies on the dollar. Paying $800 (£647) in Bitcoin gets you $10,000 (£8,095) in cash.
The Black Market Report
The Armor Black Market Report is the result of researchers from the Armor TRU trawling through underground internet markets and criminal forums. These “dark markets” are notorious for selling just about anything that can be stolen online, from personal and financial data to illicit services such as articles of incorporation for creating shell companies, the distribution malicious spam and even hackers for hire who will scrub your credit history.
The TRU research team analyzed and compiled data from twelve dark markets and criminal forums visited between February and June 2019. It came as no surprise to me that they found cybercriminal after cybercriminal selling credentials for as yet “unhacked” Windows remote desktop (RDP) servers. These are often used by ransomware actors looking for an entry point into corporate networks. That these credentials were being sold for as little as $20 (£16) was unexpected though. The cost of entry, quite literally, to the ransomware threat sector has never been cheaper.
Neither, for that matter, has the cost of cold, hard cash. The TRU researchers found that, partly to get noticed in a crowded market and partly to offset the risk of monetizing stolen banking and credit card accounts, entrepreneurial threat actors are selling cash for between 10 and 12 cents on the dollar. This isn’t, as you might have guessed, a case of criminal philanthropy.
Instead, it’s a method for criminals to offload the risk of monetizing stolen account credentials by transferring the funds available rather than taking possession of them. It’s still money laundering, and it’s illegal, but it puts the most significant weight of risk onto the buyer.
Here’s how the buy cash for Bitcoin scheme works
The seller offers bundles of cash in various amounts, from $2,500 (£2,020) to $10,000 (£8,095) in exchange for a pre-paid fee in Bitcoin. That fee varies between 10% and 12%. Which means that $10,000 of cold cash can be bought for $800 in Bitcoin.
The buyer makes the payment and then chooses how they would like to collect the cash. This can be a straightforward transfer of funds to a bank or PayPal account or wired via Western Union. As well as getting a significant return on their illicit investment, the purchaser no longer has to worry about monetizing online bank account or credit card credentials. It’s a turn-key service; there’s no risky logging into compromised accounts, no money mules to worry about, just the (totally illegal) collection of cash.
“For those scammers who don’t possess the technical skills and a robust money mule network to monetize online bank account or credit card credentials, this is an offer that can be very attractive,” Chris Hinkley, head of Armor’s TRU team said, “the threat actors are still selling financial account and credit card credentials outright, but this clever service gives them an additional channel for monetizing the large amounts of financial data available on the underground.”
Money mules served well by dark market documentation
One of the other interesting things to come out of this analysis was the fact that cybercriminals are selling articles of incorporation and sole proprietorship papers on the dark market. Not shocking, but interesting. While the cash for Bitcoin transactions gets rid of the money mule requirement, there are still plenty of people who adopt that role, and these papers are aimed at them. A money mule is someone who transfers stolen money between accounts in exchange for a fee of between 10% and 20% of the value. For a money mule to be successful, they need to open business bank accounts that don’t trigger fraud alerts on larger transfer volumes. To open these accounts, they need an Employer Identification Number (EIN) assigned by the U.S. Internal Revenue Service, and that’s where the documentation to create shell companies enters the equation. The documentation does not come cheap, however. Sole proprietorship papers complete with EIN were found on sale for $1,611 (£1,298), and Articles of Incorporation with EIN were $811 (£653).
On Paxful you buy bitcoin from other people in real-time. Trading happens online via live chat. Paxful Vendors can earn six figures from the comfort of their home and many do. Once payment is made and verified by the seller, the bitcoin will be released to your wallet. We’ve built a feedback and reputation system on the advice of the very best traders in the space. Use the simplest bitcoin wallet on earth. You can’t make a mistake and know exactly where to go next.
for more info : http://onlinemarketingscoops.com/