You don't have to be a stealthy hacker or member of organized crime to buy and sell goods in the North American cyber underground: it's a wide open, easily accessible cyber marketplace that makes it easy for anyone to illegally buy weapons, crimeware, and botnets.
What sets the North American underground economy apart from that of Russia and other more stealthy cyber-based crime conduits is that it's easy for novices to access -- there's no limited access like in the Russian underground. And that means it makes it easy for anyone to conduct cybercrime or access the tools for physical crime, a new report from Trend Micro has found.
"It's more of an Amazon [type] shopping mall for goods and services, a one-stop shop for anything nefarious," says Tom Kellermann, chief cybersecurity officer at Trend Micro.
Many of the underground sites studied by Trend Micro are searchable via the Web. All it takes is the right search query, and a novice can access what he or she needs to perform criminal acts, such as guides for how to use VPNs or TOR for nefarious purposes, and goods and services for cybercrime (stolen payment card information), physical fraud (fake passports), drugs, and even murder. "You can get ransomware in the US for $10," Kellermann notes.
But the brazen openness of the North American cyber underground also means it's in the sights of law enforcement, a tradeoff the peddlers and buyers seem willing to risk. They get around getting busted by constantly changing up their sites: "Although several criminal transactions are done out in the open, they are very fickle. The life span of most underground sites is short. They could be up one day and gone the next. Investigations will have to keep up with this fast pace," Trend Micro's report says.
There's also rampant competition among the vendors, which has made the purchase of these wares relatively inexpensive.
[When you think cybercrime, Japan probably isn't top of mind. But like anywhere else, the bad guys there are following the money, and an emerging yet highly stealthy underground economy is growing in Japan. Read Japan's Cybercrime Underground On The Rise.]
One of the trademark offerings in the North American underground is crypting services, which offer bad guys a way to camouflage their malware from anti-malware systems. They submit their malware, and the providers check it against security tools and then encrypt it such that it's no longer detectable. That service is available from $20 for a one-shot deal to $1,000 for a monthly offering.
The Xena RAT Builder crimeware kit is price anywhere from $1 to $50, and offers two levels of customer service: silver ($15) and gold ($20). Gold encrypts it so it's undetectable. Would-be cybercriminals can buy a worm from between $7 and $10; botnet or botnet-builder tools for between $5 and $200; ransomware for $10; and the Betabot DDoS tool for $74.
There also are DDoS-as-a-service options, which start as low as $5 for 300 seconds of a 40 gigabits-per-second DDoS attack, to $60 for a 2,000-second 125Gbps DDoS. Bulletproof hosting services are also available for $75 per month.
A phony US passport costs $30, and a phony US driver's license, $145, Trend Micro's researchers found.
"They're [the sellers] trying to enable anyone with criminal intentions. That's problematic," Trend Micro's Kellermann says. "It speaks to more crime having a duality to it, and with cyber-components."
Unlike the Russian underground, North America's has no organizational structure, he says. "Germany's is the most sophisticated in operational security … Russia is selling the most zero-days and advanced attack platforms."