Meet Ripper.cc, A Reputation Service For CybercriminalsMeet Ripper.cc, A Reputation Service For Cybercriminals
Ripper.cc offers a service to help protect the genuine cybercriminals from the scammers in their midst.
January 24, 2017
Fraud, it turns out, is as big a problem in the cyber underworld as it is for legitimate enterprises. And just as businesses constantly refine processes and techniques for spotting fraudsters, so too apparently do the bad guys.
Security firm Digital Shadows issued an alert this week about Ripper.cc, a service designed to help cybercriminals weed out scammers selling fake credential dumps, invalid or used payment card data, and for failing to deliver promised goods after taking money for them.
Ripper.cc is not the first service to try and help shield cybercriminals from fellow scammers. Cybercriminals have long used blacklists, underground forums, and other means to warn one another of rippers in their midst. Since 2005, in fact, a Russian service named Kidala.info has maintained a database of rippers.
What makes Ripper.cc different is its level of sophistication and the quality of its service, says Michael Marriott, research analyst at Digital Shadows.
For starters, Ripper.cc has a much sleeker-looking, and therefore more usable, website, according to Digital Shadows. The operators of the underground reputation service also offer helpful extensions for Firefox and Chrome and for PsiPlus that highlight all the known rippers that might be present in an underground forum or site so visitors know to stay away from them.
The browser extensions allow the visitor to click through the warnings and pull up ripper profiles from Ripper.cc, along with any identifying information that might be available on the individual including forum accounts and the reasons for their being in the database, Marriott says.
The PsiPlus plugin for those using Jabber instant messenger warns users when they might be interacting with someone in the Ripper database. As with the browser extension, the PsiPlus plugin also lets users pull up the profile and full details of each scammer. In both cases, the purpose is early detection of rippers.
The plugins address a critical shortcoming in blacklists and some of the earlier services like Kidala where all the data about known rippers is contained in one place.
"Ripper.cc’s browser plugins will highlight known rippers for you on any forum regardless of whether they have been banned on that particular forum or not," he says. "[That] means it’s cross-platform and doesn’t require you to do anything extra."
The creators of Ripper.cc appear to have taken steps to assure users about the trustworthiness of the scammer data in the database. They have tried to involve trusted members from within the underground community to participate in the project. Ripper.cc also has a process to ensure that all submitted complaints about potential rippers go through an arbitration process, Marriott says. Administrators from four well-known underground forums are part of Ripper.cc’s arbitration team.
"Nonetheless, there is no doubt that not everyone in the cybercriminal community will trust them," Marriott says.
For now, the operators of Ripper.cc seem content to monetize their service through advertisements. Currently, the site has only two advertisers, both underground sites. To advertise on the site, it costs $15 per month for a footer banner, $35 for a side banner, and $50 for a header banner.
The operators of the site appear to have considered other monetization options as well but have not implemented them yet. One is a subscription model where users would presumably pay a small fee to access the plugins. The other option that the operators of Ripper.cc have discussed is operating as an escrow agent and collecting a cut for each transaction.
If such a service becomes successful, cybercriminals could begin to operate with more confidence, Marriott says. "It will enable cybercriminals to significantly reduce the risks associated with rippers and the overall cybercriminal economy can become more profitable allowing for further growth."
About the Author(s)
You May Also Like
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
2022 Insurance Industry Cyber Threat Landscape Report
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report