13 ways lone criminals, mafia and terrorists are making money online.
Table of Contents
- Are you affected ?
- 13 ways criminals make money online
- Hijacking accounts
- Stealing bank account details
- Identity documents theft
- Selling replica of brand name goods.
- Selling fake or bad quality medicines, steroids and cosmetics.
- Business of human suffering
- Taking control of your PC and using it as a proxy.
- Spamming the internet.
- The zombie, the bot, it’s master and his network.
- Your PC has been kidnapped.
- All your sites are belong to us
- Captain Common sense will protect you
The internet is the brave new frontier of our time. It is like a country with an ever expanding border and a booming economy. There are more people online today than there were yesterday and the internet is here to stay. No one controls what or who goes on it. There are ongoing attempts by governments to control the internet but it is just too amorphous to be boxed down by written laws.
Most law agencies are ill-equipped or understaffed or both to control the internet. The scale is way too big and it goes across national boundaries. The very anonymity, anything-goes nature and the rich economy has attracted criminal hordes of every type. You can find the dim witted lowly scammer to big criminal syndicates online. Gone are the days, when online fraud and crime was the domain of a brilliant few who were trying to make some cash to fund their hobby or fuel their ego trip. The amount of money involved is staggering and it only takes brilliance and small amount of startup capital to make bank, the wrong way.
I am online since 1998 and and have a curious mind. In all these years I have rooted around and had a glimpse of the internet’s underbelly. It is not pretty. I have tried to understand how it works and this article is my attempt to organize the information in an easy to understand way.
Are you affected ?
Yes you are. It is you, your credit card, debit card, banking info that the criminals use to line their pockets. There are uncountable horror stories of people who had their cards maxed and bank accounts emptied in matter of minutes. Even if your financial information is secure, they still can make money off you.
The most worrying aspect is that an unknown portion of this ill-gotten money is possibly being used to fund criminal activities such as drug trafficking, prostitution, human trafficking, organ trafficking, terrorism in the real world.
13 ways criminals make money online
1. Stealing your credit card, debit card details.
2. Hijacking accounts you have with online payment services, shipping companies, ecommerce sites.
3. Stealing bank account details.
4. Stealing your identification details such as social security number (USA), driving licence, PAN card (India), passport and other details to apply for new credit cards, offshore bank accounts etc.
5. Selling replica of brand name goods.
6. Selling fake medicines, steroids and cosmetics.
7. Taking control of your PC and use it as a proxy server.
8. Spamming emails, chat services, VOIP, forums, blogs and social media sites.
9. Using your machine as part of a botnet to launch DDOS attacks and renting out the attack services to other criminals.
10. Using your machine to install adware, malwares, spywares and earn money by displaying ads to you.
11. Install software that locks your computer and demands payment to unlock it.
12. Take control of your website/blog and sell downloads from it.
13. Take control of your site and sell the traffic your site receives.
Criminals can steal card details from a. Your computer b. From a website where you may have bought something. c. From a ATM machine you have used. d. From a hacked Point Of Sale machine in a shop, restaurant, hotel etc. The credit card/debit card is than used to buy goods, services or transfer money. They (criminals) also sell your credit card details to other thieves to earn money. There are many under ground online markets where stolen credit card/debit card details are sold or traded. Actual , real life example of ordinary criminals and organized mafia selling credit card information Credit card dumps on sale As you can see they are also selling credit card and debit card details of Indians. Most of the credit card information available at the above shop was stolen using hacked POS / ATM machines. So next time you go out to shop and flick out your credit/debit card, be careful. Here is another example. Debit card dumps on sale These card were most likely stolen from websites and personal computers. To hijack accounts, criminals use phishing sites or steal account details from your computer. Accounts with Amazon, Paypal, Ebay, Fedex, Walmart, Target, Alertpay are especially targeted. For example paypal accounts are sold for $2 to $5. Most of these paypal accounts have balance that the criminal or the buyer can use to buy products or services. Some of them have added their own twist to the methods. For example, Criminal A pays $100 to Criminal B. After receiving the money, Criminal B sends $1000 through Western Union Money Transfer. Criminal A gets a MTCN number within an hour and he can cash out at any Western Union office. Needless to say, the criminal uses stolen credit cards to send the money transfer. Bank account details are stolen from personal computers using trojans, keyloggers, malwares etc. Taking cash out of a bank account is difficult so more organized criminals with multiple operatives use this method. The modus operandi is somewhat similar to international drug smuggling through airports. Let me give you an example. a. Criminals recruit people to act as money couriers. The money couriers are told that they will receive money in their bank accounts. All they have to do, is keep a percentage of the funds and transfer rest through Western Union or other methods to the criminals located in another country. b. The criminals have access to bank accounts of many companies and individuals. The log in to the online banking panel and transfer money to the money courier’s bank account. Some criminals also get access to computers located in the office of various companies and add the money couriers as fictitious employees on the target company’s payroll and than proceed to transfer payments to those fake employee bank accounts. c. The money courier checks his/her bank account, withdraws the money and sends a portion of the funds to the criminals. Bank account and Paypal accounts being sold Sooner or later the bank or the victim company discovers that money is missing. They contact the bank of the money couriers and calls in the law enforcement. The money couriers are the ones who get caught and jailed, the main criminals behind the operation are rarely apprehended. Criminals steal SSN, driver’s license, passport details etc. and sell them to other criminals or use it themselves to create false document, get a bank account, credit cards and other services. I will not go in to the details but here is a underground store that sells such information. SSN for sale Open your browser , do a search for “replica bags”, “replica watches” and you will find them. Lately banks and credit card processors are coming down heavily on replica sellers and shutting them down. There is nothing overtly wrong in copying a bag, apparel, watch design and than selling it. The scamming part comes in when sellers try to fool buyers in to thinking they are buying real brand name items and are sold replicas instead. It is analogous to paying for a gold coin and getting a gold plated brass coin in return. There are many shops online that expressly declares that the goods you see are replicas of brand name goods. The quality however is questionable and it is likely that the item you receive will not be worth of what you paid. This is industry is worth few hundred millions US dollars, per year. Criminals send spam emails to find victims and than sell them medicines. People from USA, UK, Europe, Australia are the biggest victims. Medicine is costly in those countries and not many people can afford them. For example Amoxicillin Clavulanate Pottasium is a potent anti biotic that is commonly prescribed by doctors to patients, who are suffering from severe infections. This medicine is sold in the USA under the brand name Augmentin. It costs anywhere from $45 to $96 for 20 tablets plus the cost of doctor’s fee for prescription, which is mandatory. This makes the tablet costly for the majority of Americans. Contrast this to India, which has a highly developed chemical, pharmaceutical and bio tech industry. Almost all medications and many vaccines are produced in huge quantities in India for domestic and export purposes. 20 tablets of Amoxicillin Clavulanate Pottasium from Cipla sold under the brand name of Amoxicure costs about Rs. 360.00 (many local pharmacies in cities like Kolkata will also give you 10% discount) . There are cheaper variants available for Rs 65 / 20 tablets. The scammers setup online pharmacies and tell their American or European customers that the medicines are being sourced from India, but in reality they buy fake medicines from China or lawless countries like Pakistan and ships them to their customers. The same thing happens with steroids, cosmetics etc. The scammers hunt for victims using spam emails, banner ads, postings on various forums, search engine rankings in Google, Yahoo, Bing etc. Having said that, there are honest online pharmacies too that source real medications from India and ships them to customers, but it is very hard to find them. The criminals need to hide their real location to avoid capture. They use proxy servers to do their job or attack their victims. A proxy server hides the real IP address of the criminals and helps them to remain anonymous. Criminals uses rootkits, trojans, spyware to take control of your PC and than uses it as a gateway to conduct their activities. The victim’s computer, bank computers etc. think that the attack is coming from your computer. So if you get a sudden visit from the local police, do not be surprised. To them, it is you who is doing the crime. However, law enforcement agencies and companies are clever enough to realize what is happening. Bot proxies being sold Selling of hacked / bot proxy is a big business. There are dedicated groups who control thousands of machines spread across the entire world. These groups rent out the IP address list of those hacked computers to other criminals for a set amount of money. Here is a service that sells really sophisticated, highly anonymous, rotating proxies. Criminals behind such proxies are very hard or almost impossible to track. This is a service with diverse set of requirements and tools. Spam can be broadly classified in to targeted spam and general spam. There are groups who have extensive databases of people with email address, address, phone numbers etc. This databases are grouped according to interest. They have databases of people looking to buy medicines, people who want jobs, people who want to date, people who are into a particular industry etc. Un-themed spam non discriminatory in nature and is sent to anyone whose address is on a list. There are different types of spam. a. Email spam b. Forum spam c. Blog spam d. Social network spam e. Phone spam f. SMS spam h. Chat room / messenger spam. i. Flooding Tools such as spam sending software, chat bots, login information, spam servers, databases, flooding service etc. are all available for sale. The scale of operation is so big that even 0.2% of targets converted in to victims mean substantial profits. To give you an idea, say a spammer sends 10 million emails in a day, and tries to sell a medicine or some other popular product for $50.00. If 0.2% people, pay $50, the spammer earns 1 million US dollars. Profits from this enterprise is big and lucrative. Most countries have lax laws regarding spam and this help the criminals to continue their business unchecked. A bot is a software that resides on a hack computer and connects to the internet in the background. A bot can do anything it’s creator has programmed it for. It can a. Take complete control of your PC b. Log everything that you type and send it over to it’s controller. c. Watch you through a webcam connected to the computer. d. Use your internet connection to hack other computers. e. Steal everything that is on your computer. A botnet is a collection of hundreds of compromised computers running a bot. Botnets are huge business in the criminal underworld. These botnets are used by the controllers for the purposes mentioned above or they are hired to other criminals. Data logs collected from botnets are sold to other criminals who than search for account information, credit card numbers etc. Selling of bot software is also a common and profitable business in the underworld. There are few bot software like ZeuS which are highly effective and sophisticated and command premium prices. The source code of the bot is sold for $500 to $800. There are support services for installing Zeus, administration of the botnet too, all of which are available by paying a monthly fee. Here is a real life example of a criminal selling ZeuS bot software Bot software on sale. Botnets are also used to launch massive DDoS attacks to overwhelm or take down websites and servers. DDoS botnets are sold for $200 to $2000. Price depends on number of bots, percentage of bots online and features of the bot. This is an insidious way to earn money. The criminals hack your computer and installs a malware on your computer. At a set time, the malware goes active and displays a message that demands you send money to unlock the computer. After you pay up the criminals will send you a password to unlock your computer. Although it does not remove the malware. If you do not pay up within a set amount of time, the malware can delete all files on your computer. The malware meanwhile might have already stolen files, passwords etc. from your computer. Ransomware Screen Ransomware screenshot The above pictures, show two real life example of computers infected with a ransom demanding malware. These malwares are rarely sold in the underground markets. The crime is so profitable that the criminals who develop it, keep it for themselves. Criminals easily make upwards of $100,000 per month from ransomware. Criminals hack vulnerable webservers and install shell scripts written in PHP, Python, Perl and take control of your website. A site owner will not even suspect that his site is hacked. The criminals do not deface or damage your site’s pages in obvious ways to avoid being discovered. These shells are hot properties in the underground market. The shells are sold according to a. The traffic a site or server receive. b. The Google pagerank of the website on which the criminal has a shell. c. The kind of rights the shell has on the files located on the server. d. The exclusivity of the shell. Shells which are shared among multiple criminals, costs less than that of dedicated shells meant for one criminal only. The criminals than use this shells to put hidden links on webpages with high pagerank, redirect traffic to their own websites to earn from advertisements, change affiliate advertisement codes, change Google adsense codes, infect visitor’s computer to install bot or adware etc. If done well, these schemes can easily earn hundreds of thousands of dollars per month for these criminals. The underground market is huge and there is little that the law enforcement can do to punish these criminals. These leaves ordinary, innocent people like us vulnerable to theft and other serious crimes. There are no easy way to stop such crimes except shutting down the internet which is not possible. All we can do is to be aware and teach others to avoid being a victim. Here are some simple steps you can take to be safe 1. Do not download and install pirated software. This is easier said than done. But if you want to be safe, follow this maxim. 2. Always have a good, paid and updated antivirus on your system. 3. Make sure you have a secure and updated browser. Firefox and chrome are good choices. 4. Do not access your bank account, credit card, debit card from a shared computer in office, cyber café, friend’s home. Always use your own computer that is used by no one but you. 5. Do not visit questionable sites. 6. Always run antivirus scan on files you receive through email. 7. Do not send SMS to or call unknown numbers you see on the internet or on your phone. 8. Try to use ATM’s that are located inside bank premises or ATM’s that are in well lit and guarded areas. If you feel something is wrong with the ATM or ATM room, just walk away. 9. Avoid using your credit card at unknown shops, restaurants, petrol pumps. Use cash instead. 10. Trust your paranoid instincts. If you feel something is not right, do not take chances. (861)
Hijacking accounts
Stealing bank account details
Identity documents theft
Selling replica of brand name goods.
Selling fake or bad quality medicines, steroids and cosmetics.
Business of human suffering
Taking control of your PC and using it as a proxy.
Spamming the internet.
The zombie, the bot, it’s master and his network.
Your PC has been kidnapped.
All your sites are belong to us
Captain Common sense will protect you
What people visiting this page search for:
Share and Enjoy
Some More Nuggets of Wisdom:
[...] 13 ways lone criminals, mafia and terrorists are making money online. [...]
Like or Dislike this Comment ::==>
0 
0