chinese hackers for hire

Introduction：

1、Digital Underground Offering Cheap Botnets For Hire

2、The Alleged Scammers Behind the Most Notorious Murder-for-Hire Site Have Been Arrested

Digital Underground Offering Cheap Botnets For Hire ♂

　　Perhaps even the cyber-criminals are effected by the recent recession – botnets for hire are hitting rock-bottom rates starting at just $2. We reported back in April 2010 about the Texas Man Who Pleaded Guilty To Bot Network For Hire.

　　They are becoming more multi-talented as well rather than just offering bot networks for DDoS attacks or Spam you can also hire them to get stolen credit card info, PayPal accounts, bank accounts for credit references, to set up a secure VPN and much more.

　　As always the bad guys are ahead of the game and adapting their ‘business model’ to suit consumer demands. It still not easy to get hold of these kind of services, but they are out there and as reported they are cheap.

　　Botnets for hire to launch your own spam campaign and stolen credit card information sold at the rock bottom price of $2 are just two of the commodities easily found on the cyber-crime black market today, according to a report released this month by Panda Security. The report, which was conducted by PandaLabs researchers who posed as cyber criminals, details a vast criminal network selling stolen bank account information in forums and dedicated online stores.

　　“This is a rapidly growing industry and cyber-criminals are aiding and abetting each other’s efforts to steal personal information for financial profit,” Panda Security officials note in a release on the findings. “The cyber-crime black market, which has traditionally centered on distributing bank and credit card details stolen from users around the world, diversified its business model in 2010, and now sells a much broader range of hacked confidential information including bank credentials, log-ins, passwords, fake credit cards and more.”

　　The report also delves into a detailed pricing system and the digital black market prices for various types of stolen information. However, PandaLabs discovered that while the information may be available, it can only be accessed by personally contacting the hackers who are promoting their information for sale on forums and in chat rooms.

　　It seems like $2 will get you a legitimate but unverified bank account or credit card number. It won’t however get you the verification number or the available account balance.

　　The bad guys are almost operating on a freemium model, offering basic card/bank details at close to nothing ($2) and then raising the price for additional information or in some cases larger credit lines/bank balances.

　　I’d imagine operating in such a way they are making quite a profit from their botnets, rather than just renting out the compromised machines they are also benefiting from the information stolen from the home desktops they have infected with their malware.

　　Once the information is in a criminal’s hands they can easily defraud any bank or credit card account long before the hack is discovered, the report claims. The data can be purchased for as little as $2 per card. But $2 will not provide the buyer with additional information or verification of the account balance available.

　　“If the buyer wants a guarantee for the available credit line or bank balance, the price increases to $80 for smaller bank balances and upwards of $700 to access accounts with a guaranteed balance of $82,000,” said researchers.

　　The report also details an intricate price structure for accounts with a history of online shopping or use of payment platforms such as PayPal. If stolen credit card numbers aren’t your thing, prices are also available for botnet rental to launch a spam campaign. The price range varies depending on the number of computers used and the frequency of the spam, or the rental period, the report reveals. Prices start at $15 and rise to $20 for the rental of a SMTP server or VPN to guarantee anonymity. One can also hire cyber criminals to assist with the set up of a fake online store to use rogueware techniques for stealing user details and profiting off unsuspecting victims who pay for fake antivirus products.

　　“There are also teams available to deliver turnkey projects, design, develop and publish the complete store, even positioning it in search engines,” the report states. “In this case, the price depends on the project.”

　　It seems like the criminals have quite an extensive ‘menu’ of offerings and can provide SMTP servers for spamming or VPN services to provide anonymity. You can also hire them to help you as a kind of cyber-criminal consultant to set up a fake online store or phishing site.

　　They offer the whole work-flow just like a professional software development company – design, deployment and even SEO services.

　　Pretty interesting stuff.

The Alleged Scammers Behind the Most Notorious Murder-for-Hire Site Have Been Arrested ♂

　　Five men believed to be behind the web’s most notorious murder for hire scheme were arrested in Romania this week, in part of an operation aimed at putting an end to the infamous dark web scam.

　　Since its inception in the 2010s, the operation has funneled users searching for ways to hire an assassin online to a site on the dark web. That site has gone by a series of different names; Besa Mafia, Camorra Hitman, and, most recently, the #1 Hitman Marketplace. Once there, users were asked to submit their target, information about how and when they would like them killed, and to pay a fee, typically $5,000-20,000, in Bitcoin.

　　The site was quickly identified as a scam, and yet thousands of orders flowed in over the years, along with plenty of paying customers. Husbands ordered hits on their wives, business partners sought assassins for their colleagues, a man who lost money on a sports betting website asked to murder the customer service rep who failed to return it to him, and a predator paid to arrange the death of a 14 year-old boy.

　　Romania’s Directorate for the Investigation of Organized Crime and Terrorism (DIICOT) says that it led the raids at the request of the United States; the Department of Homeland Security and the FBI have been investigating cases related to the operation for years. In a statement made after the arrests, DIICOT said that “authorities in the United States of America have determined that this group consists of five or more persons located in Romania, who acted in a coordinated manner to administer those sites and to launder money obtained as a result of instigating crimes to kill.” Five individuals and four witnesses were detained in the operation, a video of which the agency released along with the announcement.

　　The security analyst Christopher Monteiro gained access to the backend of the first scam site run by this group, Besa Mafia, in 2016, allowing him to see a full inventory of the ordered “hits,” which he would then pass along to the authorities. He published a number of blog posts exposing the operation, which angered Yura enough to hire someone to threaten him personally.

　　The operation is a scam, but its users are serious about their purchase, and intend to inflict real harms. Monteiro has access to this “kill list,” which I have viewed. Some of the names on that list now belong to homicide victims, killed by the person who originally made the order. Others know that someone in their lives wants them dead, which amounts to a unique form of psychological abuse. I reported extensively on the operation, and the database of evidence it yielded, for Harper’s Magazine in 2020. After years of mostly ignoring his tips, in 2020, authorities began taking them seriously. Since then, Monteiro estimates that around 25 arrests have been made of individuals who have paid to have people killed through the website. (Neither DIICOT nor the DHS immediately responded for a request for comment.)

　　But the team behind the site orchestrating it all remained elusive. For years, authorities were unclear who was behind the operation; all communications were conducted by a figure who went as “Yura.” Yura would communicate with users who sent messages inquiring into the hitman services, encouraging them to order and easing their concerns in broken English. It was long believed, on the evidence of those chat logs, that he or they resided in Eastern Europe, and Romania, which has a reputation for fostering a culture friendly to web scammers. Yura even conducted interviews, his voice disguised, for TV segments; and yet his identity and whereabouts were unknown.

　　Even after the raids, it’s still unclear whether this was the work of one person who grew an operation to the point it needed support from a team, or if it was always a larger effort. The website itself evolved over time, from a clunky and simple page reminiscent of Geocities-era web to one that hosts putative forums, user profiles, and a (slightly) more modern design, replete with gruesome images intended to relay a proof of concept.

　　The DIICOT says that the damages of the operation are believed to be around 500,000 euros, though if the scammers held onto the bitcoin they collected back in 2016, it would be worth far more than that today. And whether it’s enough to shut down the operation for good is an open matter; it is easy enough for another to keep running the scam. Furthermore, there are still thousands of people who have contacted Yura about hiring a hitman, and submitting the name of a person they want dead.

　　This is why Monteiro is ambivalent about the news of Yura’s apparent apprehension, despite years of working to shed light on the operation and its victims. “It’s great an international law enforcement operation took down these criminals, but when will they ever proactively investigate the thousands of names on the kill list?” Monteiro wrote me in a message.

　　Finally, even if Romanian authorities and U.S. agencies do manage to shut Yura’s operation down, it has already proved successful enough to inspire copycats around the web. Another site, which appears to be operated by different people, and claims to serve the Russian region primarily, is fully operational. I downloaded a Tor browser and logged on, found a link to the Telegram chat of the “Jabba Syndicate” and inquired into getting a hitman in Los Angeles. They replied within minutes.

Related questions

The topic of "Chinese hackers for hire" encompasses several critical dimensions, including cybersecurity, legal implications, ethical considerations, and geopolitical context. Here's a structured overview:

1. Understanding "Hackers for Hire"

• Definition: Individuals or groups offering hacking services, which can range from ethical (e.g., penetration testing) to illegal activities (e.g., data theft, DDoS attacks).
• Legality: Hiring hackers for illegal purposes is a criminal offense globally, with penalties including fines and imprisonment. Ethical hacking requires explicit authorization.

2. Attribution Challenges

• Geographical Misconceptions: Labeling hackers as "Chinese" may not reflect their actual location or affiliation. Attackers often use proxies or compromised systems to mask origins.
• State-Sponsored vs. Independent Groups: While groups like APT41 have been linked to Chinese state-sponsored activities (e.g., cyber espionage), independent cybercriminals also operate. China denies government involvement in hacking.

3. Cybersecurity Threats

• Reported Activities: Allegations include intellectual property theft, espionage, and ransomware. Cybersecurity firms like FireEye and CrowdStrike track such groups.
• Protection Measures:
  • Implement strong firewalls, encryption, and multi-factor authentication.
  • Conduct regular security audits and penetration testing by certified ethical hackers.
  • Train employees on phishing and social engineering tactics.

4. Legal and Ethical Considerations

• Risks of Illicit Hiring: Engaging hackers via the dark web poses risks of scams, legal action, and exposure to further attacks.
• Ethical Hacking: Legitimate services require certifications (e.g., CEH) and adherence to laws like GDPR or HIPAA.

5. Global Response

• International Cooperation: Agencies like INTERPOL and national bodies (FBI, China’s Ministry of Public Security) collaborate against cybercrime, though geopolitical tensions can hinder efforts.
• Diplomatic Context: Cyber allegations often intersect with international relations, as seen in U.S.-China dialogues on technology and security.

6. Recommendations for Organizations

• Proactive Defense: Use threat intelligence platforms to monitor emerging risks.
• Incident Response Plans: Prepare for breaches with clear protocols for containment and communication.
• Collaboration: Partner with cybersecurity firms for real-time threat detection and response.

Conclusion

While "Chinese hackers for hire" may evoke concerns about cyber threats or interest in hacking services, it is crucial to prioritize legal compliance and robust cybersecurity practices. Understanding the complexity of attribution and investing in preventive measures are key to mitigating risks in an interconnected digital landscape.