14 DAY TRIAL // Cyber-crooks don't need to worry about the language barrier anymore while scheming to defraud individuals or financial institutions. A new underground service offers social engineering services to scammers in multiple languages, Dancho Danchev, an independent security consultant, warns.
As the security reasearch shows, identity theft can prove to be a profitable business, illegal that is. This has caused this particular area of the Internet underground to shift in the recent years from the ill-intentioned guy with some computer skills level to the full-blown organized gangs that have ties or are controlled by crime syndicates in several countries.
Identity theft proves no difference when compared with any emergent business sector in respect to infrastructure and the complexity of the services offered. The stolen identities are traded on organized boards and forums, like the one the FBI shut down not so long ago. Furthermore, the malware is distributed and controlled from servers hosted by legit companies, like the ones who's operations were recently halted, and spam distributors can be contracted and payed through systems that closely resemble the ones used by the online advertising networks, like the HerbalKing operation.
In this context, it is not surprising that new online businesses are opening their services to cyber-crooks every month. This is what prompted Dancho Danchev to say that “If I were to come across this service last year, I'd be very surprised. But coming across it in 2008 isn't surprising at all, and that's the disturbing part.”
The service that offers to “talk cybercrime on behalf of you” is available in five languages, and at least one male and one female voice available for each language. Complex and successful schemes usually require a certain level of social engineering, like calling the bank and confirming a transaction or request over the phone, while impersonating the victim.
Fortunately, since the majority of these groups operate from non-English speaking countries, the explosion of really serious, large-scale incidents has been partially prevented by the obvious language limitations. This can also be noticed in the poor spelling that generally characterizes spam e-mails. Services like the one Mr. Danchev discovered have the ability to change all this, and, considering that the authorities can hardly keep up with the number of identity theft incidents, they could have a really dramatic impact on the millions of Internet users.
Since the English-speaking consumers are the identity thieves' preferred target, the service that claims to be able to “properly scam an international financial institution” offers no less than three male and two female voices to make phone calls that require verbal interaction in English at costs ranging from $9 to $6, depending on usage discounts. The other supported languages are German (2 male voices and one female voice), Spanish (1 male and 2 female voices), Italian (1 male and 1 female voice), and French (1 male and 1 female voice).
Even though it is well organized, the service has its downfalls, which Mr. Danchev clearly points out. The most important drawback is trust, as having to provide the service's employees with the information used in their fraudulent operations translates to unwanted exposure for the cyber-crooks, who generally prefer to keep to themselves.
This reflects the lengths that fraudsters are willing to go to in order to increase their profits, as there would be no such services if it wasn't a demand for them. It also shows the level of innovation that characterizes the online underground businesses. “Despite that monetizing social engineering is not new, monetizing (accomplice) voices, and running a social engineering ring definitely is,” Dancho Danchev concludes.