Hackers outsource the risk and reap the rewards
A cyber crime ring known as Vendetta Brothers Inc. has distinguished itself in the world of online theft by relying on tactics more familiar to real-world criminals. A profile published by security vendor FireEye highlights how this ring, run by a pair of hackers known as “1nsider” and “p0s3id0n”, has achieved a level of success and longevity that is rare in the world of cyber crime.
The group primarily pursues point-of-sale targets and sells data that it is able to harvest online. Most groups would coordinate and deploy the attack using its own resources. Vendetta Brothers Inc. stands apart by outsourcing the most time and labor intensive technical aspects of the attacks.
This strategy has two primary benefits. First, it allows the group to implement a larger number of attacks and reap a greater number of rewards. Second, and more significant, the group is able to insulate itself from investigation. The people actually perpetrating the attacks are separate enough from Vendetta Brothers Inc. that if they were ever to be caught they would not be able to lead investigators back to the hackers at the top of the cyber crime ring.
The groups is hardly the biggest collection of point-of-sale hackers. Since the researchers at FireEye began studying Vendetta Brothers Inc. the group has posted the data for around 9,400 payment cards on its online marketplace. Some other groups have posted data for hundreds of thousands of cards. However, Vendetta Brother Inc. is operated by a pair who is able to reap the majority of the rewards for data theft while avoiding the primary share of the risk.
The group relies on a number of tactics to steal data. In some cases they simply post ads on the dark web looking for hackers who have already gained access to point-of-sale systems. In others they send out spam emails with malware embedded in attachments. They extend their operation into the real world by installing card skimmers on bank machines along with discreet video cameras able to record information displayed on the screen and typed in to the keypad. By relying on multiple methods, Vendetta Brothers Inc. is able to minimize the risk of detection and discovery.
Summarizing the problem, FireEye researchers wrote “Despite the Vendetta Brothers’ relatively small operation, they nonetheless emulate proven practices from both business and organized crime that indicate thoughtful planning on how to maximize profit and minimize risk.”