Cyber-criminals can rat on rippers using new reputation service
Cyber-criminals can rat on rippers using new reputation service

Anyone who has ever spent any time trawling the Dark Web will appreciate what a den of inequity it is. Cyber-criminals use forums as marketplaces to trade in everything from stolen credit cards to exploit kits that help steal those credit cards in the first place.

The trouble is, there doesn't tend to be much loyalty amongst thieves. "Fraud between cyber-criminals has always been an issue that limited the profitability of their malicious campaigns" the Digital Shadows report states.

Those who commit fraud are often known as rippers, and every transaction within these dark markets now includes a “ripper tax” that decreases the profit for “legit criminals”.

The thing is, as Marc Sollars, CTO at Teneo told SC Media UK  “Being a hacker rarely means a lucrative income” as a Palo Alto report from last year confirmed. It found that the average annual earnings for a cyber-criminal was just $30,000 (£24,000). “Considering the money and effort involved,” Sollars continues, “hackers are inclined to penetrate easy targets and achieve quick wins before moving to the next victim.”

We should point out that grassing on “the badder guys” is nothing new: a Russian concern called Kidala went online in 2005 and has been operating ever since. However, the creators of Ripper.cc have been quick to allege that reporting of fraud at Kidala is sometimes done to compromise a competitor, and it is possible to remove a blacklisting by bribing the owners.

To get around these problems, Ripper.cc has put together an arbitration team consisting of administrators from four of the best-known underground crime forums.

What's more, Ripper.cc has distributed Firefox and Chrome extensions that highlight when you are chatting or dealing with a known ripper and is accepting adverts (with a rate card) to monetise the project.

Ripper.cc is also looking to profit from being a source of this data, and currently has a couple of advertisement running, with a rate card for anyone else who might be interested.

So, does this all point to the industrialisation of cyber-crime and how does that impact upon the security industry and efforts to combat it?

A Digital Shadows spokesperson told SC "there is certainly a desire to monetise the service, but the other driver appears to be to actually improve the marketplace as a whole. If you can eliminate as many rippers as possible then the overall profitability of the marketplace increases; the fewer rippers there are the worse it is for defenders.”

Richard Henderson, global security strategist at Absolute, adds, "building a reputational forum for ‘legitimate' attackers to ply their wares is only the latest step in the cyber-crime business world." Hendersons points out that it allows the best and most prolific hackers to “build their brand” in the same way that businesses do.

Dr Jamie Graves, CEO at ZoneFox compares cyber-crime to a Saw horror movie saying "these criminals keep finding worse ways to torture people" and admitting "their code is becoming more sophisticated and their tactics slicker."

Meanwhile, Dr Mike Lloyd who is CTO at RedSeal says it clearly shows criminals are "highly sensitive to the cost/benefit trade-offs – they attack where it's easiest, and like any profitable business, they are sensitive to costs, and move to increase efficiency." This means that, as a defender, becoming more expensive to attack is a good strategy.

Jason Steer, solutions architect, EMEA at Menlo Security warns that "as levels of criminal professionalism rise, the quality and availability of exploits and toolkits used will improve, making it harder for vendors to detect and stop them."

Tony Anscombe, senior security evangelist at Avast thinks the problem is that "cyber-crime is no longer about having the technical expertise to write the code; it's about having the know-how to drive distribution to a level that gets a profitable conversion rate."

And, as Stephen Gates, chief research intelligence analyst at NSFOCUS concludes "the security industry is facing new challenges as the sophistication of hackers has continued to advance beyond anyone's estimations. Being motivated strictly by money is a powerful impulse, and if hackers can continue to gain large sums of money by continually defeating people's defences, then the problem will endure."

SC Media UK did a quick bit of digging itself, and found that the Ripper.cc domain is registered to a company called Dataflow Ltd in Belize. The admin contact being one Haber Sanchez. We were unable to discover if this was a false trail, and our efforts to contact Mr Sanchez met nothing but silence.

What we can say with some certainty is that the development of Ripper.cc is yet more proof that cyber-crime is evolving to become a mature, market-based, economy where reputation and brand really matters.