Hacking courses offer cybercrooks tips on how to hone skills
Subjects range from basic fraud to managing botnets and evading arrests, RSA says
Computerworld - A growing number of experienced hackers have begun offering structured hacking courses for crooks seeking to make a career in cybercrime.
The courses range from the basics of online fraud to advanced courses on online anonymity tools, botnets, cleaning up electronic evidence and dealing with law enforcement, according to RSA, the security division of EMC Corp.
Often, the courses have a formal curriculum similar to that adopted by legitimate academic institutions, said Limor Kessem, a cyber intelligence expert at RSA, in a blog post Wednesday.
Many courses even have strictly enforced absentee policies where students are required to provide advance notice if they are unable to attend a class, or forfeit part of the fee for a missed session. Some of the courses come with offers to help graduates find jobs with underground cyber communities while in other cases, those teaching the courses vouch for their star pupils via underground channels, Kessem wrote.
The courses are typically advertised in known hacker networks. The classes are usually held via live Skype videoconferencing sessions with "professors" partaking in question-and-answer sessions with their students.
Seasoned hackers have always offered such advice to aspiring cybercrooks, said Berk Veral, senior product marketing manager at RSA. What's different now is the proliferation of such services, he said. Over the past few months, RSA has observed a sharp spike in the availability of online cybercrime courses, a majority of which appear to be based out of Russia or taught in Russian.
"We used to see one or two people advertising such courses in chat rooms and forums where cyber criminals hang out," Veral said. The number of such courses has increased significantly, he added. "The courses are much more organized with different curriculums and different courses for different skill levels," he said.
Some examples of the courses being advertised by cybercriminals include foundational courses that teach "students" the basics of credit and debit card fraud, how to avoid being caught by law enforcement and what information can and cannot be used in court. The price per lecture is typically 2,500 rubles or about $75, according to Kessem.
Many hackers also have begun offering online courses in "carding" techniques, or how to use credit and debit cards fraudulently. The courses, which are extremely popular, point students toward easy targets for carding and provide them with credit card numbers that have been tested and verified as good for use in fraudulent purchases. Advanced curriculums, which typically start at around $50, include a practical session where students are walked through the process of making a fraudulent transaction, Kessem wrote in the RSA blog.
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts