Hacking courses offer cybercrooks tips on how to hone skills
Subjects range from basic fraud to managing botnets and evading arrests, RSA says
Computerworld - A growing number of experienced hackers have begun offering structured hacking courses for crooks seeking to make a career in cybercrime.
The courses range from the basics of online fraud to advanced courses on online anonymity tools, botnets, cleaning up electronic evidence and dealing with law enforcement, according to RSA, the security division of EMC Corp.
Often, the courses have a formal curriculum similar to that adopted by legitimate academic institutions, said Limor Kessem, a cyber intelligence expert at RSA, in a blog post Wednesday.
Many courses even have strictly enforced absentee policies where students are required to provide advance notice if they are unable to attend a class, or forfeit part of the fee for a missed session. Some of the courses come with offers to help graduates find jobs with underground cyber communities while in other cases, those teaching the courses vouch for their star pupils via underground channels, Kessem wrote.
The courses are typically advertised in known hacker networks. The classes are usually held via live Skype videoconferencing sessions with "professors" partaking in question-and-answer sessions with their students.
Seasoned hackers have always offered such advice to aspiring cybercrooks, said Berk Veral, senior product marketing manager at RSA. What's different now is the proliferation of such services, he said. Over the past few months, RSA has observed a sharp spike in the availability of online cybercrime courses, a majority of which appear to be based out of Russia or taught in Russian.
"We used to see one or two people advertising such courses in chat rooms and forums where cyber criminals hang out," Veral said. The number of such courses has increased significantly, he added. "The courses are much more organized with different curriculums and different courses for different skill levels," he said.
Some examples of the courses being advertised by cybercriminals include foundational courses that teach "students" the basics of credit and debit card fraud, how to avoid being caught by law enforcement and what information can and cannot be used in court. The price per lecture is typically 2,500 rubles or about $75, according to Kessem.
Many hackers also have begun offering online courses in "carding" techniques, or how to use credit and debit cards fraudulently. The courses, which are extremely popular, point students toward easy targets for carding and provide them with credit card numbers that have been tested and verified as good for use in fraudulent purchases. Advanced curriculums, which typically start at around $50, include a practical session where students are walked through the process of making a fraudulent transaction, Kessem wrote in the RSA blog.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts