The underground economy is a large group of websites that make it possible for hackers and fraudsters to trade illegal services and stolen goods such as credit card and online account credentials.
And there’s a rather straight-forward method in which operations typically take place in the underground, one that involves sellers, buyers, and sometimes forum moderators and administrators who help make sure the transactions are ‘legit.’ But the underground economy is riddled with fraudsters whose only interests are to rip off other fraudsters.
They say “there’s no honor among thieves,” and, at least in the underground, that couldn’t be truer. After all, the underground is designed to enable the trading of illegal goods while sellers remain anonymous. This anonymity enables sellers to stay protected, but also increases their threat of being ripped off ten-fold. After all, if you can disconnect, change your nickname, and come back minutes later with a fresh identity, you can rip people off forever.
These individuals who rip people off, aptly named “rippers,” are basically scammers targeting scammers, and they’re the most hated members of the underground community. Rippers pose as legitimate vendors offering goods such as compromised online banking accounts or credit cards, or various services ‘real’ fraudsters look for. The moment they get paid for these goods or services, they disappear.
Rippers would rip off fraudsters for nickels and dimes, while some can successfully rip thousands of dollars off fraudsters. In fact, there are so many rippers in the underground economy that a lot of the underground trading ‘etiquette’ is specifically designed to thwart any rip off attempt.
In the “old days,” if a vendor wanted to sell something such as stolen credit card credentials in the underground, they needed to first get verified by forum administrators. To do this, they’d send a free sample to the administrators and wait to be reviewed. Just like a food critic, vendors’ products and level of service would be scrutinized; only with a passing review were they were given a ‘Verified Vendor’ status, a type of “stamp of approval” from the board certifying that the vendor was “legit” (and that he or she wasn’t a ripper).
“A ‘Verified Vendor’ status meant a huge increase in business, as they were considered trustworthy. Of course, some verified vendors proved to be turncoats and misused this trust, ripping off buyers when the opportunity was ripe.” In order to sell goods, the new verified vendor would then start a thread in a section of a forum where only vendors can create threads, and would receive feedback from customers.
While higher-tier underground forums may still work this way, many of the English-language underground boards, ravaged by a string of arrests by Western law enforcement agencies, are now much less sophisticated. Becoming a Verified Vendor is still an option, and a way to increase one’s credibility in the underground. But most vendors don’t bother getting verified and instead post in the free-for-all areas of a forum.
The Underground Escrow
It should be noted that these free-for-all areas have always existed. After all, not all fraudsters have enough goods to sell that they can afford giving administrators free samples. And, naturally, these free-for-all areas come with a higher risk of being ripped off. To alleviate this situation at least somewhat, a new solution arose: The escrow. An escrow service acts as a mediator between two parties making a financial transaction and is meant to ensure no one loses their funds due to a scam.
The escrow in the underground economy is usually offered by the forum administrator or another long-standing and trustworthy member of the community. Since most of what fraudsters trade is data (compromised credentials), their goods are easily transferable.
The escrow is pretty straightforward:
An escrow receives from the items being sold from the vendor in order to make sure the vendor is not trying to rip off buyers. The escrow also receives money from the buyer (since rippers posing as buyers and asking for “samples” in the attempt to get free stuff is also a thing), and once the escrow has confirmed that both parties have held their end, the vendor gets the money, the buyer gets the items and the escrow retains a fee. The underlying rule is simple: if one party requests an escrow.
Rippers will continue to exist as long as the underground exists, and as long as there will continue to be anonymous trading of illegal goods. If fraudsters see themselves not as cybercriminals but rather as businessmen, being a ripper is simply a niche, and there’s enough skin in the game to make it worthwhile.
About Uri Brison
Uri Brison is CEO of LogDog. The LogDog anti-hacking solution protects the most popular online account types (including Gmail, Facebook, Dropbox and more) by detecting unusual access activity and alerting users so they can take control of their accounts before hackers do.