Hacking Courses Offer Cybercrooks Tips on How to Hone Skills
A growing number of experienced hackers have begun offering structured hacking courses for crooks seeking to make a career in cybercrime.
Thu, September 19, 2013
Computerworld — A growing number of experienced hackers have begun offering structured hacking courses for crooks seeking to make a career in cybercrime.
The courses range from the basics of online fraud to advanced courses on online anonymity tools, botnets, cleaning up electronic evidence and dealing with law enforcement, according to RSA, the security division of EMC Corp.
Often, the courses have a formal curriculum similar to that adopted by legitimate academic institutions, said Limor Kessem, a cyber intelligence expert at RSA, in a blog post Wednesday.
Many courses even have strictly enforced absentee policies where students are required to provide advance notice if they are unable to attend a class, or forfeit part of the fee for a missed session. Some of the courses come with offers to help graduates find jobs with underground cyber communities while in other cases, those teaching the courses vouch for their star pupils via underground channels, Kessem wrote.
The courses are typically advertised in known hacker networks. The classes are usually held via live Skype videoconferencing sessions with "professors" partaking in question-and-answer sessions with their students.
Seasoned hackers have always offered such advice to aspiring cybercrooks, said Berk Veral, senior product marketing manager at RSA. What's different now is the proliferation of such services, he said. Over the past few months, RSA has observed a sharp spike in the availability of online cybercrime courses, a majority of which appear to be based out of Russia or taught in Russian.
"We used to see one or two people advertising such courses in chat rooms and forums where cyber criminals hang out," Veral said. The number of such courses has increased significantly, he added. "The courses are much more organized with different curriculums and different courses for different skill levels," he said.
Some examples of the courses being advertised by cybercriminals include foundational courses that teach "students" the basics of credit and debit card fraud, how to avoid being caught by law enforcement and what information can and cannot be used in court. The price per lecture is typically 2,500 rubles or about $75, according to Kessem.
Many hackers also have begun offering online courses in "carding" techniques, or how to use credit and debit cards fraudulently. The courses, which are extremely popular, point students toward easy targets for carding and provide them with credit card numbers that have been tested and verified as good for use in fraudulent purchases. Advanced curriculums, which typically start at around $50, include a practical session where students are walked through the process of making a fraudulent transaction, Kessem wrote in the RSA blog.