Week 7 - Monetisation of cybercrime Flashcards
(10 cards)
What is the difference between profit centres and support centres in the underground cybercrime economy? (6 marks)
Profit centres: introduce new money into the underground market. Examples: spam, ransomware, click fraud, credit card theft.
Support centres: provide infrastructure and services that enable profit centres to function. Examples: exploits kits, CAPTCHA-solving, proxies.
Profit centres rely on support centres; disrupting the latter can destabilise the entire cybercrime operation.
Describe how money mules and reshipping mules are used to monetise stolen credit cards (7 marks)
Money mules: receive funds from stolen accounts and transfer them via anonymous methods (e.g., Western Union)
Reshipping mules: receive products bought with stolen cards and re-ship them overseas.
Mules are often unaware, recruited via fake job ads; mules face legal risk (criminals avoid direct involvement). Mules are used for ‘card-not-present’ fraud or cloning cards for physical purchases.
What is an exploit kit and how does it facilitate cybercrime monetisation? (6 marks)
Exploit kit is a toolkit used to infect victims via drive-by downloads on compromised/malicious websites. This includes explooits for various vulnerabilities + payload delivery tools. The exploit kit automatically matches exploits to user system (fingerprinting).
Cybercrime monetisation enables mass infection without needing phishing/social engineering. Blackhole kit was one of the most popular and supports pay-per-install and ransomware monetisation.
Summarise how the underground market self-regulates to manage dishonesty among criminals (6 marks)
The forums vet new buyers/sellers through interviews and reputation checks. It require recommendations or proof of past criminal activity. The underground market uses escrow (buyers send money to admin, who releases it once satisfied).
Some of the forums watermark content to detect leaks. These mechanisms reduce scams and help build trust in a dishonest ecosystem.
What role do fake online accounts and social media manipulation play in cybercrime monetisation? (5 marks)
Fake online accounts are used for spam, phishing, promotion of illegal goods. These accounts can be fake or compromised real ones. This can boost credibility (fake likes/ followers/ review).
Prices vary (e.g., $1 - $20 for 1000 Twitter accounts). This supports scam by building fake reputations or driving traffic.
Explain how cybercriminals monetise stolen online accounts. Include expamples (6 marks)
1) Sell login credentials on underground markets (e.g., Netflix, PayPal, Amazon)
2) Use accounts to make fraudulent purchases or withdraw funds
3) Exploit saved payment information on file
4) Hijack email accounts for phishing or spam campaigns
5) Accounts with strong reputations (e.g., eBay, Uber drivers) are more valuable
What is ‘exploit-as-a-service’ and how does it lower the barrier to cybercrime? (6 marks)
It is a rental model for exploit kits offered on underground forums. It enables non-technical users to deploy malware. They bundles hosting, updates, and customer support.
This is typically charged on a pay-per-install basis. It makes the malware deployment accessible and scalable. This increases the overall cybercrime by reducing skill and cost barriers.
Describe the three methods use to cash out stolen credit card information (6 marks)
1) online shopping for resellable goods shipped via reshipping mules
2) ATM withdrawals using cloned cards with PINs from dumps
3) gift card laundering to convert stolen credit into untraceable value
These methods are often combined to maximise profit and reduce traceability.
How do underground markets ensure operational security and prevent law enforcement infiltration? (7 marks)
- Vetting of new users via referrals, interviews, or criminal proof
- Escrow services with admins to reduce scams
- Use of encrypted messaging (Jabber, PGP)
- Access limited to Tor; anonymous account creation
- Strict rules and active moderation to detect suspicious activity
- Monitoring for behavioural signs of law enforcement infiltration
What are credit-card ‘dumps’ and how are they used by cybercriminals? (5 marks)
- Dumps contain Track 1 and Track 2 data from a card’s magstripe
- Acquired via skimming devices, point-of-sale malware, or breaches
- Written onto blank plastic cards using a magnetic encoder
- Used for physical purchases or ATM cashouts
- Often sold in bulk on dark web forums or carding markets.
