Newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Share this article:
CryptBB becomes more inclusive by inviting less experienced hackers to learn from expert cybercriminals and one another.
A well-known private hacking forum has recently become more inclusive, introducing a new platform to help newbie threat actors flourish and hone their expertise, research has found. The discovery is unique, as private hacker forums tend to be the exclusive province of elite cybercriminals.
Digital Shadows on Thursday published a report that takes a deep dive into CryptBB, an exclusive hacker forum that has been operational since 2017.
“The real surprise was the identification of an application-only forum creating a dedicated subforum for failed applicants, or ‘newbies’, to converse, share insights, and learn from full-time members,” Alex Guirakhoo, threat research team lead at Digital Shadows, told Threatpost. “Historically, the only times we have seen exclusive (private) forums lower the parameters for entry are when they have allowed members willing to pay a set fee in order to bypass the application process (this was seen with the English-language forum KickAss and the Russian-language forum Exploit). The payment enabled the forum to gain more members but was also financially beneficial to the forum. In CryptBB’s case, they are using a dedicated subforum to share knowledge and help others for free. They might be doing this for site-traffic metrics, but the intent behind the scheme seems innocent enough and the forum likely feels it is a way to give back and help others to increase their skills/knowledge.”
Last month, CryptBB owners went a step further and also began to reach out on the dark web to try to recruit new hackers into the forum. Digital Shadows identified what is called a “subdread” dedicated to CryptBB on the dark web community forum Dread—which has a “far-reaching and loyal user base” — in early June, researchers noted.
“On this subdread, CryptBB proclaims itself to be an excellent forum for ‘newbie’ hackers, programmers, and carders eager to start on their journey while also remaining a private platform for ‘advanced’ members who can partake in quality discussions and share expertise,” researchers wrote.
Digital Shadows imagined a few reasons for this concerted effort to shift from a forum exclusive to expert hackers to one that is now inviting less experienced ones into the fold.
One could be to try to preserve and maintain some of the methods and strategies already used by more skilled hackers, researchers surmised. Historically, CryptBB has provided some dedicated services for members to offer, including RDP sales and “hackers for hire” services, they said. Earlier this year, the forum’s admin team also began offering penetration testing and bug-reporting services to marketplaces with an assurance of discretion and no “drama,” researchers reported.
Guirakhoo told Threatpost, “Whilst I cannot exactly say for sure the reasons for these latest activities to court new members, it is highly likely that the forum wants/needs additional members for future projects/work and the current range of skill sets of their current membership might be limited. The forum itself has historically been identified to offer bespoke services (e.g. marketplace pen-testing, RDPs, etc.) on other forums, indicating the forum acts as a collective rather than individual entities. This is in contrast to other forums where individual users usually offer specific services. Therefore, the forum admins may recognize a need to sustain a higher member count in order to maintain these services and ensure they are appropriately staffed.”
Another motive for the forum’s cultivation of less experienced hackers suggests that cybercriminals have feelings too, and might actually feel gratified by helping newbies hone their skills, researchers said.
“This may reassure the administration team that they are earning karma to mitigate past misdeeds or provide the sense that they are giving back to their community,” they wrote, adding that this “give back” behavior already has been observed on Russian-language cybercriminal forums in the form of charity campaigns.
Other reasons for the move might be less altruistic. More established members of the forum might want to bolster their own reputation and profile in the cybercriminal scene by passing on knowledge to less experienced hackers, as well as recruit future members to “empower the community as a whole,” researchers noted.
Those behind CryptBB also might want to use the newbie forum to expose itself to a wider audience, as an exclusive forum doesn’t garner as much activity and participation as one with a lower barrier to entry. The forum faces competition in terms of sustaining its membership and activity from another called Torum, which is “more fluid” and has a higher activity level, researchers said.
“Creating a dedicated section for novice users improves CryptBB’s image within the cybercriminal scene and encourages other users to participate,” they wrote.
Finally, CryptBB admins may actually be trying to learn from experience by loosening requirements for entry into the forum, researchers noted.
Out of all the forums launched around the same time, CryptBB is the last one standing. That’s because disgruntled hackers from now-defunct contemporaries, such as KickAss and 0day, became frustrated and began to blab about the forums on other active platforms. This invited unwanted attention from law enforcement and dissent within leadership ranks, among other problems.
Overall, the move will “likely increase forum participation in the long-run and therefore establish the forum as a staple in the hacking and carding scene,” according to Digital Shadows.
“This, combined with the various services currently being offered to external parties, clearly demonstrates the administration team’s desire to ensure the forum stands the test of time,” researchers wrote.
Share this article:
Chipmaker investigates a leak of intellectual property from its partner and customer resource center.
The agency known for its own questionable surveillance activity advised how mobile users can limit others’ ability to track where they are.
COVID-19 pandemic spurs spoofing preference changes, plus a surge in email-based attacks.
Join thousands of people who receive the latest breaking cybersecurity news every day.
A #BlackHat session discussed how high-wattage connected devices like dishwashers and heating systems could be recr… https://t.co/3fKJmzRH7i
12 hours ago
Get the latest breaking news delivered daily to your inbox.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.