Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

OPSEC novice … here the manual for perfect cyber criminals

Cyber security expert Dancho Danchev profiled a new OPSEC training services in the underground, a new trend that is converging to standardization of knowledge sharing in the cybercrime ecosystem. Speaking of cybercrime, with the term OPSEC are usually referred the basic operational security activities conducted by cyber criminals to avoid being tracked and monetize their […]

OPSEC novice … here the manual for perfect cyber criminals

Cyber security expert Dancho Danchev profiled a new OPSEC training services in the underground, a new trend that is converging to standardization of knowledge sharing in the cybercrime ecosystem.

Speaking of cybercrime, with the term OPSEC are usually referred the basic operational security activities conducted by cyber criminals to avoid being tracked and monetize their cyber crimes (e.g. Frauds, scams, hacking campaigns and much more).

Cybercrime business will never stop to surprise us, every day new products and model of sale are proposed by gangs of criminals with a primary purpose to make their services user-friendly and available for a wide audience.

The cybercrime has its rules, operations,  its patterns and monetization processes that are increasing in sophistication, an attractive underground in which the principal actors have started to think to earn also sharing their experience and expertise.

The cybercrime expert Dancho Danchev has recently profiled a product/training service launched around the middle of this year 2013, it is a course that caters novice cyber criminals offering them tools, manuals and precious suggestions to successfully undertake their career in illegality.

The course is complete and according Danchev covers the most interesting topics of OPSEC

  • Basic host security
  • Setting up Virtual Machines
  • Setting up encrypted backups
  • Setting up and securely using email clients
  • Setting up a firewall
  • Basics of OpenVPN and i2p
  • Basics of Bitcoin use
  • How to configure popular browsers for maximum security and anonymity
  • How to use Socks4/Socks5 servers (malware infected hosts)
  • How to anonymously use the most popular Web payment processes such as WebMoney, Yandex etc.
  • How to securely communicate online using free/public/community tools

Giving a look to the topics it is easy to recognize the knowledge of all the principal  phases of a malicious criminal activity from the setup of a malicious architecture to the monetization phases and payment processes.

I consider the coverage of these topics fundamental also for any professionals that desires proof its knowledge of cybercrime and its OPSEC. The training in Operational Security (OPSEC) is very interesting, it also includes access to a private forum set up for customers only in which the apprentices could exchange experiences and ask the support to skilled cyber criminals in an anonymous way.

The cost of the training package is very cheap, just $40 for the manual inclusing the access to the forum, dont’ forget the discount of further 10$ in case the customer provides relevant feedback about course.

OPSEC training material cybercrime Forum

“The standardized OPSEC offering is targeting novice cybercriminals, and also has an interesting discount based system, offering $10 discounts for every feedback from those who’ve already taken the course.” states the blog post published by Danchev.

OPSEC training material cybercrime 3

 

As highlighted by Danchev we will assist in the future in the a standardization process of the OPSEC knowledge, through localization (translating the original documents) and  training courses to instruct novice criminals. Online courses for novice cyber criminals are increasing and their quality is improving also thanks to the direct contribution of criminals that daily improve their methods and strategies on the field responding to the increasing pressure from law enforcement.

Probably elsewhere someones already arranging the next cyber criminal boot camp … are you ready for the training on the job?

Pierluigi Paganini

(Security Affairs –  OPSEC, cybercrime)