The tool is called Social Engineering Master. Anyone who pays the equivalent of $50 can search through a variety of stolen or leaked information and use it to create a convincing cyber-attack targeted at a specific victim or group of victims.
The online service is just one of the offerings that have cropped up as part of an online criminal ecosystem in China. While China is well known as a source of cyber-attacks targeting Western political and economic targets through operations called Darkhotel, Emissary Panda and Naikon that made headlines worldwide, online criminal marketplace activity has grown significantly over the past year.
Underground developers are not only selling products, such as exploit kits, and services, such as made-to-order denial-of-service attacks, but they are branching out into easy-to-use Web applications and polished hardware hacks, according to a report released by security firm Trend Micro on Nov. 23.
Services, such as Social Engineering Master, show that the country’s criminals are becoming more sophisticated, Christopher Budd, global threat communications manager with Trend Micro, told eWEEK.
“The big problem these days is not getting the data, but getting to the data that you want,” he said. “They provide a tool that gives you a nice interface, so the cyber-criminals can create very compelling social engineering emails.”
While malware and hacking services continue to be a staple of the underground marketplace in China, criminals have branched out into other areas, according to Trend Micro. Hacked hardware has gone from prototypes to polished products, especially such devices as payment-card readers, which can quickly skim financial information, the company stated.
Legitimate-sounding services—such as boosting the rank of free apps in Apple’s App Store and paying for dedicated servers—have doubled in price in some cases, while services more commonly associated with crime—such as buying hacked registration codes for software and renting botnets—have become cheaper.
“While it is less open in China, this is now truly a marketplace,” Budd said. “We no longer talk about it as a curiosity. We are in the second, maybe third, generation of cyber-crime offerings.”
Take payment-card skimming. With non-cash transactions growing by more than a quarter in the past year, criminals are turning a greater focus toward stealing card data and using it for fraudulent transactions. For that purpose, criminals have developed advanced devices for skimming credit- and debit-card information, the Trend Micro report states.
“We are seeing compromised payment card readers that are being mass-produced and they are being inserted into the legitimate supply chain without people realizing it,” Budd said. “It is like the owners of a mom-and-pop restaurant going to the local version of Staples and buying what they think is a legitimate card reader, but in reality, it is grabbing data from every transaction.”
China’s Underground Cyber-Crime Economy Grows in Size, Sophistication
The company found point-of-sale skimmers for sale on business-to-business sites, where they were likely bought to be resold to unwary retailers. The devices also had a new feature, which transmits stolen data through SMS text messages, usually used by phones, so cyber-criminals do not have to physically collect the data, the report stated.
Skimming also highlights the ways that China and the U.S. criminal markets can differ. While skimming is a popular way of grabbing payment-card information in the United States, criminals have focused on automated teller machines (ATMs) at banks, rather than point of sale devices, according to financial-service firm FICO.
From January to April 9, 2015, the number of points of compromise increased by more than 170 percent at bank-owned ATMs in the United States, while it has dropped by more than 80 percent at U.S. retail points of sale. The trend in China, at least anecdotally, still seems focused on point-of-sale systems.
Unlike espionage, much of the crime in China focuses on domestic targets, according to experts. While a domestic systems integrator reportedly refrained from buying information stolen from well-known manufacturer Foxconn by a local group of hackers, a heavy machinery maker, Sany, allegedly hired hackers to infiltrate and steal information from its competitor in 2014, according to a report in the Financial Times. Three Sany executives were arrested during the investigation into the case, according to the article.
A study by Microsoft of PCs in China in 2011 found that four of 20 computers bought from retailers had malware pre-installed on the devices. In addition, while the United States and European countries rarely see mobile malware, malicious code—such as the recent XcodeGhost attack— is part of the mobile experience in China.
“Currently, China’s cyber-crime underground mostly targets Chinese citizens and businesses,” said Doug Steelman, chief security officer for Dell SecureWorks, who oversees the CSO Human Intelligence Team. “However, we are beginning to see a few criminal groups offer hacking services targeting foreign websites or businesses.”
Chinese law enforcement agencies are aware of these different avenues of attacks and have investigated wrongdoing and cracked down on the underground markets and illegal online behavior, but face an uphill battle, Steelman said.
“The ongoing challenge for them—as well as everyone fighting cyber-crime—is the difficulty in determining attribution and identifying the specific activities actually being carried out by hackers advertising their services, such as what is specifically being traded, who is being targeted, and with what success these attacks are carried out,” he said in an email interview.