Cybercriminals communicate using one of the most common instant messaging tools.
The world of cybercrime increasingly resembles the standard business world, made up of many illegal schemes that depend on groups of specialists working across various projects.
“In many ways, these forums are the beating heart of the cybercrime economy,” said Leroy Terrelonge, senior intelligence analyst at Flashpoint, which has published a study on how cybercriminals communicate.
More security news
- NSA’s Ragtime program targets Americans, leaked files show
- CIA to continue cloud push in the name of national security
- Eugene Kaspersky: We would quit Moscow if Russia asked us to spy
- Apple fixes macOS password flaw
Once criminals have met they often then move their communications outside of the forum for a number of reasons — even if the forums have native private messaging platforms.
While these communities might be viewed as advanced and stealthy, deploying secretive messaging and using encrypted tools to communicate with one another, members are often just like any other average internet user or enterprise employee, turning to freely available and simple tools in order to help get the job done.
Researchers conducted the study by monitoring mentions of social media platforms and messaging tools in various underground forums, particularly those made by those interested in financially-motivated cybercrime.
Skype accounted for almost two-thirds of instant-messaging services mentioned in English-speaking forums during 2016 and for around one-third of mentions in Russian and Arabic-speaking online communities, and about 15 percent of them in Spanish outlets. Skype also features as one of the top five messaging services mentioned in the French, Persian, and Chinese language groups.
But Skype isn’t the only tool in town and there are other social media platforms which are commonly used across the globe — with one in particular featuring regularly across almost all the language groups: Jabber, an open-source platform which has been incorporated social networking, instant messaging, VoIP, file transfer services and more.
ICQ — the instant messaging service which has existed since 1996 — also features heavily, accounting for around one in five mentions of social media platforms on Russian forums and over half of mentions in Spanish-speaking communities.
Digital Transformation: A CXO’s Guide
You can download all of the articles in this special report in one PDF (free registration required).
“The service’s heavy use in the cybercrime ecosystem is likely due to the prominence of Russian-speakers in financially-motivated cybercrime activity, as well as the desire for speakers of other language communities to interact with and learn from these actors,” says the report.
“Given that there is no security rationale for increased mentions of ICQ the most plausible explanation is criminals’ desire to model themselves more closely to Russian-speaking criminals or adopt the technology to facilitate communication with Russian-speaking actors,” says the report.
“Regardless of their language, skills, location, or affiliation, cybercriminal groups tend to share a strong desire to reap the benefits of cross-community collaboration, information sharing, and even mentorship. Such activities necessitate consistent access to reliable means of communication,” says Flashpoint.