The Grugq and Fyodor Yarochkin now move on to outline the prevalent payment methods on Russian hacking forums and touch upon the goods being traded on there.The Grugq: There’s some really cool identity stuff that they do as well. A lot of the money that gets moved around in these illegal economies is basically done by virtual currencies (see right-hand image). The main one right now is called WebMoney. The Russian FSB are supposedly now taking over WebMoney. It used to be run mostly by the Russian mafia. Yarochkin: In Moscow it’s getting kind of tough. I was in Moscow about a month ago, and they’re starting to change regulations. So, when you go to the WebMoney office, if you cash money – you’re supposed to show your identity card, if you sell money – you can stay absolutely anonymous. But Russia cannot control the whole world, so if you look at the WebMoney offices (see left-hand image), there’s one in Czech Republic, in Prague; but the funny one is in Thailand. Why do you think a WebMoney office would be in Thailand?
The Grugq: Because all the Russian mafia are based in Pattaya. I was once purchasing services from some of these Russian forums…
Yarochkin: You were purchasing services for illegal transactions?
The Grugq: I was not doing anything dodgy, I just needed a lot of proxies – really a lot of proxies. And so, basically, I needed to get WebMoney because that’s the only way that you can do transactions with any of these Russian guys. And what was happening is I went to the website, I clicked through all the stuff until I get to something like “Now send me money”, and there was this guy named Stanislav who gave me the bank account, and I could go to any Kasikorn Bank, which his bank account was, pay cash, it got directly deposited into his thing, send an SMS to his number – and then he transfers 90% of whatever you gave him to WebMoney account. He also used to offer a cash out service, where for 6% he would take any money out of what you transferred as WebMoney to him, convert it into cash and then send on a courier to wherever you were.
Yarochkin: Yeah, so there’s this guy on a motorbike with a bag of cash delivered to your house.
The Grugq: Now we’re moving on to online goods. Another problem with a lot of these guys is, once you get a credit card, it’s very hard to convert a credit card into actual money.
Yarochkin: You cannot just withdraw money from the credit card directly.The Grugq: Yeah, you need to convert a credit card into cash, because you can’t pay rent, buy food or alcohol with just the credit card numbers – that’s not good enough. So the typical way to do this is by selling goods online. One of them is Skype, so you can buy Skype accounts (see right-hand image).
Yarochkin: Just some orientation rate: 1 WebMoney corresponds to 1 American dollar.
The Grugq: Yeah, 1WMZ means 1USD.
Yarochkin: In one of the advertisements, they say: “10-dollar Skype accounts are going for $4”. The other one says: “For Skype OUT you get 1 to 2.5 exchange rate”, so if you want to buy a 250-dollar Skype account – you pay $100.
The Grugq: The Cyrillic “ВМЗ” stands for “WMZ”.
Yarochkin: And then, you get unlimited Skype access to call all around the world for $25.
The Grugq: This guy is quite legitimate. One of the things to realize about this is these ads are on Russian hacking forums, so what they’re trying to do is they’re trying to sell Skype accounts registered by hackers to other hackers. This is not a good market. These are not the ideal people to try and sell these things to.
Yarochkin: And yet, they’re offering moneyback guarantee, so if you buy a Skype account and it doesn’t work, they can give you another Skype account or return your money back.The Grugq: So, yeah, you can’t lose, except for the fact that none of the people that they are selling to would actually buy this. These guys are not the brightest bulbs on the tree; they can steal credit cards but they can’t actually sell things to each other. They’re not very good. This (see left-hand image) is a Chinese version actually.
Yarochkin: They basically sell iTunes gift cards, and the exchange rate goes 100 US dollars –12 Chinese Yuan. So, for a 100-dollar gift card you pay 12 RMB (renminbi). Considering the official exchange rate, you pay a little over a buck for a hundred.
The Grugq: The amazing thing is, when this first started about six months ago, you were paying 80 USD for a 100-dollar gift card. The first guy to figure this out was making bank, and then everyone else who saw it was like: “He’s charging 80, I’ll do 50”. And even two months ago it was about 20 to 1, and now it’s something like 100 to 1. We took this screenshot a couple of hours ago.
Yarochkin: So, if you’re still interested, you can go and buy.
The Grugq: The thing is, this is basically a Chinese version of eBay; it’s not even an underground forum. Like, if you go on eBay and you look for iTunes gift cards – it’s similar to what these dudes have got, selling iTunes cards that they get with stolen cards. Next step – we are going to look at some real examples. Oh, this one is going to be hard to read.
Yarochkin: And yet, I’m going to read it. It says: “I’m selling proxies for brute-force. The price is 20 proxies for $4, 50 proxies for $6, 100 proxies for $9, and 200 proxies for $15. If you want more, we can agree on special price”. Then we got the follow-ups…
The Grugq: Yeah, some dude goes: “How fast are they?” And the next dude is like: “Are you fucking kidding me? Are these made of gold?!” So, the follow-up after that is: “Obviously, you’ve made a mistake – you forgot a zero, so it should be 200 proxies for $4”. It’s really pretty amateur on these boards. And then the last one is pretty good; this guy goes: “What are you fucking talking about? For $4 you can buy 400 proxies, not 20!” So, these dudes are really not making money.
Yarochkin: If you look at the forum posts, you can see how many offers they got there. There’s a whole bunch of selling offers. There are lots and lots of pages with these.
The Grugq: There’s a lot of traffic on these things. Daily, it updates with dozens of posts, no problem.Yarochkin: We picked some interesting ones. How many of you know how useful passport scans could be? It’s really “useful”. So, in one of the offers they are basically selling Russian passports. This guy sells a complete set (see left-hand image). He sells a bank account with ATM card of a European bank. The package includes the online account access, ATM card, passwords – per month you can withdraw up to $6000 – copy of the passport, and SIM card registered on the “right” name. The Grugq: We got a picture of all these things (see right-hand image).
Yarochkin: And the last thing in the advertisement says: “I can prepare the identity for you on order, takes me one week”. I think what he does is he takes the passport scan…
The Grugq: …And then he starts registering. What he’s doing is he’s taking a passport scan, which will have a complete identity and enough to start setting up bank accounts. So, once he has bank account he starts setting up more of an identity.
Yarochkin: We’ve got another example. It’s an advertisement selling passport scans, very cheap, but it’s not limited to Russia. I can translate the list of countries; it says this thing is organized across continents, so you can buy from Austria, Australia, England, New Zealand, Belgium, Germany, Finland, Hungary, the Netherlands, Norway, Poland, Portugal, Estonia, Switzerland, and other countries, such as United States, Canada, Mexico, Bangladesh, Columbia. And then, they also sell credit cards. You can buy by name, or age, or country, or city of residence. One scan costs 3WMZ for international passport, and for Russian passport it’s 4WMZ. I don’t really know why the Russian passport scan is more expensive; probably, because it’s more “Russkiy” (transliterate for the word “Russian”).
The Grugq: So you can see just how valuable someone’s identity is.
Yarochkin: Yeah, and there’s another funny thing: he also offers the service of redrawing the passports.
The Grugq: So, basically, you can send him a passport scan and he will fix the name and stuff, in case they got it wrong for you. Regarding cash-out, that’s probably one of the hard problems that these guys have. So, if they steal access to a bunch of bank accounts, they still need to extract the content, they need to extract the money. I guess anyone who’s been on the Internet has seen all these articles about Russian criminals being organized into offering services and stuff. This is what it looks like; these are the guys offering services you read about in those articles. And it’s pretty amateur. These guys have got reputation systems based on handles on web forums. They have whitelists and blacklists, for instance some guys will say: “I only deal with people who have good reputation on this forum, or you have to pay upfront”.