In need of a good example, that malicious adversaries are constantly striving to ‘innovate’, thereby disrupting underground market segments, rebooting TTPs’ (tactics, techniques and procedures) life cycles, standardizing and industrializing their fraudulent/malicious ‘know-how’? We’re about to give you a pretty good one.
Regular readers of Webroot’s Threat Blog, are no strangers to the emerging TDoS (Telephony Denial of Service) underground market segment. Primarily relying on the active abuse of legitimate services, such as, for instance, Skype and ICQ, as well as to the efficient and mass abuse of non-attributable SIM cards, for the purpose of undermining the availability of a victim’s/organization’s mobile/communication’s infrastructure, the market segment continues flourishing. Rather a trend, than a fad, established DDoS (Distributed Denial of Service) for hire vendors, are already busy ‘vertically integrating’ within the underground marketplace, by starting to offer TDoS for hire services, either relying on a partnership with a TDoS vendor, or through the reliance on an in-house built infrastructure, established through the use of public/commercially available TDoS tools.
Back in July, 2012, a relatively unknown underground market entrant, publicly announced his ambitions to build a custom TDoS-ready GSM module, capable of supporting between 100-200 non-attributable SIM cards simultaneously, using custom coded management software. In a true product customer-ization style, he also started soliciting feedback, and touching base with potential customers of the custom module, in between promising them a “democratic” pricing scheme for the upcoming release. Then came the ‘innovation’. In November 2013, he made commercially available, what we believe is the first such public/commercially available TDoS-ready custom GSM module, whose very existence is poised to further fuel the growth of the TDoS market segment, tip potential competitors to the rise of the market segment, and directly contribute to the emergence of new TDoS vendors.
Let’s discuss the custom GSM module’s core functionalities, pricing scheme, and why its vendor can easily claim the market disruptor position in early 2014.
Sample screenshot of the 96 simultaneous SIM cards supporting custom GSM module:
The package contains:
– the actual GSM module, case for the module, USB cable
– Custom coded driver
– Custom coded management software
– Service Guarantee and Maintainance in a true QA (Quality Assurance) fashion
– Free of change customer support
The GSM module is capable of efficiently — through the custom coded software — doing the following:
– Receive SMS messages
– Send SMS messages
– Call any number
– Notification for upcoming calls
– Check SIM card balance etc.
Key differentiation/market disruption (growth) factors:
– The vendor is offering his ‘know-how’ in the context of building similar SIP/VoIP-based custom modules
– Cybercrime-friendly community members of (community in question) are offered discounts
– The vendor is actively looking for ways to further penetrate the market segment, through affiliate based type of program
The price of the custom GSM module? 59,000 rubles or 1764 USD.
Despite being largely generalized as a widespread ‘unethical competition’ tactic primarily taking place within Russia/Eastern Europe, in 2013, the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), issued a rare, eye-opening, TDoS alert, raising awareness on a ransom based type of TDoS campaigns, hitting call centers/emergency phone lines, indicating that the market segment is definitely prone to expand oversees.
We’ll continue to closely monitor the market segment, and post updates as soon as new developments take place.