{"id":15172,"date":"2013-12-03T09:28:44","date_gmt":"2013-12-03T16:28:44","guid":{"rendered":"https://www.webroot.com/blog/?p=15172"},"modified":"2023-11-01T14:11:38","modified_gmt":"2023-11-01T20:11:38","slug":"cybercrime-friendly-vpn-service-provider-pitches-recommended-edward-snowden","status":"publish","type":"post","link":"https://www.webroot.com/blog/2013\/12\/03\/cybercrime-friendly-vpn-service-provider-pitches-recommended-edward-snowden\/","title":{"rendered":"Cybercrime-friendly VPN service provider pitches itself as being ‘recommended by Edward Snowden’"},"content":{"rendered":"

We’ve recently spotted a multi-hop Russian cybercrime-friendly VPN service provider — ad featured not syndicated at a well known cybercrime-friendly community —\u00a0that is relying on fake celebrity endorsement on its way to attract new customers, in this particular case, it’s pitching itself as being recommended by ex-NSA contractor Edward Snowden. How have anonymization tactics evolved over the last couple of years? Have the bad guys been ‘innovating’ on their way to cover the malicious\/fraudulent online activity orchestrated by them? Let’d discuss some of the current trends in this ever-green market segment within the cybercrime ecosystem.<\/p>\n

<\/p>\n

Sample ad featured at the cybercrime-friendly community:<\/strong><\/p>\n

\"Cybercrime_VPN_Edward_Snowden_Recommended_Featured\"<\/a><\/p>\n

It didn’t take long for cybercriminals to realize the massive potential for abusing already created botnets, in terms of utilizing them as anonymization-based type of infrastructure<\/strong><\/a>. Empowering them with the necessary foundations for launching attacks relying on the ‘stepping-stones’ concept<\/strong><\/a>, completely mixing the malicious\/legitimate\u00a0logs-free anonymization infrastructure<\/strong><\/a>, or setting up multi-hop cybercrime-friendly VPN service providers, these practices added additional layers of anonymity<\/strong><\/a> to their Internet activities, primarily relying on\u00a0basic ‘risk-forwarding’ tactics<\/strong><\/a>. Next to the utilization of these concepts, the massive\/de-facto\u00a0adoption of Socks4\/Socks5 modular features<\/strong>, found in a huge percentage of modern malware\/crimeware\/platform<\/strong><\/a> releases, helped opportunistic cybercriminals to quickly monetize the market segment, by empowering others with the same capabilities through their “cybercrime-as-a-service<\/strong><\/a>” type of underground market propositions.<\/p>\n

Throughout 2013, we continued to observe a decent supply of “hacked-PCs-as-a-service<\/strong>“, with some of the market-leading\/well known\/reputable vendors, still in operation. Moreover, thanks to the general availability of Socks4\/Socks5 converted anonymization hosts, we also continue to observe a decent supply of CAPTCHA-based proxy-supporting DIY automatic account registration\/brute-forcing<\/strong><\/a> tools, Denial of Service (Dos) attack tools<\/strong><\/a> relying on hacked\/compromised PCs, as well as the now de-factor standard for the cybercrime ecosystem, use of APIs for the purpose of supplying fellow cybercriminals with access to fresh IPs with clean IP reputation.<\/p>\n

We expect to continue observing a mix between a purely malicious infrastructure, in combination with legitimate logs-free infrastructure, for the purpose of anonymizing a cybercriminals online activities, successfully bypassing current data retention regulations in place.<\/p>\n","protected":false},"excerpt":{"rendered":"

We’ve recently spotted a multi-hop Russian cybercrime-friendly VPN service provider — ad featured not syndicated at a well known cybercrime-friendly community —\u00a0that is relying on fake celebrity endorsement on its way to attract new customers, in this particular case, it’s pitching itself as being recommended by ex-NSA contractor Edward Snowden. How have anonymization tactics evolved […]<\/p>\n","protected":false},"author":65,"featured_media":17052,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[4051,16797,16803,6103,10777,16799,16795,16787,5411,16801,5019,5799,6045,16793,16785,13165,3947,5351,16791],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/15172"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=15172"}],"version-history":[{"count":13,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/15172\/revisions"}],"predecessor-version":[{"id":32193,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/15172\/revisions\/32193"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17052"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=15172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=15172"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=15172"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=15172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}