Metaparasites: The cybercriminals who rip each other off

Shocking news! It turns out that you cannot trust criminals.

Graham Cluley
@gcluley

Metaparasites: The cybercriminals who rip each other off

Shocking news! It turns out that you cannot trust criminals.

That’s obvious, of course, but maybe criminals themselves are also guilty of being a little too trusting of others – and getting scammed as a result.

Researchers at Sophos presented an investigation at Black Hat Europe this week into so-called “metaparasites” – the scammers who scam other scammers.

Sophos’s Matt Wixey and Angela Gunn described their research as:

“…a novel investigation into scammers who scam scammers and hackers who hack hackers, on three of the most well-established and prominent criminal marketplaces. We examine the size of this shadowy multi-million-dollar ecosystem; the motivations of metaparasites; how arbitration processes work; and what influence metaparasites have on the culture and operations of the marketplaces in which they operate.”

And there’s a lot of money to be made by targeting cybercriminals.

According to Sopbos, cybercriminals have lost over US $2.5 million to other scammers in the last 12 months, in just three underground forums.

EmailSign up to our newsletter
Security news, advice, and tips.

Scams can take multiple forms, including fake data leaks, blackmail, backdoored malware, and phishing.

The researchers even found 20 websites that had been created to imitate criminal marketplaces, “intended to trick users into forking over a $100 ‘activation fee.’”

Oh dear, what a shame, never mind.

Trust

And, perhaps unsurprisingly, there’s even evidence that some scammers who have been scammed go on to get their revenge by scamming the very people who scammed them (I hope you’re following this at the back…)

The problem of cybercriminals conning other cybercriminals has become so significant that underground forums even have dedicated “arbitration rooms,” where disagreements can be aired with the hope of resolution.

Arbitration

So, all of this is very amusing. And we like the idea that cybercriminals are conning each other rather than spending all their time targeting the innocent public – but is there anything else good that comes from this?

According to the researchers, yes there is:

“Metaparasites, inadvertently, provide an intelligence boon to analysts, allowing us to gain unprecedented insights into sales, operations, negotiations, and identifiers which would otherwise remain hidden – as well as into marketplace culture, differing levels of operational security, and susceptibilities to deception and social engineering.”

But we shouldn’t laugh too heartily, the researchers warn: “It’s not just threat actors at risk – also inexperienced researchers, journalists, the generally curious.”

Just so long as those exploring and researching the cybercriminal culture do not get duped themselves, I guess get a little comfort from the thought that cybercriminals are busy scamming each other rather than us.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.