Cybercriminals are often seen as parasites, feeding off a wide swath of victims of every size and stripe. But as it turns out, they’ve become targets in their own right, with a host of bottom-feeding “metaparasites” flocking to Dark Web marketplaces to find their own set of marks.
It’s a phenomenon that has the happy side effect of exposing a rich vein of threat intelligence to researchers, including contact and location details of cybercriminals.
Sophos senior threat researcher Matt Wixey took to the stage at Black Hat Europe 2022 to discuss the metaparasite ecosystem, in a session entitled “Scammers Who Scam Scammers, Hackers Who Hack Hackers.” According to research he did with fellow researcher Angela Gunn, the underground economy is riddled with a wide variety of fraudsters, who successfully extract millions of dollars per year from their fellow cybercriminals.
The pair examined 12 months of data across three Dark Web forums (Russian-speaking Exploit and XSS, and English-speaking Breach Forums), and uncovered thousands of successful scam efforts.
“It’s pretty rich pickings,” Wixey said. “Scammers scammed users of these forums out of about $2.5 million US dollars over the course of 12 months. The amounts per scam can be as little as $2 on up to the low six figures.”
The tactics vary, but one of the most common — and the most crude — is a gambit known as the “rip and run.” This refers to one of two “rip” variants: A buyer receives goods (an