Receive free cybersecurity updates
we will send you myFT Daily Digest Email summary of latest information cyber security There is news every morning.
Cybercriminals in Turkey have teamed up with recently arrived Russian immigrant hackers to inject tens of millions of newly stolen personal credentials into an online marketplace that was once on the verge of collapse, an evolution of the transnational nature of this type of fraud.
Thousands of people, many of them trained software engineers, fled Russia to Turkey last September after Russian President Vladimir Putin ordered a conscription of troops to fight in the war in Ukraine.
Turkish police and security researchers say some of them turned to relatively low-level online scams and fraud to support themselves, teaming up with established Turkish counterparts to avoid detection, laundering money and selling credentials collected from computers around the world into European markets .
Two police officers who spoke on condition of anonymity said the recent surge in activity prompted Turkish police to launch an investigation, although criminals used sophisticated online techniques, known as cloaking, to evade detection.
By contrast, criminals in Russian-speaking countries tend to be relatively open because their governments have been lax in their enforcement efforts.
In recent months, they say, cybercriminals have used each other’s skills to create cartels that are chipping away at the monopoly of better-known traditional Russian and Belarusian gangs.
“In less than a year, reports have increased a lot,” said an official based in Antalya, a coastal region popular with Russians.
The second police officer noted that these newly formed gangs were careful not to target Turks to minimize scrutiny from local authorities.
Turkish police did not respond to requests for comment.
The market of choice for cybercriminals, which security researchers call the “underground log cloud,” has been flooded with tens of millions of stolen credit cards, passwords and login credentials in recent months.
The treasure trove, discovered by Osher Assor, an information security expert at Auren Cyber Israel, utilizes complex code to send newly stolen credentials to large numbers of customers who signed up for a data stream on a Telegram group.
The data was collected by a common malware that appears to evade most known antivirus software. Athol believes the malware, nicknamed “Redline,” is unintentionally downloaded by people using illegal websites to play video games or pirated versions of popular software.
But what makes the data collected by Redline particularly valuable is that it also steals cookies, or small pieces of personal identification code, from people’s browsers, allowing hackers to impersonate victims online and even copy people’s saved credit card information. Make online shopping easier.
“The data is more valuable because it’s fresh and almost real-time,” Athol said. “Crypto trading is not new, but what’s unique here is that the information is ‘fresh’ – each update contains a package containing hundreds to thousands of logs stolen within the past few hours, making Cookies stay ‘hot’.”
In screenshots of a conversation with a Turkish hacker that Assor shared with the Financial Times, hundreds of Telegram groups appear to be touting freshly scraped data, often for as little as $50 a week. Each bundle has thousands of entries – one screenshot shows 76 million different data points, organized for ease of use.
A Turkish information security expert who spoke on condition of anonymity said he had infiltrated one of the Telegram groups posing as buyers because contact with hackers falls into a legal gray area in Turkey.
Over the course of several months, he watched as newly arrived Russian hackers taught their Turkish counterparts complex codes to sort through the vast amounts of data being collected, while Turkish criminals used their connections in Western Europe, especially Germany, to Obtain data efficiently at a better price. Organized data set.
In other chats, he witnessed groups celebrating a good harvest, discussing how to exchange stolen cryptocurrency for Turkish lira, and even discussing in detail ways to buy real estate to obtain a Turkish passport.
“None of these guys are top hackers, but they are very efficient and have learned how to automate well — and their output is increasing rapidly,” he said.
Athol’s interactions with the team showed the same thing – professional marketing and even customized coaching. At one point, a Turkish hacker even gave him restaurant recommendations in Istanbul.
But when asked about his ties to the Russians, the hacker demurred.
“No, brother,” he replied. “I don’t want to know — it’s not about getting to know (their) faces, it’s about being around talented people.”
Svlook
