It's like going to an online college.
Want to make a career out of hacking? Forget the self-help tutorials and lurking on IRC for occasional words of wisdom. Take the college student route and dump tons of money into courses so that you can be all the hacker you can be, the right way. That's what RSA Security says it has discovered over the last few weeks: paid courses by "pro" hackers for budding hackers.
"RSA has observed a spike in the availability of cybercrime courses, lessons, counseling and tutoring that are being offered to help fraudsters achieve their career goals," states cyber intelligence expert Limor Kessem. "In what appears to mimic the course catalog model adopted by many legitimate universities, senior fraudsters are turning their expertise into a professorship, helping newcomers master everything from the basic business of fraud to how to avoid law enforcement."
According to the report, these paid courses are advertised in the "underground," and typically conducted via Skype videoconferencing. This method allows the classes to be interactive so that makeshift "professors" can partake in Q&A sessions with "students," provide live visual examples, and so on. That said, it's no wonder why the NSA is spying on Microsoft's popular VoIP client (and probably taking notes).
"These fraudster trade schools further offer 'job placement' for graduates through their many underground connections with other experienced criminals," Kessem reports. "'Professors' will even vouch for star students to help them join the underground communities they would otherwise not be able to access."
There are even rigid classroom rules such as providing professors with a two-hour notice in advance if students cannot make it to class. If they do fail to show up, students are fined 50 percent of the fee, and rescheduled for the next class. Those who fail to pay absentee fees will forfeit the entire deposited fee. The firm didn't state what would happen if students sail a paper airplane or cuss the professor out.
As for the actual courses, there's a lot. The first level of courses is designed for beginners, teaching the basics of online financial fraud such as The Business of Fraud, Legal Aspects, Building Your Business, and Transaction Security. The cost of each lecture is 2,500 Russian Rubles, or around $75 USD. There's also a School of Carding (Basic and Advanced), Courses in Card Fraud, Anonymity and Security courses, and Mule Herding courses at various prices.
There are also "special" courses that cover Banking and Credit Cards, Debit Cards, Registering and Using Shell Corporations, Legal Liability Issues, and Setting Up Anonymity. These cost 2,000 Rubles, or around $60 USD per hour.
"As the Fraud-as-a-Service economy continues to evolve and the criminal underground sees new members join its ranks, it is only logical that underground vendors would view this as an opportunity to pad their income by offering a training ground for the 'next generation' of cybercriminals," she writes.
The great lengths these "professors" have gone in creating a college-like environment not only reveals a way to generate money off potential students, but to expand a network of highly-skilled cybercriminals. The move also reveals a new breed of hackers that are less cautious than the generation before thanks to a rapidly growing underground network, and the sophistication of fraud as a service.
Web surfers looking to be totally anonymous may want to take the Anonymity course. For $99 USD, students learn how to properly configure TOR browsers, Windows security, permanently remove data, use disposable email and more. Other $99 classes include using botnets, safely using chat channels, and a tutorial about "electronic evidence."
Do these "professors" have financial aid?
- Hacking the Internet of Things
- 13 Security and Privacy Tips for the Truly Paranoid
- 7 Tech Features Nobody Wanted