CryptBB has become more inclusive through ‘inviting’ less experienced hackers to learn from expert cyber-criminals, & each another!
This private hacking forum has recently become more ‘inclusive’, by introducing a new platform to help ‘newbie’ threat players improve their techniques, research has now found. The discovery seems unique, as private hacker forums usually are the exclusive channel of ‘elite’ cyber-criminals.
Digital Shadows has published a report that looks into CryptBB, an exclusive hacker forum since 2017.
In the beginning, this site only allowed in new members after a “rigorous application & interview process,” meaning that an applicant ‘prove’ their skill & knowledge in a chosen area of expertise, “leaving no room for those who fail to meet the required standards,” researchers wrote.
However, the forum recently wished “to be viewed as a platform for ‘all,’” by starting, towards the end of 2019, a pace for what it called “newbies,” according to the report.
These are hackers who failed the application process, but still wanted to improve their skills & learn from not just one another, but also from the more expert members in the forum.
“The real surprise was the identification of an application-only forum creating a dedicated subforum for failed applicants, or ‘newbies’, to converse, share insights, and learn from full-time members,” Alex Guirakhoo, Threat Research Team Lead at Digital Shadows, explained.
“Historically, the only times we have seen exclusive private forums lower the parameters for entry are when they have allowed members willing to pay a set fee, in order to bypass the application process (this was observed at the English-language forum KickAss, & the Russian-language forum Exploit).
Payment lets the forum gain more members, but also was financially useful to the forum. In CryptBB’s case, they are using a dedicated sub-forum to share knowledge & help others for free.
They might be doing this for site-traffic metrics, but the intent behind the scheme seems innocent enough & the forum likely feels it is a way to give back & help others to increase their skills/knowledge.”
In Jun., CryptBB owners went further, & also began to ‘reach-out’ on the dark web to try to recruit new hackers. Digital Shadows found what is called a “subdread” dedicated to CryptBB on the Dark Web community forum Dread, which has a “far-reaching & loyal user base”, researchers noted.
“On this subdread, CryptBB proclaims itself to be an excellent forum for ‘newbie’ hackers, programmers, & carders eager to start on their journey while also remaining a private platform for ‘advanced’ members who can partake in quality discussions & share expertise,” researchers wrote.
Digital Shadows gave some reasons for this effort to move from a forum exclusive to expert hackers to one that is now inviting less experienced ones in too.
An explanation could be to try to preserve & maintain some of the methods & strategies already used by more skilled hackers, researchers concluded. In the past, CryptBB has provided some dedicated services for members to offer, including RDP sales & “hackers for hire” services, they explained.
Earlier in 2020, the forum’s admins. began offering penetration testing & bug-reporting services to marketplaces with an assurance of discretion & no “drama,” researchers reported.
Guirakhoo observed “Whilst I cannot exactly say for sure the reasons for these latest activities to court new members, it is highly likely that the forum wants/needs additional members for future projects/work & the current range of skill sets of their current membership might be limited.
The forum itself has historically been identified to offer bespoke services (e.g. marketplace pen-testing, RDPs, etc.) on other forums, indicating the forum acts as a collective rather than individual entities.
This is different to other forums, where users usually offer specified services. So, the forum admins may see the need to for a higher member count in order to maintain these services, & ensure they are appropriately staffed.”
Another motive for the forum’s help to less experienced hackers suggests that cyber-criminals have ‘feelings’ too & might actually feel pleasure by helping newbies improve skills, researchers felt.
“This may reassure the administration team that they are earning karma to mitigate past misdeeds or provide the sense that they are giving back to their community,” they wrote, & added that this “give back” thinking has already has been seen in Russian-language cyber-criminal forums through ‘charity campaigns’.
Other reasons for this may well be less benevolent. Earlier members of the forum might wish to improve their own reputation & profile in the cyber-criminal world, through passing on knowledge to less experienced hackers, & also recruit future members to “empower the community as a whole,” researchers noted.
“CryptBB have claimed in the past that they want members who have expertise in one of 3 key areas: Hacking; programming; & carding,” Guirakhoo outlined. “If an applicant satisfies these requirements, & subsequently proves their worth in the interview/application process, then the forum is more than happy to grant them access.
Other skills are wanted too, but these are just the 3 specific areas that are highlighted. Also, CryptBB is ‘proud’ of having members who are highly skilled, & experts in their fields, so a member who has a skillset in a given area that the forum can utilise would probably be considered for entry.”
The sinister forces behind CryptBB also may wish to use the forum for newcomers to reveal itself to a bigger audience, as an exclusive forum does not gain as much activity & participation as one with a lower entry requirement.
However, the forum has competition in sustaining its membership & activity from another called Torum, which is “more fluid” & has a higher activity level, researchers highlighted.
“Creating a dedicated section for novice users improves CryptBB’s image within the cybercriminal scene and encourages other users to participate,” they commented.
CryptBB admins may actually be trying to learn from experience by loosening requirements for entry to the forum, researchers explained.
Of all the forums launched roughly together, CryptBB is the last one left. That is because unhappy hackers from now gone rivals, such as KickAss & 0day, became annoyed & started to talk about the forums on other platforms.
This attracted unneeded attention from law enforcement & splits within leaders ranks, along with additional issues.
The move will “likely increase forum participation in the long-run & therefore establish the forum as a staple in the hacking & carding scene,” stated Digital Shadows.
“This, combined with the various services currently being offered to external parties, clearly demonstrates the administration team’s desire to ensure the forum stands the test of time,” researchers concluded.