By Dancho Danchev
Throughout the past year, we observed an increase in the availability of malicious (DIY) tools and services that were once exclusively targeting sophisticated cybercriminals, often operating within invite-only cybercrime-friendly Web communities. This development is a clear indication that the business models behind these tools and services cannot scale, and in order to ensure a sustainable revenue stream, the cybercriminals behind them need to change their tactics – which is exactly what we’re seeing them do.
By starting to advertise these very same malicious (DIY) tools and services on publicly accessible forums, they’re proving that they’re willing to sacrifice a certain degree of OPSEC (Operational Security) for the sake of growing their business model and attracting new customers. Just like the managed SMS flooding as a service concept, which we previously profiled and discussed, there’s yet another tactic in use by cybercriminals who want to assist fellow cybercriminals in their fraudulent “cash-out schemes’ – and it’s called ‘phone ring flooding as a service’.
In this post, I’ll profile a popular, publicly advertised service, which according to its Web site, has been in operation for 3 years and has had over a thousand customers.
Sample screenshot of the logo of the ‘phone ring flooding’ service:
Sample screenshot of the Web site of the ‘phone ring flooding’ service:
Description of the underground service:
Why is it necessary to use the services of the service?
1) You can order a test flood for 5 minutes for free
2) We guarantee that the phone will be unavailable during the time you paid for
3) We have a flexible system of discounts and installment payment available
4) Calls are made with a lot of numbers that start with different numbers. Because of this unrealistic add all the numbers in the black list by specifying a range!
5) If you order more than one number to flood you get to the next number 25% discount
6) Even if the numbers will be added to a blacklist. Phone of the victim will still be busy.
7) The first 10 customers ordering a flood of 1 week 15% discount
The cost of services performed under the price-list:
From 1 hour to 1 day – 3 USD per hour 1 number
From 1 day to 1 week – 40 USD per night 1 number
From 1 week to 2 weeks – 30 USD per night 1 number
From 2 weeks to 1 month – 25 USD per night 1 number
1 month – the price is negotiated individually
Often pitched as a service for “taking care of your competitor’s phone lines”, just like the managed SMS flooding service, it has a much more dangerous and pragmatic applicability in the world of cybercrime, namely DoS-ing (Denial of Service) the phone of a bank’s/payment service’s customer in an attempt to prevent their financial institution of choice from reaching them regarding a suspicious real-time withdrawal/transaction that took place.
Not surprisingly, these services often work in combination with ‘social engineering on demand’ also known as “fraud assistants as a service” type of underground market propositions, consisting of trained staff of fraud assistants speaking multiple languages, allowing a cybercriminal to choose whether they want to “rent” a male or a female voice in order to socially engineer a user/their bank or payment processing service.
We’ll continue monitoring the development of these services, and post updates as soon as new developments emerge.