Digital Shadows Report: Competitions on English-Language Cybercriminal Forums

In contrast to the competitions on Russian-language forums profiled previously by Digital Shadows, competitions on English-language forums are generally more innocent in nature. However, Digital Shadows has observed instances of increased prize values and competitions that require the use of real “hacking skills,” tactics similar to what a cybercriminal would use in the wild.

There are few cases of English-language forums with a tradition of hosting regular competitions, and it’s difficult to detect any clear, streamlined development of a distinct English-language forum competition model - with a few exceptions, says the Digital Shadows Photon Research Team. Soon after its creation in 2012, the BitsHacking forum started hosting regular competitions with its most recent competition announced in late 2018. This example provides the analysts with a certain amount of insight into the somewhat-fluid evolution of competitions - but because BitsHacking seems to be the exception rather than the rule, as an individual case, it is not enough to draw any substantiated conclusions, says the analysts.

Even though the forums that have recently organized competitions have not individually done so long enough for any historical patterns to appear, there are plenty of discrete cases of English-language forums hosting contests out in the wild.

Observed Characteristics

When analyzing some of the English-language forums, the analysts observed the following characteristics:

More often than not, competitions tend to be forum-wide contests with prizes varying from small cash or non-cash prizes (such as tokens added to the winner’s profile banner) to short-term VIP subscriptions.
The competitions are almost exclusively arranged by the forum administrator and staff, rather than individual members.
In cases where the competition has been set up by a single forum user, the competition and its organizer must be officially approved by the administrator beforehand.

The events are usually innocent competitions with simple formats that require minimum effort from the forum administrators, claim the analysts. Most of the following examples, add the analysts, might not be considered “competitions” in the traditional sense - but can be viewed as a way of getting members to compete against each other without going through the effort of organizing large, more complex competitions that require more oversight and resources:

Member of the Month: Cracked TO, Nulled, and several other forums host monthly awards in which members have to nominate and then vote for a user to become “Member of the Month” and receive either a small cash prize or a token on their profile banner.
Achievements: RaidForums and others have incorporated an awards system in which members can win or request tokens for various achievements, such as creating a set number of threads on the forum or sharing a certain amount of breached data.
Capture the Flag: The high-profile forum Torum allows members to engage in “capture the flag” team challenges (attacking the other team’s system) organized by a high-ranking forum member, but there are no actual prizes to win. Although such challenges might require the participants to have some specific skills, several new members without much experience have participated, using them as hands-on, "fun" learning experiences.

According to the research team, BitsHacking is one of the odd ones out in the group, being one of the few forums to have hosted more traditional competitions regularly over an extended period, including:

Monthly contests for new members
Referrals competitions, to acquire as many referrals as possible within a given time frame
Graphics competitions, to design various logos

Different Competition Types

Despite similarities, there have been indications of a divide in terms of the type of competitions seen on smaller, up-and-coming forums and those hosted on higher-profile sites, claims the research team. Smaller forums, they say, tend to use competitions as a way of acquiring and keeping new members, as exemplified by the referral competitions and monthly newcomer competitions on BitsHacking, and the Member of the Month awards on Cracked TO and Nulled. Such competitions potentially allow forums to acquire new users, and winning these types of contests on smaller forums also enables users to gain a reputation quickly, subsequently giving them more reason to stay, say the analysts.

Higher-profile forums, such as RaidForums and Torum, don’t seem to have intentions of using competitions to acquire new members and build reputation; they likely feel they’re already well-known enough, notes the research team. Instead, they use challenges or awards systems to maintain their membership, enhance a sense of community, and award users for "good behavior".

English vs Russian-language Cybercriminal Forums

Russian-language forum competitions have, as mentioned, gone from being small-scale competitions hosted by individual members with small cash prizes or symbolic awards to forum-wide, highly renowned contests requiring skill and knowledge to participate, where winning these competitions not only means receiving a significant cash prize but involves a lot of prestige.

According to the analysts, there have been some recent developments to this model, as the Russian-language cybercriminal forum XSS announced on April 27, 2020 that they would end their regular article competitions, and instead pay users to submit “original, high-quality” articles for publication on the forum.

On English-language forums, either due to short life span, or downtime and sporadic inactivity, forum administrators are hosting easy competitions that are open to all forum members, have small prizes, and make use of simple competition formats requiring minimum effort and the focus seems to be on simple and easy entertainment, rather than prestige, money, and harnessing skills, say the researchers.

Initially,say the researchers, it’s likely more important for the forum administrators to use and control competitions as a way of acquiring new members and creating a sense of community. When the forums later become more established, such as Nulled, which recently hit the three-million-member mark, they might be more prone to let members they trust host contests, as a way to enhance the sense of community.

Future of English-language Cybercriminal Competitions

The analysts says it’s difficult to say what the road ahead will be like for competitions on English-language forums, but that they will most likely not follow the Russian-language forum competitions’ trajectory, and rather stick to the current competition model they have, for the foreseeable future. The smaller forums will probably be more prone to hosting "fun" competitions to attract members and feed community spirit, say the researchers, and the more established and high-profile forums will likely stick to simpler formats of award systems and easy challenges to maintain their membership.

For more detailed findings, including images, visit https://www.digitalshadows.com/blog-and-research/competitions-english-language-cybercriminal-forums/

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.