Digital Shadows research: Escrow systems on cybercriminal forums

A new Digital Shadows report focuses on the escrow systems used on cybercriminal forums. These systems are deeply sophisticated, relying not just on similar technological mechanisms as traditional ecommerce, but on social, community oriented mechanisms as well, such as arbitration.

According to Digital Shadows, arbitration is a formalized system in operation on many Russian-language platforms in which a forum member who feels they have been wronged in some way during a transaction can bring a claim against the other party in the deal.

"A senior member of the forum team will hear both sides’ versions of events and collect evidence from both plaintiff and defendant (usually in the form of conversation logs from private messaging services). Other forum members often chip in with their own opinions or perhaps experiences of working with one of the parties," explains the Photon Research Team. "The senior forum member takes all of this into consideration to decide on the case and may demand reimbursement of funds, order compensation to be paid, or mark one of the users a “scammer” and ban them from the forum."

Recently, the Russian-language cybercriminal scene was" rocked by the news of an arbitration case involving a trusted member of the community and one of the most notorious ransomware groups around." The case revolved around the actions of a trusted forum guarantor and got Digital Shadows thinking about the whole system of escrow in place on cybercriminal forums representing various language communities and the strengths and weaknesses of the arrangement as a whole.

Below are some of the findings from the report. For detailed information, please visit https://www.digitalshadows.com/blog-and-research/escrow-systems-on-cybercriminal-forums/

Escrow systems, says the report, are extremely commonplace on Russian-language cybercriminal forums. Most platforms offer an official escrow service for their members, with a senior member of the forum team designated as the trusted guarantor.

On Exploit and XSS, for example, the buyer and seller must fill out an escrow form and contact the forum’s guarantor via the Jabber messaging service, following which the buyer sends money to the guarantor, the seller transfers the goods to the buyer, and the satisfied buyer authorizes the guarantor to release the funds to the vendor. There is a 3-10 percent commission, depending on many factors.

English-language cybercriminal forums are far less likely than their Russian-language counterparts to feature formalized escrow systems, reports the research team, but there are notable exceptions (such as Torum). Vendors and buyers are often dependent on other forum members, preferably highly ranked members who are willing to take on ad-hoc requests to act as a guarantor.

On German-language cybercriminal forums, escrow, known as "Treuhand," is common -the process typically follows a standard escrow model in which funds are held until both buyer and seller are satisfied with the deal’s conditions.

"While the advantages of using a guarantor are clear, the arrangement isn’t without problems. The most apparent disadvantage of the escrow system is the risk that the trust given to the guarantor is misplaced," the researchers explain.

Other shortcomings include:

For sellers, one major drawback of offering to transact via an escrow service is losing money via the commission charged. It is not uncommon for official escrow services to charge up to 10 percent on transactions, which really begins to eat into profits.
For forums that designate a user as their site’s guarantor service or offer an official system, one potential danger is that the forum must then assume financial responsibility for the actions of the guarantor. Should this individual fail to fulfill their obligations, the forum could be culpable.
Individuals providing escrow services are not always available. Buyers and sellers who want to conduct urgent transactions must go through a lengthy process of contacting the guarantor, filling out the appropriate forms, and waiting for that individual to come online and find the time to oversee the transaction.

Placing the responsibility for escrow services on a nominally independent third party means that the success of transactions may depend upon the whims or situation of the guarantor.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.