Cybercriminals are avoiding being scammed themselves thanks to the emergence of a new service called Ripper that aims to prevent fraud on underground cybercrime marketplaces.
Ripper.cc, quietly launched back in June, contains information on more than 1,200 fraudsters who have cheated their fellow cybercriminals by selling fake login credentials, invalid payment card data or other items they don’t actually possess.
These fraudsters, called “rippers,” are actually beneficial from the perspective of cybersecurity defenders. In its analysis of Ripper, information technology security firm Digital Shadows Ltd. says the prevalence of fraudsters on underground cybercrime markets is so widespread that criminals have become accustomed to paying a “ripper tax,” which decreases their profits and makes such activity less lucrative. But the emergence of Ripper threatens to change that.
Ripper, which is available in English, provides a number of useful services for cybercriminals. These include extensions for the Chrome and Firefox web browsers that automatically highlight the names of known rippers on underground marketplaces. The site also offers a plugin for the Jabber messaging client Psi Plus that highlights fraudsters’ names in user’s contacts lists. Lastly, users can create profiles of ripper’s identities across multiple forums. These profiles include various contact and identification information, as well as the details of their specific scams, which makes it harder for the rippers to create new identities to hide themselves.
Digital Shadows said that before Ripper emerged, most cybercriminals relied on a Russian language service called Kidala that also offers a database of rippers. However, Kidala has been criticized for allowing rippers to pay a fee to have their name removed from its database. In contrast, the creators of Ripper are trying to position themselves as a more legitimate alternative.
“The founders plainly acknowledge their intention to displace the previous main player – kidala.info – and try to win customers over by promising better features,” Digital Shadows said in its analysis. “They also have to prove their credentials – in this case by saying that a number of well-known forums support this project and their existing reputation on these forums.”
To that end, Ripper’s creators have promised to open-source the platform’s code in order to proof there are no malicious features in any of its plugins. There are also plans to display advertisements on the website to generate income and introduce an escrow service for cybercriminal buyers looking to protect themselves.
“Ripper[.]cc is another example of the industrialization of hacking and the growing professionalism of cybercrime,” Digital Shadows said. “If such a service becomes successful, it enables cybercriminals to significantly reduce the risks associated with rippers and the overall cybercrime economy can become more profitable allowing for further growth.”