Cybercrime is one of the most lucrative illegal activities in Nigeria. Press releases from the Nigerian anti-graft commission, EFCC, were usually centred on the arrest of a cybercriminal or group.
In August 2019, 77 Nigerians were among 80 suspects involved in cybercrimes dubbed by the United States prosecutors as one of the “largest cases of its kind in US history”.
In September, the FBI in collaboration with the law enforcement agencies in 10 countries clamped down 281 internet fraudsters. Of those arrested, 167, were from Nigeria.
In a recent development, a Cybersecurity firm, Check Point Research, headquartered in Israel has revealed how a suspected Nigerian cybercriminal under the moniker “Bill Henry” has been targeting hundreds of thousands of unware people.
The Nigerian whose real name was obliterated by the firm and instead referred to as Dton was described thus: “He believes in professionalism, hard work and excellence. He’s a leader, a content creator, an entrepreneur and an innovator; an accomplished business administrator; a renaissance man who is adored by his colleagues. Even his primary school teacher is willing to sing his praises on a phone call’s notice.”
Judging from the blurred details on his curriculum vitae (CV) obtained by the security firm, the male suspect’s name may have been Darlington, an indigene of Edo State and a graduate of the College of Education Ekiadolor, Edo State.
Although Dton appears to be a typical professional Nigerian, he lives a double life. During the day, he is a business administrator who is in search of better life through legitimate means but at night, he is Bill Henry, a name not peculiar to any typical Nigerian born person.
The researcher who tracked down the Nigerian internet fraudster discovered his first call place is a Ferrum shop to purchase stolen credit card credentials.
This kind of online store offers dumps service by selling dump cards. According to Investopedia, a credit card dump is an unauthorized digital copy of the information contained in the magnetic strip of an active credit card, such as the card number and expiration date. The information can then be used to create a fake credit card to make purchases.
Dton between the years of 2013 and 2020 regularly visits this site and one specific account he usually uses has purchased about 1,000 credit card credentials for over $13,000. He purchases each for about $4 or $16.
Every card Dton buys, he tries to make a transaction worth N200,000 with it and if the transaction fails, he tries it with another merchant before giving up; and then he repeats his strategy and purchases another from the site.
His successful transactions have cost the original card owners more than $100,000 or several times of that.
In case you are wondering people that sell these credits card for few bulks must be set of fools, you may be right but not in its entirety. Making payments via stolen credit cards is a risky adventure and requires some set of skills to avoid being traced and that is what people like Dton possess.
Since not all cards purchased by this fraudster generated expected returns, he got frustrated. He is not the type interested in speculation.
Dton decided to harvest credit cards himself. He began to buy “leads” email addresses of potential victims in bulk. Here is a reason Nigerians need to be cautious of platforms/websites where they provide their emails or enter their card details.
YOU MIGHT ALSO LIKE
These emails are just a means to an end and not the end itself. Dton is not a coder, so he purchased different software tools including packers and crypters, infostealers and keyloggers, exploits and remote VMS.
For malware, he purchased AspireLogger, NanoCore, OriginLogger and other VMs software that PC Windows Defender will alert users about.
These softwares are used as RAT (Remote Administration Tool) which allows another person to initiate action or track action on another computer gadgets from anywhere.
These softwares can monitor your login details, extract personal information from your gadgets such as card details, contacts, login in details and lots more.
“On these machines, he would take his hand-picked malicious binaries and run them through packers:
Dton will need a bait to make the victim allow him access into their gadget. So he will incorporate his malicious binaries in an appealing document:
He then sends the document to the bulk emails he has purchased.
Virtual Machines (VMs) are operating systems designed to run inside other operating systems. This means where two machines are expected to have existed, only one does. The second machine in this case controlled by people like Dton will allow normal communication with the server just like in the case of a physical machine. This is where and how Dton will be able to extract the info he needs from the users’ personal computer.
Sorry!! Victims that clicked the link provided in the email already gave out vital information about themselves, notably their credit card details.
Happy Dton does not hesitate to share his excitation with friends.
Everything comes at a price. Since Dton is not a coder, he relies on malware tools suppliers. Sometimes according to the Israeli cybersecurity firm, Dton tool suppliers demands more for their service.
The tools used by Dton are not cheap. As can be seen in the screenshot above, the tool seller is requesting $800 for his service.
Dton has someone who bankrolls him. It is also suspected that this person also has someone who sponsors him/her and the chain continues.
The sponsor acts as an investor and expects return on investment. When business is bad, the manager is not happy.
Dton has a big vision and will not settle for less. He looks out for a way to build is own Malware software (RAT) and spread across different computers just like the pandemic virus, COVID-19 (Coronavirus). Since it is new, no anti-virus or anti-malware is aware of it yet; thus an easy pass for it.