Larger winnings for underground skills competitions are attracting sophisticated crime groups.
White hats aren’t alone in holding hacking contests. Russian-language cybercriminals are known for running similar competitions on underground forums. However, an analysis of Dark Web activity has uncovered a trend towards offering increasingly high-stakes prizes during such battles. At the same time, increasingly sophisticated participants are throwing their hats into the mix — notably, the operators behind the Sodinokibi (a.k.a. REvil) ransomware.
For instance, a current hacking competition on the illicit forum known as XSS offers members the chance to win a share of $15,000 in return for original articles containing proof-of-concept videos or original code, according to a Digital Shadows report, released on Thursday.
“Since its relaunch as XSS [in 2018], the former Damagelabs has organized three articles competitions, all with four- or five-figure prize funds,” the firm noted.
In the past, competitions on underground forums offered much smaller prize winnings and also focused on lighthearted challenges meant to build community, rather than hacking prowess. For instance, a 2010 competition challenged participants “to design a graphic that best represented the Russian-language segment of the internet (the ‘Runet’) to win an iPad,” according to Digital Shadows.
A more skills-based challenge emerged on the Exploit underground forum in December 2016, when a $2,000 pot was offered for the best articles on broad topics like “malware”, “phreaking” and “hacking.” The event has become an annual winter tradition, but Digital Shadows said that this year the prize levels soared.
“Fast-forward to 2019 and the competition prize fund stood at $10,000, with rules stipulating a word count and content requirements,” the research detailed.
Sodinokibi Sponsors $15K Competition
The recently bigger prizes have attracted new interest from advanced threat groups, the firm said. For instance, Sodinokibi’s operators have stepped forward to sponsor the aforementioned XSS event, which is open now for entries.
In this latest competition, articles can be submitted on five different topics:
- Searching for 0day and 1day vulnerabilities. Developing exploits for them
- APT attacks. Hacking LAN, elevating rights, hijacking domain controller, attack development
- Interesting combinations, algorithms. Writing your own crypto algorithms and hacking other people’s
- Innovative functionality, reviews, analysis of interesting algorithms that are used, development prospects
- Digital forensics. Software, tricks, methods
The competition winner will win $5,000, with prizes decreasing by $1,000 incrementally for second through fifth place, totaling an overall purse of $15,000. Digital Shadows said that the site administrators also announced that most “suitable” competition finalist would be given the ability to collaborate with the Sodinokibi team for everyone’s mutual benefit.
“[Groups like Sodinokibi] have taken an interest in these competitions in order to foster technical skills among forum members, increase awareness of the availability of their malware (potentially increasing their sales) and gain valuable intelligence they could use for future malware development,” according to the firm.
Of course, the winnings in these underground contests are eclipsed by above-board hacking competitions – like the $25,000 per-exploit prizes given out at the recent Pwn2Own Miami. But Digital Shadows expects the trend of higher-stakes competitions to continue to grow and develop within underground channels.
“Users on successful forums such as Exploit and XSS strongly identify as members of those sites and see the value in participating not only for their own benefit but also for the good of the forum,” the report concluded. “After all, helping the development of the forum is one of the major drivers behind organizing competitions: Cybercriminal forums need to attract and retain members in order to survive, and being able to present a site as a valuable repository of articles discussing pertinent cybercriminal issues is a real draw.”