Travel with Underground Services: ecosystem exposed - Vladimir Kropotov

hi-oh I think somebody attended to the dark web talk just recently and you so how people earn money on the Underground the scale of the money volume via and this talk is about how hackers spend your vacations so it's really a rare situation when hackers will use real and real travel agencies and real tour operators to buy tickets and flights so we will see what we do so this is usually a black area sometimes it's a gray area it's kind of business process compromise or like illogical vulnerabilities abuse so today we will talk like what kind of services exists on the underground market how everything is done so how on the ground travel agencies and services operating what is

on the background and how to deal with it so how to understand what you if you bind something can be a victim of the cybercrime well you attempted to buy travel like two or tickets so this scale of the fraud it's about one or two percent of the volume but if you went to the real numbers it's about 10 billion US per year and there this scale is calculated the way how like a travel operators losing their money and sometimes hackers act the way they put in all the risks on the on the cart holders or somewhere but not the travel agencies and this fraud is doesn't count so and of course on this market were specifics lengths so we

will learn several Russian votes and your translation because I think it doesn't make sense in English if you look into Google Translate and see this world over ever or this world so but it's really important Finn to understand what is going on so what what is possible to find on the underground market it's actually almost everything the same as on normal tour operators or agencies but with some extra like if you had any previous talk you can see it's possible to buy fake passport or real passport or like citizenship we saw a casus when pain nine hundred US dollars buyer can warn us green card lottery without chance to lose with several positively useful ease and of course

it's alternative means of payment so we will show several screenshots from the underground some of them are Google translated because underground market it's is not only English speaking but Russian speaking Chinese speaking so don't expect proper English everywhere but let's look on the process how to purchase tickets like airline tickets on the underground so the process usually consider use well-known sites like Skyscanner dotnet and seller asked to ask buyer to provide a link to particular flight made make a prepayment or put money to the escrow or guarantor and provide the same services sometimes with 80% discount sometimes discount is slightly less but with cheaper money and everything you can see here it's a minimal deal price and the reason behind

this will discuss a bit later so the same is for the hotels so usually booking down several days before the trip usually it's just up to two weeks because this kind of transaction detected by like banks and a booking can becomes cancel it and of course you can see a minimal deal here as well another interesting thing if you look into advertisement on the underground markets not every like tour agent provide tickets and hotels for EXCI USSR and Russia and often the price for tickets inside Russia is like 20 or like 10% higher than for the other world because we are some limitations like how to deal with this tickets how to book them of

course hospitality industry is widely abused it and it's exploited by in both directions so it is possible to buy like accounts for Airbnb however like our booking sites but you can find for example here the offer for the apartment owners so underground actors will virtually booked rooms from these guys and what's the way we will laundry is a huge amount of money so so another important thing for the underground its actor reputation so when actor start to provide services he usually do several free trips just to get a positive review and make like promotion for his business so reputation is the thing but it's really hard to get and easier to lose on the underground so here you can see

advertisement of travel agent on the left and underground travel agency booking form on the right so the difference is that underground travel agency usually have dedicated site so it looked like a normal and normal visitors could be Rickett not only the underground pecker we can attempt to try it to use this so you can see link to Skyscanner and the major contact is like a telegram number sometimes we use email address but anything else except like a contact points looks more like a normal travel agency so the role of telegram is very high on the underground now because many actors switch it from underground forums - telegram channels and here you can see a special telegram boat where where

potential buyer can type a keyboard and receive a list of operators who provide services related to the keyboard so you can see a view you can see food and tickets like travel guides uber or wherever so if you type something like a travel you will get a list of potential sellers and our role of telegram it's a support since not all tickets and hotel bookings are reliable sometimes sellers force it to read book tickets or photos so where is a very important thing called life support and here is one of the seller who show what he provide life support 24/7 so we look at like on the services and let let's look on some background so how this

actors act so we will show several levels depending on maturity so of course script kiddies exists and script kiddies Fink's it's low hanging fruits so you just taken a card or on the underground we call it material sometimes use direct booking on the airline site or on the home and when we pray so the process of this purchase and cold carding or in Russian it's cars so if you see something like on Google Translate and when cars it's related to credit card fraud and we see review like and abuse here when this kind of sailor successfully both tickets three times but three times it has been canceled it and several minutes after so now to try a fourth attempt to buy to

buy this this kind of approach off approach is a not reliable and really blame it immediately on the underground forums so the tickets are cheap but it is possible to buy tickets just several days before the trip so you know the price the price of the flight raises right before the trip so generally it's not so interesting price as everybody expected no return flight is possible so people travel stay in the hotel and just two or three days before the party way contact seller again and trying to buy return tickets and our fee needs since it's no returns so if traveler considered to visit a country which requires a visa to apply for a tourist visa you need a return

ticket so which really where is a serious limitation for this and of course this kind of transaction transactions trigger fraud alerts so bank trying to charge a credit card as fast as we can and this kind of activity is usually discovered very fast so what actor thinking about is how to expand the payment period so the time between booking and real banking transaction so and of course we know this way so everybody know what is like verified by Visa or MasterCard secure code so it's on Slanket code that just VB is the same as here so so this kind of fin shift responsibility from the bank to the cardholder because this transaction considered to be secure and

as long as it's secure the transaction the real money flow goes like to the bank just months before just month after the book and not immediately so it gave enough time for the traveler to travel back and when transaction is discovered so another approach like no direct use of credit card instead of these cards use it mostly in European travel agencies so we're like higher prices more like higher reliability but these kind of credit cards are not cheap so it's a credit card we've like secured information will like it like AP no passport it's using use it in Europe and us so and with the reason for minimal price for the services so normally this

kind of service is available if as a buyer buy something at least for a hundred bucks so like 500 bucks so but the most interesting topic it's a fraud or not related to Karndean so on Slanket called like new cars so not cars in and offers often highlight like like for example here hotel booked it with Cardin it's just helped in our price so it's like 30 percent from the price for Carlin fraud and 50 percent for non carding fraud but this kind of approach is more reliable and you can see a notice from the underground actor but if we booked a hotel the hotel sees like a paid in cash in European travel agency

so there is no suspicious fiends since it was paid in cash so of course like like allergy and mileage millage programs I be what are widely abused it so this actor focuses on the Russian travel and he offers booking in advance like up to 45 days in advance and he sells tickets for Russian Railways and and flights inside the Russia so this part is like a legit site and you can see here like you can transfer your obvious miles so what's fee what's the thing is widely abused it and if you attended previous talk you can see a sales of account with huge amount of monies so and the next step for the actors is like way by an

account we create email which is similar to the name of the owner we create a Twins profile as for the owner and we just translate the transit transit miles to an hour account where which we totally control and this is just a one email to the account owner so and afterward we can do whatever we want so and what's the way usually our flights to the dangerous destinations like flights inside the Russia down so it doesn't done with Carlin it done with like miles or loyalty program abuse of course we saw many talks related to social engineering and vision and it does work for terrible agencies so here we can see several examples how hackers

hack into like booking systems and travel agencies and still some money so this happened in Russia and this happened in Russia against this case is like agent accounts of travel agencies has been abused very interesting ways so hackers both for railroad tickets on the travel agencies and when we sent when we came to the ticket office of railroad or road company and said like we don't need this ticket we would like to return so what's the way we made like around like fifty thousand dollars of course fake federal agencies exists so sometimes we pretend to send like sometimes the aim is to collect credit card data and sometimes it's like to make a cover story in the case of a

cracker who's who travel like will be catch it up so here's the example of combination of stolen credit card and fake travel agency recently in China and here's the example of abuse of uber so over promotion codes so you pay like two hundred troubles which is roughly three bucks and you get a wash promotion code for 12 bucks so and usually done its scale as for example uber have promotion like for every new account will give you this kind of promotional code and people do virtual machines we've Android and creating like a hundreds of thousands of these kind of codes so we do it at scale and for any any new customer we just resell party promotion code from

particular account of course here we can see a lot of people from big companies and where is a fin like corporate rates for the hotels and this fin of course abuse it so you can see like how to find it even in Google like like a promotion codes but since this fraud was done in scale especially in China so hotels decided to ask as decided to ask IDs of the company employees and here you can see a warning for the hotel guests and here you can see how Chinese market adopted to this it is possible to buy fake lawyer IDs in this case its use it just to check in in the hotel but sometimes I

think it can it be use it like as a part of targeted attacks to the companies so does anybody heard the story about one hundred forty six percent gia in Russian elections in 2012 so like like it's like very advanced at level so it was a live TV broadcast during the elections and the screen on the related to the one of the regions had shown like this party god this person this parties got this and somewhere it was one hundred forty six percent of the votes and this became a ma'am in Russia so like it's something very serious so in this case seller registry egg company in Russia and he made a contract with Airlines and travel

agencies to sell tools in credit or as a loan and he sell these tools on the Underground not informing travelers but it will be alone or created tour so he got like many very good reviews so no problems you're in the travel but as long as people get back to home like next month we got an extra bill for the same travel so for taxi drivers we found a special version of taxi application which use fake GPS or our futures like it allows to call customer before taxi arrives and so on and in our case it was in the gray area so it was abusive it airline ticket sale so some airlines sales stick it like for a very cheap

price like ten bucks and this scheme consider it to change personal information so if actor can buy ticket for ten bucks and change the traveler name cost like 50 so here resell the ticket for free hundred bucks because tickets related to like Christmastime or something and he pays just 60 bucks cent for ticket and 60 and 50 for the change in personal information but there is no violation of company rules in this case so if we look into advanced it level you can see review we've success rate of the travel so it's like 80% rate for the flight and hundred percent rate for the hotel we can learn a new term called slot so it's

not it's something get wrong so person decided to fly but was unable to do this because fraud was detected like before person jumping into the plane for example so sometimes we can see offers we've just 20 percent discount like business costs only or sellers just sell particular fiend-like tickets send your money and so on so this is a fin related to like at once at level of the sales so let's look into original specifics so here you can see advertisement like any hotel up to four thousand years for roughly free 350 bucks but where is one note except Emirates Turkey Dominican and and ex-ussr so where some reason several reasons move this and we will see it a bit later but

some directions are was victims of the fraud too many times so now it's really hard to commit fraud in particular directions for flight and hotels so where is the specifics related to like a national mindset so for example Chinese actors prefer to buy fancy car and not not buy but rent fancy cars like porsche mercedes s-class or BMW and like russian-speaking actors profuse comforts away renting it taxi VIP taxes with drivers and so on so an hour Fein like you can see advertisement we very very targeted auditory so if person is youngster without driving license but he have a birthday and he want to drive so what is the option so the option was by

account from car sharing service and what are the consequences so at least in Russia like in recent years we can see like two persons has been arrested while driving car sharing cars we've all driving license and we were underage so if we look into regional specific services as it was at the end of the previous talk you can see account with miles you can see like Pizza Hut and all these atomic services is mostly for Western countries because Eastern countries focus it on the comfortable travel so it's all in one packages like in real travel agencies so buyer just pays money and getting everything he needs but for Western countries the service is often related just to like

account with miles but how to deal with it like point somewhere like on Pizza Hut or on the car sharing over ever so there is a big difference for the markets depending on the geographical location so along with the photos it is possible to you know like 5-star hotels you usually ask for a deposit so sometimes it's like $400 sometimes is $800 it depends on the country and on the hotel and only on the ground it is possible to buy deposits for 40% of the price and in our interesting advertisements related to the clubs so this guy give deposits for the clubs and he claims that he made successful deposit with five thousand six hundred

dollars in club in United States so of course it's a dangerous fiend to travel with this kind of services and consequences depends on the time when the fraud has been detected so before the travel usually tickets or hotel is canceled it and in this case it's a care of underground cellar so usually cellular provide alternative route alternative ticket a hotel where are some issues if fraud detected at check-in or after chicken so according to the reviews travelers are often asked it to paid in cash or provide a credit card which it has been use it for booking but where is interesting service which creates a backstory like a cover story we fake travel agency so it is

possible to buy like a bunch of papers which will show what which buyer both at or on the real travel agency so seller create a temporary site for a for a month and even if hotel will double-check decide it will look like a real travel agency while person who bought a service travel and here you can see like a package so when you're ordering from 4,500 years you get this kind of cover me service for free so and you can estimate like this scale of the fraud and the prices on the underground but let's see what underground travelers doing during the vacation so you can see like a boarding passes for two people we have Russian passport and I say like

thank you and this seller so what's the normal review so here inside the plane like air fluid flight maybe food and here is a hotel I think somewhere in Russia because you can see like matryoshka of course some people can afford luxury vacations so you can see like crocodile for for the lunch this is like a luxury car in town and the VIP tours services India mica which has been provided by underground actors and this was a really strange I'm not sure if it was a native English speaker but the person pretended to be travel Ejim decided to grab some low-hanging fruits and learn some money so of course we're some unlucky trevor is like the

easiest case like person says but he was asked it to provide a credit card which has been used to buy tickets so but it's like nothing nothing stretch another interesting case when one underground actor who provides services decided to travel using in our underground travel agency and as long as he paid money he got request to his agency so it was not a real seller it was a reseller who push it order to several other underground travel agencies with personal information of the traveler and this traveler got it back so and this traveler was really unhappy with this kind of service where is a serious rule I think you are available about this like if you live in russian-speaking

country don't work against Russia and russian-speaking countries so here is the case when person both plane tickets and during the chicken-like strange persons sit near like airline stuff and immediately stand up and provide like law enforcement page to the traveler the police catch this guy and what happened actually it's a really interesting story so policemen sitting in the police department and one of his friend received a call from his mother like somebody withdrawal like two times like twelve twelve thousand troubles from my cart and according to the Russian law Bank should inform you immediately about any transaction so and we was able to trace this transaction to the particular booking reference and police just came to the airport and

catch it the guy because seller use it Russian credit card and the Russian tour agent to buy tickets inside the Russia and that's why Russia a Russian tickets cost a bit more and nobody suggest you use stolen credit card to book tickets inside Russia of course it's high competitive service so as long as we're is like a travel agency you can see it wins like who pretend to be travel agency and on the Underground Post people say like here only this account is mine and I have no avatar on it so be aware and the same is like with many actors so I think like where is no free cheese so as long as you consider to

travel you should understand the real prices the average prices and the offers from the particular agency you should take care about your account your passport and beware of phishing and of course it's like a cat and mouse game for the industry the hackers especially for carding so when when hackers a using stolen credit card way trying to be so low profile so it's impossible to distinguish real cardholder and a hacker because the process which is done on the underground so if we want to buy something with stolen credit card first of all we listen cards when we take in the proxies in this city and in this distinct of the city with the same zip code if we have a proxy way by an a

credit card and reduction looks exactly as from the car top of there so and the same approach use it for like Goods fraud so when people buying like mug books or like fancy things like Gucci Versace these are stolen credit cards so we even use the same billing and shipping address and as long as item we shape it we call to the company like USPS and say you know I'm not at home today can you roll this package to in our destination so and we're like several pretty good report related to the travel fraud which you can find here and here is the sum summary so did you learn several words okay so if you have a question