Cyber-criminals have been trading stolen identities in Genesis, an underground marketplace, and then using them to bypass anti-fraud protections, according to Kaspersky Lab.
At the 2019 Security Analyst Summit (SAS), researchers announced the findings of their Genesis investigation. According to the research, criminals are able to bypass advanced anti-fraud measures and make transactions appear to be legitimate user activity, though they are really the work of digital doppelgangers using over 60,000 stolen identities.
The identities, when paired with stolen logins and passwords, allow an attacker to access online accounts where they can make new, trusted transactions in the victim’s name.
“To identify fraudsters and separate them from legitimate buyers the anti-fraud system uses various mechanisms designed to verify the user’s digital identity mask, and if it knows this mask to be legitimate or the mask is a new and unique one, it will not throw the 'red flag'. As a result, the user behind the mask is recognized to be a legitimate one, and his query, such as an attempt to make a purchase using the provided bank card details, will be approved,” researchers wrote.
The Genesis dark web marketplace has been selling stolen digital masks for anywhere from $5 to $200, according to the Kaspersky Lab researchers who discovered the underground e-store in February 2019.
“We see a clear trend of carding fraud increasing around the world,” said Sergey Lozhkin, security researcher, Kaspersky Lab, in a press release. “While the industry invests heavily in anti-fraud measures, digital doppelgangers are hard to catch. An alternative way to prevent the spread of this malicious activity is to shut down the fraudsters’ infrastructure. That is why we urge law enforcement agencies across the world to pay extra attention to this issue and join the fight.”
Trading stolen identities in marketplaces is not the only way for cyber-criminals to become digital dopplegangers, though. According to researchers, other tools, such as a special Tenebris browser with an embedded configuration generator to develop unique fingerprints, enable malicious actors to scratch their own unique digital masks that won’t trigger anti-fraud solutions.
“Once created, the carder can simply launch the mask through a browser and proxy connection and conduct any operations online.”