New ‘Ripper’ Site Names and Shames Dark Web Fraudsters

Written by

Security experts have discovered a new online service designed to alert cyber-criminals to rivals, or "rippers", who commit fraud on underground forums.

The flashy new site, Ripper.cc, is effectively the front-end of a database of known ‘bad’ cyber-criminals. Visitors can also add ripper profiles and details of individual scams, known as “blacks".

The site even has Chrome and Firefox extensions and a Jabber plug-in, extending the functionality outside the website so users can easily identify flagged rippers, according to Digital Shadows.

Interestingly, the site’s development mirrored that of a legitimate start-up, the firm claimed.

“The founders plainly acknowledge their intention to displace the previous main player – kidala.info – and try to win customers over by promising better features. They also have to prove their credentials – in this case by saying that a number of well-known forums support this project and their existing reputation on these forums,” Digital Shadows explained.

“Just like real startups, monetization is brought up as a key consideration, with suggestions such as an advertising or a subscription-based payment model … Without understanding how Ripper[.]cc makes money, the customers can’t trust it. Perhaps the plugins could be malicious or rippers could be added or removed for money.”

The site is another example of the growing professionalism and commercialism of the cybercrime underground, and that’s bad news for the white hats, because rippers actually perform a valuable service by slowing the underground market down and eating into their fellow cyber-criminals’ profits.

Kyle Wilhoit, senior security researcher at DomainTools, claimed there are several similar sites in existence, but not in English.

“One thing that matters in these types of marketplaces is the age of your account,” he explained.

“Some fallout will occur when shamed users are forced to delete their account, therefore losing any vouching power (for new members) and also losing the account age.”

What’s hot on Infosecurity Magazine?