OPSEC novice … here the manual for perfect cyber criminals

Pierluigi Paganini December 19, 2013

Cyber security expert Dancho Danchev profiled a new OPSEC training services in the underground, a new trend that is converging to standardization of knowledge sharing in the cybercrime ecosystem.

Speaking of cybercrime, with the term OPSEC are usually referred the basic operational security activities conducted by cyber criminals to avoid being tracked and monetize their cyber crimes (e.g. Frauds, scams, hacking campaigns and much more).

Cybercrime business will never stop to surprise us, every day new products and model of sale are proposed by gangs of criminals with a primary purpose to make their services user-friendly and available for a wide audience.

The cybercrime has its rules, operations,  its patterns and monetization processes that are increasing in sophistication, an attractive underground in which the principal actors have started to think to earn also sharing their experience and expertise.

The cybercrime expert Dancho Danchev has recently profiled a product/training service launched around the middle of this year 2013, it is a course that caters novice cyber criminals offering them tools, manuals and precious suggestions to successfully undertake their career in illegality.

The course is complete and according Danchev covers the most interesting topics of OPSEC

  • Basic host security
  • Setting up Virtual Machines
  • Setting up encrypted backups
  • Setting up and securely using email clients
  • Setting up a firewall
  • Basics of OpenVPN and i2p
  • Basics of Bitcoin use
  • How to configure popular browsers for maximum security and anonymity
  • How to use Socks4/Socks5 servers (malware infected hosts)
  • How to anonymously use the most popular Web payment processes such as WebMoney, Yandex etc.
  • How to securely communicate online using free/public/community tools

Giving a look to the topics it is easy to recognize the knowledge of all the principal  phases of a malicious criminal activity from the setup of a malicious architecture to the monetization phases and payment processes.

I consider the coverage of these topics fundamental also for any professionals that desires proof its knowledge of cybercrime and its OPSEC. The training in Operational Security (OPSEC) is very interesting, it also includes access to a private forum set up for customers only in which the apprentices could exchange experiences and ask the support to skilled cyber criminals in an anonymous way.

The cost of the training package is very cheap, just $40 for the manual inclusing the access to the forum, dont’ forget the discount of further 10$ in case the customer provides relevant feedback about course.

OPSEC training material cybercrime Forum

“The standardized OPSEC offering is targeting novice cybercriminals, and also has an interesting discount based system, offering $10 discounts for every feedback from those who’ve already taken the course.” states the blog post published by Danchev.

OPSEC training material cybercrime 3


As highlighted by Danchev we will assist in the future in the a standardization process of the OPSEC knowledge, through localization (translating the original documents) and  training courses to instruct novice criminals. Online courses for novice cyber criminals are increasing and their quality is improving also thanks to the direct contribution of criminals that daily improve their methods and strategies on the field responding to the increasing pressure from law enforcement.

Probably elsewhere someones already arranging the next cyber criminal boot camp … are you ready for the training on the job?

Pierluigi Paganini

(Security Affairs –  OPSEC, cybercrime)


you might also like

leave a comment