Cybercriminals usually try to remain as hidden and anonymous as possible. Obviously, they want to cover their tracks and stay in the shadows to avoid detection or investigation. As such, the people targeted by phishing emails, malware, and identify theft rarely know how their attackers operate. But a look at a successful cybercriminal in Nigeria by Check Point reveals some interesting tidbits about how such a person plies his trade.

SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

In its blog post released Tuesday, A Life of Cybercrime: The Inside Story of How a Nigerian Hacker Earned over $100,000, Check Point told the tale of a man referred to as “Dton.” Single, 25 years of age, and a resident of Benin City in Southern Nigeria, Dton seems like a model citizen on the surface. But in reality, Dton is Bill Henry, a cybecriminal who has made a good living purchasing items online with stolen credit cards and infecting people with phishing and malware attacks.

Active for more than seven years, Dton has managed to rake in at least $100,000 from his illegal trade and likely several times that amount–a substantial income in light of the minimum wage and average salary in Nigeria, according to Check Point.

Dton began his criminal career by purchasing stolen credit cards from an online marketplace, costing him anywhere from $4 to $16 per card. He then used the card information to buy products online, usually running up a charge of around $550 per transaction. Initially buying 1,000 stolen credit cards, Dton was able to rack up charges of at least $100,000.

Seeking a higher profit margin, Dton then started buying bulk email addresses of potential targets as well as tools, such as off-the-shelf packers and crypters, infostealer and keylogger components, and other exploits. His goal was to create malicious emails to send to the people on the lists he acquired. But even that wasn’t enough.

Dton wanted to cook up malware from scratch, the type of malware that could more easily avoid detection. Since Dton lacked the necessary coding skills, he hired someone to devise the malware for him. Alas, Dton became ambitious and attempted to spy on the person he hired to learn his coding secrets. From there, Dton engaged another individual to create a specialized malware packer program. But, after falling out with this person over prices and usage, Dton reported him to Interpol, giving credence to the saying that “there is no honor among thieves.”

As part of its investigation, Check Point reported Dton and his activities to law enforcement authorities in Nigeria and internationally. And what is Dton’s current status?

“Unfortunately based on our experience with the Nigerian authorities, it usually takes a very long time (if at all) until they act and respond to our and others reports,” Yaniv Balmas, head of Cyber Research for Check Point, said. “As far as we are aware, Dton is still active and has not been interrupted in any way by the Nigerian authorities. We are hopeful that we will have a more positive update soon.”

In the meantime, the tale of Dton illustrates how even an unsophisticated criminal can make a lot of money in cyberspace.

“Dton’s journey into cybercrime shows how even a relatively unskilled and undisciplined individual can profit handsomely from fraud and malicious online activity,” Check Point said in its blog post. “This is simply because, like many other criminal activities, cyber crime is a numbers game. It doesn’t matter if 499 people don’t open a malware-spiked email: The 500th person will. And when you can target hundreds of thousands of people at a time, you only need to infect a handful to get hold of your ill-gotten gain.”

To protect yourself against cybercriminals like Dton, Check Point offers a few pieces of advice:

  • When shopping online, ensure that you are ordering goods from an authentic source. Don’t click on promotional links in emails, and instead Google your desired retailer and click the link from the Google results page to avoid having your personal and payment details skimmed.
  • Beware of “special” offers. An 80% discount on a new iPhone or “an exclusive cure for Coronavirus for $150” is usually not a reliable or trustworthy opportunity.
  • Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
  • Protect your organization with a holistic, end-to-end cyber architecture to prevent zero-day attacks.


Image: iStockphoto/peshkov