It’s that time of year again. Summer is drawing to a close and retailers are making the most of the rush to stock up on supplies and learning materials before classes begin. However, as we highlighted last year in our Inside Online Carding Courses Designed for Cybercriminals report, a market has emerged for a very different type of university experience.

Cybercriminals have been offering their own e-learning hacking and carding courses, complete with webinars, tutors and reading lists for some time. These types of courses were traditionally advertised across a wide range of marketplaces and forums; however, with the takedowns of AlphaBay and Hansa marketplaces in 2017, cybercriminals are incorporating other platforms to publicize their services.


The University of Cybersecurity and Anonymity: Promoting Academic Excellence

In a recent development to the cybercrime university ecosystem, our Russian-language specialists unearthed new high-spec courses and tutors being advertised. Rather than rely on dark web marketplaces, however, sellers of these courses host free lecture videos on Telegram and then use these to further promote their cybercrime services. In Figure 1 below, a tutor held a botnet-related lecture on Telegram and then advertised their new University of Cybersecurity and Anonymity programme, complete with a dedicated website.

Figure 1: Plastikcash University of Cybersecurity and Anonymity website

With a slick website, experienced tutors, and course structure that would not look out of place for the most established and legitimate education providers, this example demonstrates how cybercriminals are looking to further professionalize their offerings and monetize their expertise by training less-sophisticated actors. To further entice students, the University of Cybersecurity and Anonymity has even produced its own minute-long video advertisement, which has been played over 3,000 on mainstream video sharing platforms. This particular programme is priced at 75,000 Rubles ($1,100 USD), payable in Bitcoin, and offers four different global courses, three practising tutors, 70 unique lectures and over 40 educational days.

Figure 2: Carding University course topics as advertised on Plastikcash website

Fraudsters within the carding industry will not necessarily remain fraudsters forever, often looking to move up the criminal hierarchy. This programme seemingly acknowledges this, with the courses offering much more than basic carding techniques; instead it includes lectures and workshops on currency laundering, cash withdrawal schemes, social engineering, botnet creation and use of exploits.


University League Tables

The University of Cybersecurity and Anonymity is a further example of the broad range in online courses and tutorials available to aspiring amateur criminals. As we detailed in our Online Carding Course whitepaper, there is a variety in quality and price of such services. At the lower end of the scale are guides offered for as little as $1, which typically involve no tutor interaction or course material. These are self-paced and generic tutorials, unlike the University of Cybersecurity and Anonymity, which claims to offer a fully-comprehensive, immersive and tutor-led experience.


Online Tutorials as a System of Exchange

While these course packages allow cybercriminals to make money from their expertise, online tutorials are also used as a bartering medium between actors on forums. In Figure 3 the forum user offers free carding tutorials specifically for eBay and PayPal, including both theory and practical elements. However, rather than asking for a pecuniary fee, users have to instead promise to write positive reviews of the user’s services on various platforms.

Figure 3: Free eBay and PayPal carding tutorials offered on a Russian-language forum


In the above example, the user ‘truefalk’ also attempts to upsell their other services. Here they request that carding tutees should purchase stolen payment card information directly from truefalk. This practice of using online tutorials as a freebie to then advertise a wider array of services is not uncommon. The user ‘Smart666tiger’, who was previously an active seller on the AlphaBay and Hansa marketplaces, has offered free carding tutorials on several online forums, and then used these posts to provide links to paid tutorials and carding services on their Satriale Silk Road marketplace shop.

Figure 4: smart666tiger advertising carding tutorial shared on Satriale’s Silkroad 3.1

Figure 5: smart666tiger paid carding tutorials offered for sale on Silkroad 3.1

The evolution of online cybercrime and carding courses is a worrying trend for organizations and consumers, with more amateur actors having access to the training needed to embark on a cybercriminal career. Nevertheless, a knowledge of these trends and the techniques being advertised in these courses gives us a valuable insight into the methods being used to target individuals and businesses. With this understanding, defenders can look to increase friction at every stage of the cybercriminal process – whether it’s training employees on how to avoid being the victim of the latest social engineering tricks or how criminals are bypassing anti-fraud and banking checks.


To learn more about the carding ecosystem, download our whitepaper, Inside Online Carding Courses Designed for Cybercriminals.


Photon logo small