Russian cybercriminals looking to anonymize their identities while engaging in illegal activity have a few new or improved tools to choose from, according to researchers from Flashpoint.
A recent investigation into the most popular anonymizing technologies used by the Russian-language underground community to avoid fingerprinting and anti-fraud mechanisms turned up Linken Sphere, a browser package that establishes and recycles online identities, and an updated version of an anonymity and spoofing service called Whatleaks.
Launched in July 2017, Linken Sphere “includes traffic tunneling and processor mapping features to help adversaries gain unauthorized access to targeted networks,” Flashpoint explains in an Oct. 5 blog post. “For each browsing session, users can either load their own user agent information, or choose from several dozen preconfigured proxy user agents to spoof activity on operating systems such as Mac, Windows, Linux, Android, and iOS. Users can also set the GPS coordinates of their choosing to mask their location.”
Available for a rental price of $100 per month, Linken Sphere can even help a cybercriminal make it look like his activity is the work of more than one user by creating “unique fingerprints for individual sessions within separate browser tabs,” Flashpoint continues.
Meanwhile, Whatleaks, a web-based testing service that cybercriminals have used since 2015 to determine if their anonymization configurations are effective against fingerprinting techniques, was upgraded in July 2017 to include a new feature allowing users to download fingerprints that belong to regular internet users. According to Flashpoint, the subscription service “costs $19… for 30 days of access to a fingerprint database with nearly 150,000 unique fingerprints searchable by country and browser.”