This article, Cybercriminals are doing big business in the gaming chat app Discord, originally appeared on CBSNews.com
Cybercriminals have set up shop on Discord, a popular chat application for gamers with more than 250 million active users. Hackers have modified many of the app's private groups to function like retail shops that sell illicit products, including stolen credit card numbers, cracked customer accounts for Delta Air Lines and Hilton Hotels, as well as malware that can be used to infect computer networks.
Discord, founded in 2012, does not have a home news feed like Facebook or Twitter. It is built around a network of private and semi-private groups, known as "servers," which are created by mostly anonymous users.
CBS News found more than three dozen groups that cybercriminals call "money servers" on Discord.
Hacked Hilton Honors accounts are often sold in rooms marked "#HH." Another popular commodity, cracked American Express accounts, are sold in rooms named "#4M3X" — computer-geek speak for "AMEX."
A hacker in a server called "The Money House" offered to sell forged hundred dollar bills. "100 dollar bills $1000 for $400 (2006 version no blue stripe)," he wrote in a private chat with CBS News. "I can prepare sample, one twenty = $12 in order to cover shipping cost."
Through the course of a chat conversation, he explained that his primary business was servicing cybercriminal communities on the dark web and Discord. He claimed to have one employee, and said he kept a low profile and paid taxes to avoid being discovered. He only prints counterfeit money when the price of monero, a cryptocurrency known for being more anonymous than bitcoin, is high relative to the U.S. dollar. "I bought monero to buy ink at 100$ per coin but now it's 80$ per coin I can't afford it," he explained after uploading samples of forged bills.
When asked how Discord tackles cybercrime, a spokesperson said, "Discord has a zero-tolerance approach to illegal activity on our communications platform and we take immediate action, including content removal, banning users and shutting down servers when we become aware of it."
Account cracking tools for sale on Discord
Stolen accounts are often compromised by using a relatively new tool called OpenBullet, according to Ryan Jackson, the security researcher who discovered the hacking code being sold on Discord.
Hackers use a tool called OpenBullet to crack accounts.
Released in May on Microsoft's GitHub code platform, OpenBullet was initially intended as a testing tool for security professionals. But it was quickly modified by hackers and proliferated rapidly because the code is relatively easy to configure and deploy.
Using OpenBullet to crack accounts, Jackson said, is "extremely illegal, but easy to do." OpenBullet automates a number of hacking tactics like credential stuffing and brute force attacks. Jackson said both of these techniques are common because they rely on weak and recycled passwords. "It still takes skill, but [OpenBullet] does the hard work," he said.
According to Jackson, a well-known hacker coded a configuration file that simplified the exploit process. "He sold his configuration file for only $10 on Discord, which allowed hackers to brute-force their way into accounts," Jackson explained. "The hacker only allowed Bitcoin payments for the config to ensure his personal safety."