Abracadabra! – CryptBB demystifying the illusion of the private forum

Abracadabra! – CryptBB demystifying the illusion of the private forum
Photon Research Team
Read More From Photon Research Team
July 15, 2020 | 8 Min Read

You wouldn’t usually associate cybercriminal forums with the mysterious “Magic Circle,” (for non-Brits less familiar with the subject, the Magic Circle is a secret society that is extremely exclusive and hard to join, founded over 100 years ago and headquartered in London) but they share some similar characteristics. Certain forums seem to have unwittingly replicated the Magic Circle’s model to create an exclusive community built upon skill, experience, and knowledge. Both communities harbor secrets and tricks developed over the years to deceive their respective audiences, whether that’s for entertainment or a financial payout.

Like magicians, hackers often work for years to hone their craft and be recognized as one of the elites in their field. Access to a private community where all members have had to prove their worth to gain acceptance brings a sense of belonging and recognition for what they have achieved. But just like the Magic Circle, the cybercriminal community can’t completely ostracize itself from the outside world. Although exclusivity remains at the heart of these mysterious collectives, both recognize the need for up-and-coming novices looking to join their ranks so that secrets can be shared and their respective capabilities can stand the test of time. This now brings us to CryptBB.

For several years it was unclear how an applicant might acquire the skill set required to gain acceptance into this application-only cybercriminal forum. However, in late 2019, the site introduced a forum subsection for failed applicants in which they could learn from each other and seek guidance from fully established members. In this blog, we will examine the history of CryptBB and why it was created. We’ll ask why it established a subforum for failed applicants, and look at what might be next for the hacking forum.

magic

What is CryptBB?

CryptBB is an English-language dark web cybercriminal forum that describes itself as an advanced “Cyber Security and Hacking Forum powered by LongPig and Power” (the usernames of two of the forum’s administrators). The forum has been active on Tor since 2017 and was launched at a similar time to a multitude of other English-language private forums, including Dark0de, KickAss, 0day, Codex, and Onion Land. Fast-forward to today and CryptBB is the only forum on this list still in existence (although Dark0de may have re-emerged as “Dark0de Reborn”; this is unconfirmed at the time of writing). 

CryptBB has been on Digital Shadows’ radar for some time and is also well-known to highly competent hackers, carders, and programmers across the English-language cybercriminal community. Since the forum’s launch in 2017, the site has only accepted new members following a rigorous application and interview process. This involves the applicant proving their skill and knowledge on a chosen area of expertise, leaving no room for those who fail to meet the required standards. However, in late 2019 the forum introduced a section for “newbies” who had failed the forum application process. This was intended as a designated safe space for users to enhance their skills, learning from one another as well as from more established members–remarkably similar to a magic workshop!

Digital Shadows identified a “subdread” dedicated to CryptBB on the dark web community forum Dread in early June 2020. A subdread enables CryptBB to reach a wider audience across the dark web (Dread has a far-reaching and loyal user base) and allows the administration team to interact with Dread members or interested applicants who wish to apply. On this subdread, CryptBB proclaims itself to be an excellent forum for “newbie” hackers, programmers, and carders eager to start on their journey while also remaining a private platform for “advanced” members who can partake in quality discussions and share expertise. 

Historically, CryptBB’s administration team has advertised a few dedicated services that the forum itself and its members can offer. These include RDP sales provided directly by the forum (as announced on the English-language cybercriminal forum Torum in January 2020) and “hackers for hire” services (where members of the CryptBB forum who specialize in hacking are recommended for specific requests based on the vetting procedures of the forum, as seen on Dread in early 2020). Since May 2020, the CryptBB administration team has offered penetration testing and bug-reporting services to marketplaces, with the assurance that the interested platform would have complete discretion and “there won’t be any drama.” Each of the above services is advertised on behalf of the forum itself.

CryptBB homepage

Why would a private forum introduce a section for newbies?

Let’s refer back to our Magic Circle analogy once again to find an answer to this. If a magician didn’t share the secret behind the seemingly impossible “pulling a rabbit out of a hat” trick, then the mystery of how this was achieved would endure forever, meaning the solution behind the trick would be forgotten. Therefore, an established “private” forum may introduce a dedicated section for newbies to expose its secrets so that methods and strategies can be preserved and improved upon with time as both technology and knowledge advance. 

There are other possible explanations too:

  • Giving back to the cybercriminal community

Assisting beginners to improve their skill set may sound arduous. However, enhancing an individual’s understanding of a subject or skill and seeing a novice go from beginner to expert might provide a feel-good factor. This may reassure the administration team that they are earning karma to mitigate past misdeeds or provide the sense that they are giving back to their community. We have seen this on Russian-language cybercriminal forums, on which many users  “give back” through charitable deeds. For example, every year, one user on the prominent Russian-language cybercriminal forum XSS raises funds to buy toys for local children’s hospitals. 

XSS raises funds to buy toys for local children’s hospitals.
  • Exposes the forum to a much larger audience

Forums often fail to maintain activity and participation levels. An exclusive platform with low activity levels may not appeal to advanced cybercriminals looking to join forums that are considered more lively or interactive. This is exemplified by comparing forums such as Torum and CryptBB. Although CryptBB is prestigious due to its privacy, cybercriminals often opt to join Torum instead because the Torum community is more fluid, and the activity level is considerably higher. Creating a dedicated section for novice users improves CryptBB’s image within the cybercriminal scene and encourages other users to participate.

CryptBB join
  • Establishing a foothold within the cybercriminal scene

Out of all the forums launched at the same time as CryptBB, this site is the only recognized service still available. This presents a somewhat daunting prospect for the forum but also allows it to make its mark on a scene with little to no competition. But an exclusive forum is only as good as its membership; if the members are disgruntled or unhappy with the forum’s state, they will not be shy in sharing their views on other active platforms. We have seen this with the now-defunct forums KickAss and 0day. Both were implicated in rumors of law enforcement involvement or administrator abandonment upon their exits. However, they were also victims of a lack of engagement and low membership counts towards the end of their lifespans. KickAss’s administrator “NSA” was seen on countless other forums trying to justify their forum’s prowess and status as a leader within the hacking cybercriminal community. Still, many KickAss members countered NSA’s claims with complaints of a lack of forum activity and the administrator’s apparent militant controls.

CryptBB’s decision to initiate a dedicated subforum for failed forum applicants and newbies shows a genuine desire to be viewed as a platform for “all”. This will likely increase forum participation in the long-run and therefore establish the forum as a staple in the hacking and carding scene. This, combined with the various services currently being offered to external parties, clearly demonstrates the administration team’s desire to ensure the forum stands the test of time.

CryptBB-privacyissue

What next?

CryptBB is now in a precarious position. If it continues on its trajectory, it may establish a membership full of competent and knowledgeable cybercriminals that could rival any platform and push the site into the realm of David Blaine and David Copperfield — the elites in their field. However, if CryptBB fails to engage on other platforms and encourage users to use the forum’s services, join the site, and partake in discussions, the forum could become another failure, like Madame DeLinsky’s 1820 bullet catch attempt. Then, alas, the forum may cease to exist entirely.

hare

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...
The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks

August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard...
ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

August 3, 2020 | 3 Min Read

This week it’s a full house with ShadowTalk...