October 22, 2019
In the context of the ongoing 2019 Kaspersky Security Analyst Summit in Singapore, researchers have uncovered a new 'darknet' marketplace that acts as a 'complementary data' store, selling authentication information. This information may include a person’s card expiration date, their device ID, the firmware version, the IP address, the WebRTC IPs, cookies, GPU info, timezone, and plenty more. Combining these attributes with sophisticated behavioral analysis that derives from the mouse movement patterns, the interest-related behavior, and the time spent on a webpage, online platforms can form a complete 'digital fingerprint' to help them distinguish between the real user and a fraudster.
As robust and secure as this may sound, fraudsters have found a way to overcome this hurdle by simply purchasing fake digital fingerprints and using them to spoof the platforms. According to Kaspersky, there’s a new cybercrime store out there named 'Genesis' that is devoted entirely to selling digital fingerprints, offering more than sixty thousand of them right now. Depending on the completeness of the fingerprint, their price varies from just $5 up to $200. The more data like cookies, credit card authentication data, browser fingerprints, etc., the higher the price of the fingerprint.
To make the lives of malicious actors easier, Genesis even offers a powerful search engine that lets them quickly locate specific fingerprints based on terms such as the victim’s country, OS, website, login credentials, etc. The Genesis crooks have even developed a Chrome plugin that allows actors to activate and deactivate the stolen digital fingerprints on their browser, as well as use a proxy with the victim’s IP and location, all done through the clicking of a button. Finally, Genesis even offers a 'fingerprint generator' for those who want to hide behind a fake profile, probably to mitigate the risk of getting tracked following a malicious activity.
Kaspersky warns that the Genesis plugin is neither the only nor the most sophisticated tool out there. Enter Tenebris Sphere, a specially configured browser tool that has been the de-facto choice of those who indulge in carding, featuring advanced fingerprint and proxy configuration features. Sphere is a powerful tool that allows cybercriminals to emulate the activity of victims with amazing mimicry, and trick even the most robust anti-fraud systems. This is also a subscription-based tool, with the browser being priced at $100/month, and going up to $500/month for the fully-fledged version with the fingerprint market access enabled.
Are you using 2FA anywhere you can? What other measures of protection are you taking to protect yourself from digital fingerprint hoaxes? Let us know in the comments section below, and feel free to share this piece through our socials, on Facebook and Twitter.