A rising wave of cybercrime has emerged in Turkey, resulting from a unique collaboration between local criminals and recent Russian arrivals. The enhanced digital underworld has witnessed an influx of countless stolen personal details, signifying a shift in the global landscape of online fraud.
The migration of many Russian software professionals to Turkey in the wake of President Vladimir Putin’s military draft for the Ukrainian conflict last September played a role. Some of these skilled individuals, in their quest for sustenance, resorted to online deceptions. They partnered with seasoned Turkish digital criminals to better mask their operations, launder their proceeds, and penetrate the European credential market.
This amplified cyber activity has not gone unnoticed. While the culprits utilize advanced digital methods to remain incognito, unnamed Turkish police sources have confirmed ongoing investigations. In stark contrast, cybercriminals from Russian-speaking regions tend to work with little secrecy, thanks to their home countries’ lenient regulatory environments.
These transnational syndicates have melded their expertise, gradually encroaching upon territories once dominated by infamous Russian and Belarusian cyber mobs. An official from Antalya – a Russian-favored coastal area – remarked on the surge in reported incidents over the past year. Importantly, these emergent groups deliberately refrain from targeting locals, likely to reduce attention from domestic enforcement agencies.
The chosen hub for their digital exploits, named “Underground Cloud of Logs” by cyber experts, has been deluged with a massive influx of pilfered credit card information and login details. Osher Assor of Auren Cyber Israel highlighted the use of an ingenious malware named “Redline.” This malware not only evades detection from most antivirus tools but is also likely installed by users frequenting illicit gaming or software platforms. Its potency lies in its ability to snatch browser cookies, enabling hackers to convincingly mimic victims online and exploit saved credit card details.
Highlighting the value of this ‘hot’ data, Assor noted the real-time nature of these thefts. Proof of their operations can be seen in Telegram groups, where freshly extracted data is traded, sometimes at prices as meager as $50 per week.
A local cyber expert, who opted for anonymity due to legal ambiguities, infiltrated one such group. He observed the exchange of expertise, with Russian newcomers teaching their Turkish peers advanced coding techniques while the latter brokered better rates for the data, especially in Western European markets.
Their conversations also revealed boasts of enormous digital heists, methods to launder stolen crypto into local currency, and intricate plans to invest in real estate for passport gains.
Assor’s engagements with these groups unveiled a mix of professional dealings and even unexpected personal touches, such as dining recommendations in Istanbul. However, probing about ties with the Russian contingent led to reticence. One hacker aptly summarized the sentiment, emphasizing the value of skill over identity: “I don’t want to know [their] face, but to be with talented people.”