Nigerian Cybercriminal 'Dton' Activities Exposed by Security Researchers
Over a few months, Check Point researchers managed to carefully track and uncover the identity of a prolific Nigerian cybercriminal known under the moniker 'Dton'. He was active for more than seven years, earning no less than $100,000 from his shady work. It was estimated he might have even made far more than that over that amount of time.
Dton turned out to be 25 years old, single male living in Benin City, a million and a half cities located in the southern parts of Nigeria. At first sight, Dton appeared to be a regular Joe like everyone else. But beneath that normalcy was another, more nefarious identity and a person who made his living as a career criminal online who focused on phishing, malware, stolen credit card information, and more.
So how did Dton, also known as Bill, start his life of crime that earned him about 14 times the national minimum wage in Nigeria?
Researchers found out he began slow, by purchasing the credit card details of a thousand cards from an online marketplace that specialized in such credentials. Each of those cards, costing around $4 to $16, Bill decided to charge about 200,000 Nigerian Naira, which was the equivalent of $550. If the transaction didn't work out, he would try another merchant or card until he was successful in his sale. Using this initial investment of a thousand cards, Dton was able to charge over $100,000 from his clients.
It would seem that buying such blocks of stolen card details wasn't enough for Bill/Dton, as he decided to purchase so-called leads instead. Those were bulk email addresses of potential targets, ones he could use to launch his scams and exploits.
Table of Contents
Dton ups his game into malware marketing
Bill/Dton began to buy the tools of his new trade to help him out. Crafting malware to spam his chosen targets required tools and preparation, such as info stealers, keyloggers, crypters, exploits, and other components. Using these tools, he could build his malware, inserting them into legitimate-looking documents, making an email, and then sending it off to his marks. Once that was done, he would wait for his victims to take the bait.
That allowed Dton to deliver a lot of user credentials he could exploit, making him even more money. He did so while also pleasing his boss. It turned out, Dton wasn't working alone, and he had a manager who reported to another manager up the chain of command. These so-called managers would pass the seed capital down onto Dton, but they also expected returns on their investments. That was the equivalent of a pyramid scheme multi-level marketing in cybercrime.
Dton decides to go solo
Eventually, Dton got fed up with his boss, so he moved on to make a malware of his own. It would be one with no known signature that he could use to work for himself, without sharing his profits. As Dton wasn't a coder, he had to hire someone to do the work for him. Specifically, someone called 'RATs &exploits' instead. It would appear that in the dog-eat-dog world of malware, there was no honor involved.
Dton compromised the exploits of RATs & exploits with his remote access Trojan (RAT) so he could spy on him and to maybe even steal his work. That wasn't enough, though, so he hired a hacker who specialized in malware packer programs. The ended up arguing over usage and prices. The result was that Dton decided to report the hacker to Interpol when he couldn't get what he wanted. Dton managed to get away with making more illicit money.
Dton continued his cybercrimes for years. This showed how even someone without skill and discipline may still make mad profits from fraud and malicious activities online. That indicates that, much like other criminal activities, cybercrime again depends on the numbers of potential victims. As the Check Point researchers mentioned, even a single person opening the malware-spiked mail could make money for cybercriminals.
After discovering Dton's identity and actions, Check Point notified law enforcement in Nigeria and internationally, sharing the information.
Taking steps to avoid online fraud:
- When shopping online, ensure you buy from official stores. Avoid promotional links; instead, use Google to find retailers and avoid clicking on ads.
- Avoid 'special offers' and other purchase hooks. They may be hijacked by malicious actors who use the alleged sale to push malware or social engineering scams.
- Avoid domains that attempt to imitate the originals, such as possessing slightly different names. Dodge links with spelling errors, unfamiliar emails, and so forth.