WWH ad

Russian-speaking criminals are offering a six-week online course that teaches wannabe hackers all they need to know to enter the online fraud and carding scene.

Discovered by threat intelligence firm Digital Shadows, the course is advertised on Russian underground sites and is available only in Russian.

It's like a carders' university

The program, known as WWH, costs 45,000 Russian rubles ($760) with an additional $200 for course materials, sums that coursants can pay via Bitcoin or Webmoney.

Criminals who sign-up for a WWH training plan are enrolled in a six-week program that consists of courses on 20 topics, presented in the image below.

List of WWH courses

Enrolled coursants will study under five expert instructors in live webinars. All classes are capped at 15 members, so instructors can cater to all attendees. The program also provides detailed notes and course materials in the form of PDF files.

The WWH service is treated and managed like any other university-backed online course system, which is very different from what we've seen in the past. Up until now, criminals learned from one another using free resources and tutorials shared on hacking forums. The best of these tutorials were also sold on Dark Web marketplaces, but usually for measly prices.

Courses focused on financial fraud, carding crime

WWH brings a level of professionalism not seen before with similar endeavors. The program also claims that it constantly updates its teaching materials, and encourages attendees to take the course again in a few months or years to get updated on the latest hacking techniques.

All courses are focused on financial fraud. Instructors focus on teaching the basic techniques of gaining access to online accounts that have access to a user's payment card (eBay, PayPal, E-Gift), but also on how to cash out these funds using cash mules and other collaborators.

In addition, instructors also teach course takers how to find and identify reputable online carding stores that sell compromised payment card data, and how to use data bought from these sites to cash out funds from legitimate account owners.

The training materials also mention a service discovered by Bleeping Computer in March, which allows fraudsters to social engineer bank account owners into revealing their card's PIN number.

Login page for QAF portal
Login page for QAF portal

Course helps hackers advance their cybercrime careers

Services like the one provided by WWH are in high-demand, notably due to their professionalism.

"Judging by the positive reviews of satisfied students, there are real profits to be made," Digital Shadows wrote in a report released yesterday. "While [course takers] may not stand to make as much potential money as harvesters and distributors, the right training enables [these] entry level fraudsters to up their game to make far more money than they would otherwise earn."

The online fraud and carding scene isn't a unitary block, containing various groups of highly-specialized crooks. While at the technical level the skills thought by the WWH courses are low in complexity, they provide enough information to give criminals a better understanding of the carding scene and what they need to do to advance their "career" and earning possibilities.

"Within the carding industry, fraudsters will not necessarily remain fraudsters forever, given the chance to move up in the hierarchy," Digital Shadows adds. "One user, for example, thanked the course as they were able to set up their own reshipping business [for handling goods bought with stolen cash]."

The WWH courses do not teach criminals how to put together skimmers or code PoS malware, as this requires advanced hardware and software knowledge. More details are available in Digital Shadows' Inside Online Carding Courses Designed for Cybercriminals report.

Image credits: Digital Shadows, Bleeping Computer