The parabola of a prolific cyber-criminal known as Dton

Pierluigi Paganini March 17, 2020

Check Point researchers detailed the activity of a prolific cyber-criminal known as ‘Dton’ that earned at least $100,000 US from his operations.

Over the past few months, experts at Check Point have monitored the activity of a prolific cyber-criminal known as ‘Dton’. The man is active at least since 2013 and already earned at least $100,000 US from his ‘work,’ but researchers believe he has earned several times that amount.

The experts were able to identify the man, his name is Bill Henry (25) from Benin City, Nigeria, his criminal activity include the theft of credit cards, phishing and malware attacks.

“Bill / started out by speculating a little:  he spent around $13,000 buying the details of 1000 credit cards from a special online marketplace specializing in stolen payment card credentials.” reads the report published by Check Point. “With each stolen card – costing around $4 to $16 each – Bill usually tried to charge about 200,000 Nigerian Naira (NAN), equivalent to around $550 US. If the transaction is blocked, he tries another merchant, or another card until one succeeds. From his ‘investment’ in the 1000 stolen cards, Bill has been able to charge at least $100,000.”

Dton’s criminal carrier begun with the purchase of stolen credit card data from Ferrum Shop, then he was able to fraudulently charge them $550 each earning over $100,000.

credit card shop dton

Over the years, Dton also started a new prolific activity buying tools to launch malspam campaigns aimed at distributing custom-built info-stealing malware.

The man used the malware to steal credit card data allowing him to increase the profits.

According to the researchers, Bill is not a lone wolf, he is part of an organization that pays him for his work.

Then Dton’s activity continues to grow, it orchestrated a spam campaign aimed at distributing a custom-RAT disguised as innocuous email attachments.

Bill / Dton is not a coder, he paid an expert named ‘RATs &exploits’ to develop his custom-malware. 

But Bill has no honor code, and compromised the computer of ‘Mr RATs &exploits’ with a RAT, so he could spy on his work. 

“When that wasn’t enough, he also engaged – and then fell out with – another shady character behind a specialized malware packer program, by arguing with him on underground forums over prices and usage.  The result was that when Bill / Dton didn’t get what he wanted, he reported the other party to Interpol.  The cyber-crime economy is certainly a rat-eat-rat world – but all the while and despite these minor setbacks, Bill / Dton carried on earning illicit cash.” continues the report.

Dton’s history demonstrates that it is quite easy, even for relatively unskilled individuals, to enter in the cybercrime arena.

The model of sale known as Cybercrime-as-a-Service, makes it easy to arrange criminal activities such as massive malspam campaigns.

Unfortunately, there are millions of people online that have no idea about cybercrime activities and for this reason they are easy victims of people like Dton.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Dton, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment