Say you want to find out when and where someone has flown, or even check what city they plan to travel to next. Fortunately, for you at least, a vendor on a Russian crime forum is offering a rare but relatively cheap service of accessing all sorts of travel databases and prying out useful tidbits.
The service highlights not only the sort of information that cybercriminals may be interested in, but also how some crooks are likely leveraging corrupt contacts inside law enforcement or government bodies to access sensitive data.
“I will provide information on the movement of people across the Russian Federation and, in many cases, beyond its borders,” the hacker, who goes by the handle Abrisk, writes in a post on a Russian-language crime forum.
Provided with just a name and date of birth, Abrisk may be able to rummage through past travel data, or dig up details on a target’s tickets for upcoming travel. In other instances, they will need a passport number.
“In many cases, it is really possible to get a list of passengers on a flight/car,” Abrisk writes in their listing. The service typically only costs between $50 and $300, although some lookups may be more expensive. The customer receives their data between three and four working days, or perhaps in a matter of minutes depending on what data is needed, Abrisk adds.
Abrisk appears to have a number of happy customers.
“My order was executed quickly and clearly. Communication, briefly and on business. Extremely positive impressions!” one apparent user wrote recently, according to a Google translation of their feedback.
“The service is excellent,” another supposed customer wrote.
The service appears so popular that just last month Abrisk warned about several scammers impersonating them. In response, Abrisk published the fraudsters’ online chat handles and bank account details.
Not everyone has been satisfied, however: Another customer complained that Abrisk tripled the price in their transaction, and that other vendors offer much the same service for around $10. On Monday, Abrisk wrote on the forum that discounts were available.
Abrisk may not really be a hacker at all, though. Roman Sannikov, director of Eastern European research and analysis at cybersecurity firm Flashpoint, told The Daily Beast, “Flashpoint assesses that, based on the sheer number and breadth of data that the individual claims to have ongoing access to, the threat actor may have contacts in various law-enforcement agencies, possibly corrupt individuals, who are running checks for the actor.”
“In addition, they claim that they can check credit histories, tax filings, and property records,” Sannikov added.
In another post, Abrisk claims to have access to institution databases in Russia, Belarus, Ukraine, and Kazakhstan, as well as Interpol for “international search.” Abrisk also offers a service to check whether law enforcement is hunting for someone specific—useful information to hackers or fraudsters alike.
“Another service that the same actor ‘Abrisk’ claims to offer is the ability to check individual names against Interpol red notices. Again, this would point to possible contacts within law-enforcement agencies,” Sannikov continued.
Abrisk could not be reached for comment.
“Everything was done perfectly!” another apparent customer wrote.