A School for Cybercrime: How to Become a Black Hat

Life looks good for Brazilian hackers: the absence of a specific law against cybercrime leaves them feeling so invulnerable that the bad guys are shameless about publicizing their thefts and showing off the profits of a life of crime. We showed some of this in a presentation
at the latest Virus Bulletin Conference, and it’s commonplace to find YouTube clips of Brazilian bankers and carders reveling in their ill-gotten gains and rubbing their easy money in the faces of hard-up victims (there’s one example here, and several more out there). It’s also common to find bad guys’ profiles on social networks such as Twitter, Tumblr, etc. Everything is done out in the open, without fear of being caught.

To help new “entrepreneurs” or beginners interested in a life of cybercrime, some Brazilian bad guys started to offer paid courses. Others went even further, creating a Cybercrime school to sell the necessary skills to anyone who fancies a life of computer crime but lacks the technical know-how. On a website dedicated to selling these courses and promoting the “school”, a careful search turns up courses like “How to be a Banker”, “Kit Spammer” or “How to be a Defacer”.

Each course is a well-designed package, with full details of the “curriculum” studied. “How to become a Banker 101” says:

“This course is intended for everybody making online transactions. You will learn how crackers take control of corporate or home computers, what social engineering is all about, how “auto-infect” works, how to use sources (of Trojans), how to manipulate the security plugins installed on browsers such as IE, Firefox, Chrome, Avant, Opera, and antivirus and firewalls. How spamming helps to catch new victims, what “loaders” do and how crackers use them. You’ll learn all the slang used by crackers and bankers and find out about things like “loaders”, “info”, “cc”, “admin”, “laras (money mules)”, “Desco, Ita, Uni, Sta, CEF, BB, City (popular names of Brazilian Banks), and much more. You’ll discover how crackers clone credit cards, checkbooks, IDs, driver’s licenses, birth certificates and other documents. You’ll learn how crackers can own e-commerce websites that store credit card numbers and what they do with this data. You’ll learn about the laws in Brazil and what the sentence is if you’re caught, as well as what risks you run and how to avoid getting caught. All this and much more is part of our course.”

They also offer a course for spammers where you can learn about all the techniques needed to do it effectively. This comes with a gift: a list containing 60 million email addresses to start spamming immediately:

“KIT SPAM UPDATED: Nowadays the virtual world is increasingly competitive, making it hard for new users to compete with advanced rivals in an ever-growing marketplace. That inspired us to create the KIT SPAM, where we include more than 60 million email addresses divided into separate categories: professionals, individuals and companies, executives, businessmen, politicians. The kit includes senders, social engineering techniques to ensure a good spread, extractor of emails and source codes in Delphi. All you have to do is compile and send the mass emails. Everything for R$ 130.00 (around US $75).

All the courses can be purchased on-line, or if you want, you can watch classes in person. The address of the “school” is also published on the website:

Brazilian financial institutions reported losses of R$ 685 million (around US $380 million) in the first half of 2011 as a result of paying compensation to internet banking clients who lost money. I think its high time Brazilian politicians approve a national law against local cybercrime to enable the police to step up the battle against cybercrime. With the computer criminals publically flouting their ill-gotten gains, we need a more radical and energetic campaign to stop them.

A School for Cybercrime: How to Become a Black Hat

Your email address will not be published. Required fields are marked *


  1. Kingsley Waike

    Its interesting to learn Cybercrime, I find your articles very interesting and educational. I am new in this area and would like to learn more. I have been spied upon by some people listening to my mobile phones and people hacking my emails and making my life hell.

    Thank you and may the lord bless you in what you do.

    Kingsley Waike

  2. Byser

    i wanna be a one of them


APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox