The Underground Economy: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
 
(13 intermediate revisions by 2 users not shown)
Line 9: Line 9:


==Categorization==
==Categorization==
 
* Threats and Actors: [[Criminals and Criminal Organizations]]; [[Financial Institutions and Networks]]
* Issues: [[Cybercrime]]
* Issues: [[Cybercrime]]; [[Economics of Cybersecurity]]


==Key Words==  
==Key Words==  
Line 21: Line 21:
[[Keyword_Index_and_Glossary_of_Core_Ideas#Keylogger| Keylogger]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Keylogger| Keylogger]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Malware| Malware]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Malware| Malware]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Spam| Spam]]
[[Keyword_Index_and_Glossary_of_Core_Ideas#SPAM| SPAM]]


==Synopsis==
==Synopsis==
Line 27: Line 27:
An analysis of the ways in which miscreants in the underground economy monetize stolen credit card data, bot networks, compromised hosts and other spoils of cybercrime.
An analysis of the ways in which miscreants in the underground economy monetize stolen credit card data, bot networks, compromised hosts and other spoils of cybercrime.


The underground economy is fertile ground for the pursuit and prosecution of the miscreants. Most of the underground economy servers are public, advertised widely, and easy to find (standard IRC ports, very descriptive DNS RRs, etc.). There is absolutely no presumption of privacy in the underground economy; the channels aren’t hidden, the channels have no keys, and the servers have no passwords. There is evidence of physical crime as well as online crime, and admissions of guilt, and all are readily available. Although the data in this article is obfuscated, these stanzas of gross fraud come with the name, address, phone number, SSN, and mother’s maiden name of the victim. That seems ready-made for a complaint. It is   time to use the miscreants’ greatest asset, the underground economy, against them.  
The greatest failure of new technology is a rush to market, without
consideration of the risks and a cost/benefit analysis. This is at the heart of
the security problem. Certainly, that is not to say that industries should not
capitalize on technological advances but, rather, that they should consider
risk and threat mitigation strategies prior to bringing any product to market.
 
Those who actively participate in the underground economy have another problem—how to move
the significant quantity of illegally obtained funds. There are a variety of
solutions they discuss, such as offshore trusts to protect their financial
assets against lawsuits. Lawsuits, prying eyes, and seizure are all mitigated
through the use of offshore banking. Several offshore banks will wittingly
accept such accounts.
 
The underground economy is fertile ground for the pursuit and prosecution of the miscreants. Most of the underground economy servers are public, advertised widely, and easy to find (standard IRC ports, very descriptive DNS RRs, etc.). There is absolutely no presumption of privacy in the underground economy; the channels aren’t hidden, the channels have no keys, and the servers have no passwords. There is evidence of physical crime as well as online crime, and admissions of guilt, and all are readily available. Although the data in this article is obfuscated, these stanzas of gross fraud come with the name, address, phone number, SSN, and mother’s maiden name of the victim. That seems ready-made for a complaint. It is time to use the miscreants’ greatest asset, the underground economy, against them:
 
Most of the underground economy servers are public, advertised widely, and easy to find (standard IRC ports, very descriptive DNS RRs, etc.). There is absolutely no presumption of privacy in the underground economy; the channels aren’t hidden, the channels have no keys, and the servers have no passwords. The clients in these channels are widely divergent. There is no need to hide, period.  
 
* ''PRINCIPAL ACTORS AND THREATS:''


SPAMMERS:
SPAMMERS:
Line 34: Line 51:
chants and the miscreant consumers regarding compromised financial  
chants and the miscreant consumers regarding compromised financial  
accounts, drops (compromised financial accounts used to launder funds),  
accounts, drops (compromised financial accounts used to launder funds),  
and cashiers (those who can clean them out):
and cashiers (those who can clean them out).
<A> i have wells and boa logins and i need to good drop man .......ripper
 
f#@! off
<B> <=== .Have All Bank Infos. US/Canada/ Uk ...Legit Cashiers Only
Msg/me
<C> HELLO room... I am Ashley from the State... I got drops for US banks
and i need a very trust worthy and understanding man to do deal with ...
the share its 60/40...Msg me for deal
The miscreant spammers are some of the most highly paid individuals in  
The miscreant spammers are some of the most highly paid individuals in  
the underground. It’s easy to see why—spam works, and yields high prof-  
the underground. It’s easy to see why—spam works, and yields high prof-  
its.
its.


This is the greatest failure of new technology—a rush to market, without
CASHIERS:
consideration of the risks and a cost/benefit analysis. This is at the heart of
the security problem. Certainly, that is not to say that industries should not
capitalize on technological advances but, rather, that they should consider
risk and threat mitigation strategies prior to bringing any product to market.
 
Those who actively participate in the underground economy have another problem—how to move
the significant quantity of illegally obtained funds. There are a variety of
solutions they discuss, such as offshore trusts to protect their financial
assets against lawsuits. Lawsuits, prying eyes, and seizure are all mitigated
through the use of offshore banking. Several offshore banks will wittingly
accept such accounts.


CASHIERS:
The miscreants advertise for cashiers for both logical and physical (e.g., go  
The miscreants advertise for cashiers for both logical and physical (e.g., go  
collect the money at a Western Union site) account cleanups. Cashing out  
collect the money at a Western Union site) account cleanups. Cashing out  
Line 72: Line 71:
new skill set: gender-based cashiers. There are plenty of female miscreants,  
new skill set: gender-based cashiers. There are plenty of female miscreants,  
willing to clean out accounts both virtually and physically.
willing to clean out accounts both virtually and physically.


DROPS:
DROPS:
Line 100: Line 98:
have many more accounts to sell, and they offer up the samples as adver-  
have many more accounts to sell, and they offer up the samples as adver-  
tising. All amounts are in U.S. dollars, and some of these account totals are  
tising. All amounts are in U.S. dollars, and some of these account totals are  
impressive, while others are quite small. The true account owner probably
impressive, while others are quite small.  
doesn’t consider them unimportant, however:
 
<A> Total: $310.64—A is from Country A
<B> Total $930,391.94—B is from Country B
<C> Total $216,934.93
<C> Grand Total $1,803.59—C is from Country C
<D> Total: $49.00—D is from the Country D
<E> Total $258,602.27—E is from Country E
<F> Total $60.07—F is from the Country D
<G> Grand Total $1,987.97—G is from Country F
<H> Total $48,096.65—H is from Country A
<I> Total $33,332.76—I is from Country B
So, with one channel, one 24-hour period, and just a few samples, at least
US$1,599,335.80 has gone to fund multinational criminals.
 
PRIVACY IN THE UNDERGROUND ECONOMY:


Most of the underground economy servers
With one channel, one 24-hour period, and just a few samples, at least
are public, advertised widely, and easy to find (standard IRC ports, very
US$1,599,335.80 has gone to fund multinational criminals.
descriptive DNS RRs, etc.). There is absolutely no presumption of privacy
in the underground economy; the channels aren’t hidden, the channels
have no keys, and the servers have no passwords. The clients in these
channels are widely divergent. Think about what has just been shared:
1. There is no need for specialized IRC clients.
2. There is no need to rapidly track ever-changing DNS RRs and IPs.
3. There is no need to pull apart every new permutation of malware.
4. There is no need to hide, period.  


==Additional Notes and Highlights==
==Additional Notes and Highlights==
Expertise Required: Technology - Low

Latest revision as of 16:04, 28 July 2010

Full Title of Reference

The Underground Economy: Priceless

Full Citation

Rob Thomas and Jerry Martin, The Underground Economy: Priceless, 31 USENIX ;login: 6 (2006). Web

BibTeX

Categorization

Key Words

Botnet, Internet Relay Chat (IRC), Credit Card Fraud, Hacker, Identity Fraud/Theft, Keylogger, Malware, SPAM

Synopsis

An analysis of the ways in which miscreants in the underground economy monetize stolen credit card data, bot networks, compromised hosts and other spoils of cybercrime.

The greatest failure of new technology is a rush to market, without consideration of the risks and a cost/benefit analysis. This is at the heart of the security problem. Certainly, that is not to say that industries should not capitalize on technological advances but, rather, that they should consider risk and threat mitigation strategies prior to bringing any product to market.

Those who actively participate in the underground economy have another problem—how to move the significant quantity of illegally obtained funds. There are a variety of solutions they discuss, such as offshore trusts to protect their financial assets against lawsuits. Lawsuits, prying eyes, and seizure are all mitigated through the use of offshore banking. Several offshore banks will wittingly accept such accounts.

The underground economy is fertile ground for the pursuit and prosecution of the miscreants. Most of the underground economy servers are public, advertised widely, and easy to find (standard IRC ports, very descriptive DNS RRs, etc.). There is absolutely no presumption of privacy in the underground economy; the channels aren’t hidden, the channels have no keys, and the servers have no passwords. There is evidence of physical crime as well as online crime, and admissions of guilt, and all are readily available. Although the data in this article is obfuscated, these stanzas of gross fraud come with the name, address, phone number, SSN, and mother’s maiden name of the victim. That seems ready-made for a complaint. It is time to use the miscreants’ greatest asset, the underground economy, against them:

Most of the underground economy servers are public, advertised widely, and easy to find (standard IRC ports, very descriptive DNS RRs, etc.). There is absolutely no presumption of privacy in the underground economy; the channels aren’t hidden, the channels have no keys, and the servers have no passwords. The clients in these channels are widely divergent. There is no need to hide, period.

  • PRINCIPAL ACTORS AND THREATS:

SPAMMERS:

One can readily see the plethora of advertisements by the miscreant mer- chants and the miscreant consumers regarding compromised financial accounts, drops (compromised financial accounts used to launder funds), and cashiers (those who can clean them out).

The miscreant spammers are some of the most highly paid individuals in the underground. It’s easy to see why—spam works, and yields high prof- its.

CASHIERS:

The miscreants advertise for cashiers for both logical and physical (e.g., go collect the money at a Western Union site) account cleanups. Cashing out these accounts often must be accomplished from within the country where the account resides. Enter the bank broker, the miscreant who will cash out the account. Demand is high for these miscreants, and they never ask questions. When a cashier attempts to clean out a bank account (50% always goes to the cashier) on behalf of another miscreant, that cashier must have some semblance of legitimacy with the bank. Increasingly, the miscreants are finding that a male voice attempting to clean out an account obviously belonging to a female isn’t accepted by the banks. Thus is born a new skill set: gender-based cashiers. There are plenty of female miscreants, willing to clean out accounts both virtually and physically.

DROPS:

One of the hottest commodities in the underground economy is the drop. A drop can have one of two definitions. The first definition of a drop is a location to which goods or cash can be sent. The person who owns the drop will then resend the items or hold them for pickup. There is a charge for this service, of course, ranging from a 70/30 (30% to the drop owner) split to a 50/50 split. Drops include homes and businesses, and often the drop owner is clueless about the contents of the dropped package. In this case, the drop owner is paid a flat fee by the shipper or the broker. The second definition of a drop is a bank account through which money can be moved. This is a convenient way to cash out bank accounts, online finan- cial accounts such as PayPal, and credit cards. The drop owner almost always receives 50% of the take, although competition in this space is reducing that percentage. The location of the drop is critical, as some com- panies won’t ship overseas.

DATA STOLEN:

How much money do the miscreants make in the underground economy? More to the point, how much money do they steal? Here’s a snapshot from one underground economy trading channel over a 24-hour period. These are the total account values for financial accounts to which these criminals have obtained access. These are just the samples; these miscreants claim to have many more accounts to sell, and they offer up the samples as adver- tising. All amounts are in U.S. dollars, and some of these account totals are impressive, while others are quite small.

With one channel, one 24-hour period, and just a few samples, at least US$1,599,335.80 has gone to fund multinational criminals.

Additional Notes and Highlights

Expertise Required: Technology - Low

Retrieved from "http://cyber.harvard.edu/cybersecurity/?title=The_Underground_Economy&oldid=4937"