DOCSLIB.ORG

Deviant Security the Technical Computer Security Practices of Cyber Criminals

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Deviant Security the Technical Computer Security Practices of Cyber Criminals This electronic thesis or dissertation has been downloaded from Explore Bristol Research, http://research-information.bristol.ac.uk Author: Van De Sandt, Erik Title: Deviant Security The Technical Computer Security Practices of Cyber Criminals. General rights Access to the thesis is subject to the Creative Commons Attribution - NonCommercial-No Derivatives 4.0 International Public License. A copy of this may be found at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode This license sets out your rights and the restrictions that apply to your access to the thesis so it is important you read this before proceeding. Take down policy Some pages of this thesis may have been removed for copyright restrictions prior to having it been deposited in Explore Bristol Research. However, if you have discovered material within the thesis that you consider to be unlawful e.g. breaches of copyright (either yours or that of a third party) or any other law, including but not limited to those relating to patent, trademark, confidentiality, data protection, obscenity, defamation, libel, then please contact [email protected] and include the following information in your message: •Your contact details •Bibliographic details for the item, including a URL •An outline nature of the complaint Your claim will be investigated and, where appropriate, the item in question will be removed from public view as soon as possible. Deviant Security: The Technical Computer Security Practices of Cyber Criminals. Erik H.A. van de Sandt 26th April 2019 Acknowledgments What an exciting journey it has been to research deviant security practices while chasing some of the world’s most serious and organized cyber criminals. First of all, I thank my amazing supervisor Professor Awais Rashid. You are the perfect example of what impact a cheerful attitude towards life can have on other people. Thank you for your advice, inspiration and support. To all my national and international law-enforcement colleagues with whom I worked during this project, I salute you. The true diversity in backgrounds, cultures and ideas, yet feeling as one big family on a mission, is a bless to me. I could not have done this without you. I love the remark of one of my colleagues who read a first version, and said: ‘You basically wrote down what we do, see and discuss on a daily basis’. That is indeed true, and I hope my thesis shows to readers how intellectually satisfying our work is while serving the values of secular liberal democracy. Gert R., Marijn S., Pim T. and Wilbert P., thank you for facilitating me at work. Because of my family and especially my partner S., this felt like fun. Only once, I was insecure about the project, but with your love and support we managed to get me back on track within a week. Thank you. Abstract The dominant academic and practitioners’ perspective on security evolves around law-abiding referent objects of security who are under attack by law-breaking threat agents. This study turns the current perspective around and presents a new security paradigm. Suspects of crime have threat agents as well, and are therefore in need of security. The study takes cyber criminals as referent objects of security, and researches their technical computer security practices. While their protective practices are not necessarily deemed criminal by law, security policies and mechanisms of cyber criminals frequently deviate from prescribed bonafide cyber security standards. As such, this study is the first to present a full picture on these deviant security practices, based on unique access to pub- lic and confidential secondary data related to some of the world’s most serious and organized cyber criminals. Besides describing the protection of crime and the criminal, the observed practices are explained by the economics of deviant security: a combination of technical computer security principles and microe- conomic theory. The new security paradigm lets us realize that cyber criminals have many countermeasures at their disposal in the preparation, pre-activity, activity and post-activity phases of their modi operandi. Their controls are not only driven by technical innovations, but also by cultural, economical, legal and political dimensions on a micro, meso and macro level. Deviant security is very much democratized, and indeed one of the prime causes of today’s efficiency and effectiveness crisis in police investigations. Yet every modus operandi comes with all kinds of minor, major and even unavoidable weaknesses, and therefore suggestions are made how police investigations can exploit these vulnerabilities and promote human security as a public good for all citizens. Ultimately, the findings of this socio-technical-legal project prove that deviant security is an academic field of study on its own with continually evolving research opportu- nities. Contents Contents iii List of Figures vi List of Tables viii Nomenclature ix 1 Introduction 1 1.1 Research Direction & Objectives . .4 1.2 Significance of Study . .6 1.3 Approach . .7 1.4 Novel Contributions . .7 1.5 Outline of Study . .8 I Literature Review 11 2 Current ‘Good Guy’ Perspectives on Security 12 2.1 Security as an Ongoing Process . 13 2.2 Current Perspective on Technical Computer Security . 15 2.3 Current Perspectives on Cyber Security & Cyber Crimes . 17 2.3.1 Why Cyber Crime is (not) Cyber Security . 17 2.3.2 Border-Centric View on Cyber Security & Cyber Crimes 19 2.3.3 Borderless View on Cyber Security & Cyber Crimes . 22 2.4 Interim Conclusion and Discussion . 25 3 Touching upon Security Controls of Cyber Criminals 27 3.1 Computer Science & Engineering Literature . 28 3.1.1 Anti-Forensics . 28 3.1.2 Botnet Protection . 31 3.1.3 Authorship Analysis . 34 3.1.4 Attacker Economics..................... 36 3.1.5 Interim Conclusion & Discussion . 38 3.2 Social Science Literature . 39 iii 3.3 Legal Studies . 42 3.4 Interim Conclusion and Discussion . 45 II Methodology 47 4 A Multidisciplinary Approach for Deviant Security 48 4.1 Descriptive: Grounded Theory for Deviant Security Practices . 50 4.1.1 Cyber Criminal and Cyber Security Participants . 52 4.1.2 Secondary Data Sources . 55 4.1.3 Data Collection, Analysis and Writing . 59 4.2 Explanatory: Information Age & Microeconomic Theory . 61 4.2.1 Deviant Security in the Information Age . 61 4.2.2 The Microeconomics of Deviant Security . 64 4.3 Limitations . 66 4.4 Ethical issues . 71 III Research Findings 73 5 What? - Basic Qualities of Deviant Security 74 5.1 Definition: What Makes Security Deviant? . 76 5.2 Meaning: Subjective Condition . 83 5.3 Provision: Club, Common, Private and Public Good . 86 5.4 Function: An Asset To Protect Assets . 89 5.5 Form: Intangible and Tangible Products & Services . 96 5.6 Interim Conclusion and Discussion . 102 6 Who? - Interactive Qualities of Deviant Security 105 6.1 Autarkic & Autonomous Referent Objects . 106 6.2 DevSec Providers & Services . 108 6.3 Threat Agents & Attacks . 113 6.4 Information Asymmetries in Intertwined Networks........ 117 6.5 Deception as Deviant Security Control . 125 6.6 Trust and Distrust as Deviant Security Controls......... 132 6.7 Interim Conclusion and Discussion................. 144 7 When & Where? - Temporal-Spatial Qualities of Deviant Se- curity 148 7.1 Countermeasures Against Data Volatility & Retention...... 150 7.2 Intercultural Communication as a Countermeasure........ 157 7.3 Distribution as a Countermeasure . 168 7.4 Physical Deviant Security . 178 7.5 Interim Conclusion and Discussion . 186 iv 8 Investigative Responses Against Deviant Security 189 8.1 Security-Driven Investigations That Provide Human Security . 190 8.2 Investigations as a Public Service With Multiple Outcomes . 195 8.3 Technical Harmonization for a Global Investigation System . 202 8.4 Reactive & Proactive Investigations on Commission & Protection 208 8.5 Interim Conclusion & Discussion . 214 IV Conclusions 218 9 The Outlook of Deviant Security 219 9.1 Thesis Objectives Reiterated.................... 219 9.2 A Filled-In Deviant Security Process Cycle............ 221 9.3 Summary of Findings . 225 9.4 Moving Forward From Findings . 231 9.5 Concluding Remarks . 234 Bibliography 235 v List of Figures 1.1 A visualization of the known knowns and known unknowns of attacks and defences . .5 2.1 Security process cycle . 14 2.2 Venn-diagram of cyber security and cyber crime discourses . 18 2.3 Cyber crimes incorporated into the cyber security discourse . 19 2.4 Deviant security process cycle . 26 3.1 Security process cycles on anti-forensics . 31 3.2 Security process cycle on botnet protection . 34 3.3 Security process cycle on authorship analysis . 36 3.4 Security process cycle on attacker economics . 38 4.1 Conditional and consequential matrix . 64 5.1 Visual oversight of Chapter 5 . 76 5.2 Visualization of intangible and tangible protective assets . 98 6.1 Visual oversight of Chapter 6 . 106 6.2 Crime script analysis of cyber crime services and products . 112 6.3 Network chart of intertwined roles . 120 6.4 Visualization of dilemmas because of information asymmetries . 122 6.5 Continuum of hosting service providers . 124 6.6 Process description of deviant trust . 136 6.7 Visual comparison of trust and distrust continuums . 138 7.1 Conditional/consequential matrix with temporal-spatial concepts 149 7.2 Visual oversight of Chapter 7 . 150 7.3 Circle diagram of the reversed electronic panopticon . 154 7.4 Comparison of deviant security mechanisms between underground economies . 160 7.5 Euler-diagram of various deviant security cultures . 165 7.6 Visualization of points of attack and their relation . 171 7.7 Visualization of the Netherlands as a low-risk point of attack linkage172 7.8 Visualization of distribution as a countermeasure . 176 vi 8.1 Hierarchal Venn-diagram of public and private interests in the cyber security community .
Load more

Recommended publications
  • The Confessions of the Hacker Who Saved the Internet About:Reader?Url=
    The Confessions of the Hacker Who Saved the Internet about:reader?url=https://www.wired.com/story/confessions-marcus-hutc... wired.com The Confessions of the Hacker Who Saved the Internet Andy Greenberg 72-92 minutes At around 7 am on a quiet Wednesday in August 2017, Marcus Hutchins walked out the front door of the Airbnb mansion in Las Vegas where he had been partying for the past week and a half. A gangly, 6'4", 23-year-old hacker with an explosion of blond-brown curls, Hutchins had emerged to retrieve his order of a Big Mac and fries from an Uber Eats deliveryman. But as he stood barefoot on the mansion's driveway wearing only a T-shirt and jeans, Hutchins noticed a black SUV parked on the street—one that looked very much like an FBI stakeout. He stared at the vehicle blankly, his mind still hazed from sleep deprivation and stoned from the legalized Nevada weed he'd been smoking all night. For a fleeting moment, he wondered: Is this finally it? 1 of 51 5/21/2020, 10:07 AM The Confessions of the Hacker Who Saved the Internet about:reader?url=https://www.wired.com/story/confessions-marcus-hutc... June 2020. Subscribe to WIRED . Photograph: Ramona Rosales But as soon as the thought surfaced, he dismissed it. The FBI would never be so obvious, he told himself. His feet had begun to scald on the griddle of the driveway. So he grabbed the McDonald's bag and headed back inside, through the mansion's courtyard, and into the pool house he'd been using as a bedroom.
    [Show full text]
  • The Underground Economy.Pdf
    THE THE The seeds of cybercrime grow in the anonymized depths of the dark web – underground websites where the criminally minded meet to traffic in illegal products and services, develop contacts for jobs and commerce, and even socialize with friends. To better understand how cybercriminals operate today and what they might do in the future, Trustwave SpiderLabs researchers maintain a presence in some of the more prominent recesses of the online criminal underground. There, the team takes advantage of the very anonymity that makes the dark web unique, which allows them to discretely observe the habits of cyber swindlers. Some of the information the team has gathered revolves around the dark web’s intricate code of honor, reputation systems, job market, and techniques used by cybercriminals to hide their tracks from law enforcement. We’ve previously highlighted these findings in an extensive three-part series featured on the Trustwave SpiderLabs blog. But we’ve decided to consolidate and package this information in an informative e-book that gleans the most important information from that series, illustrating how the online criminal underground works. Knowledge is power in cybersecurity, and this serves as a weapon in the fight against cybercrime. THE Where Criminals Congregate Much like your everyday social individual, cyber swindlers convene on online forums and discussion platforms tailored to their interests. Most of the criminal activity conducted occurs on the dark web, a network of anonymized websites that uses services such as Tor to disguise the locations of servers and mask the identities of site operators and visitors. The most popular destination is the now-defunct Silk Road, which operated from 2011 until the arrest of its founder, Ross Ulbricht, in 2013.
    [Show full text]
  • CYBERATTACKS and the DIGITAL DILEMMA
    CYBERATTACKS and the DIGITAL DILEMMA Recent high-profile hacks have renewed calls for improved security, but competing incentives pose a challenge By Tim Sablik ver the past year, Americans have been inundated More Connected, More Exposed with news of one large-scale cyberattack after One reason cyberattacks continue to be a problem despite Oanother. The Democratic National Committee’s efforts to stop them is that there are simply more avenues email server was compromised during the 2016 election, of attack than ever before. For instance, a growing array and the organization’s internal emails were posted pub- of consumer devices — TVs, cars, ovens, and thermostats, licly by WikiLeaks. An October 2016 attack temporarily to name a few — are now connected to the Web, making disrupted service to many of the most trafficked sites up what has been called the Internet of Things (IoT). on the Web, including Netflix, Amazon, and Twitter. One estimate holds that there will be more than 8 billion Ransomware — malicious code that locks a computer’s connected devices by the end of 2017 — more than one files until users pay for a decryption key — infected busi- for every person on the planet. By 2020, this number is ness, government, and personal computers around the expected to grow to more than 20 billion. But these new globe in May and June 2017. And in September, credit devices come with a trade-off. bureau Equifax disclosed that hackers accessed personal “The more technology we accumulate to make our lives data used to obtain loans or credit cards for as many as 143 easier, the more it opens us up to attack,” says Timothy million Americans — making it potentially the largest data Summers, the director of innovation, entrepreneurship, theft in history.
    [Show full text]
  • Beware of These Common Scams
    Beware of these common scams Nigerian Scams People claiming to be officials, businessmen or surviving relatives of former government officials in countries around the world send countless offers via e-mail, attempting to convince consumers that they will transfer thousands of dollars into your bank account if you will just pay a fee or "taxes" to help them access their money. If you respond to the initial offer, you may receive documents that look "official." Unfortunately, you will get more e-mails asking you to send more money to cover transaction and transfer costs, attorney's fees, blank letterhead and your bank account numbers and other sensitive, personal information. Tech Support Scams A tech support person may call or email you and claim that they are from Windows, Microsoft or another software company. The person says your computer is running slow or has a virus and it’s sending out error messages. Scammers will ask you to visit a website that gives them remote access to your computer. If the caller obtains access they can steal personal information, usernames and passwords to commit identity theft or send spam messages. In some cases, the caller may even be asked for a wired payment or credit card information. Lottery Scams In foreign lottery scams, you receive an email claiming that you are the winner of a foreign lottery. All you need to do to claim your prize is send money to pay the taxes, insurance, or processing or customs fees. Sometimes, you will be asked to provide a bank account number so the funds can be deposited.
    [Show full text]
  • Shadowcrew Organization Called 'One-Stop Online Marketplace for Identity Theft'
    October 28, 2004 Department Of Justice CRM (202) 514-2007 TDD (202) 514-1888 WWW.USDOJ.GOV Nineteen Individuals Indicted in Internet 'Carding' Conspiracy Shadowcrew Organization Called 'One-Stop Online Marketplace for Identity Theft' WASHINGTON, D.C. - Attorney General John Ashcroft, Assistant Attorney General Christopher A. Wray of the Criminal Division, U.S. Attorney Christopher Christie of the District of New Jersey and United States Secret Service Director W. Ralph Basham today announced the indictment of 19 individuals who are alleged to have founded, moderated and operated "www.shadowcrew.com" -- one of the largest illegal online centers for trafficking in stolen identity information and documents, as well as stolen credit and debit card numbers. The 62-count indictment, returned by a federal grand jury in Newark, New Jersey today, alleges that the 19 individuals from across the United States and in several foreign countries conspired with others to operate "Shadowcrew," a website with approximately 4,000 members that was dedicated to facilitating malicious computer hacking and the dissemination of stolen credit card, debit card and bank account numbers and counterfeit identification documents, such as drivers' licenses, passports and Social Security cards. The indictment alleges a conspiracy to commit activity often referred to as "carding" -- the use of account numbers and counterfeit identity documents to complete identity theft and defraud banks and retailers. The indictment is a result of a year-long investigation undertaken by the United States Secret Service, working in cooperation with the U.S. Attorney's Office for the District of New Jersey, the Computer Crime and Intellectual Property Section of the Criminal Division of the Department of Justice, and other U.S.
    [Show full text]
  • Bibliography
    Bibliography [1] M Aamir Ali, B Arief, M Emms, A van Moorsel, “Does the Online Card Payment Landscape Unwittingly Facilitate Fraud?” IEEE Security & Pri- vacy Magazine (2017) [2] M Abadi, RM Needham, “Prudent Engineering Practice for Cryptographic Protocols”, IEEE Transactions on Software Engineering v 22 no 1 (Jan 96) pp 6–15; also as DEC SRC Research Report no 125 (June 1 1994) [3] A Abbasi, HC Chen, “Visualizing Authorship for Identification”, in ISI 2006, LNCS 3975 pp 60–71 [4] H Abelson, RJ Anderson, SM Bellovin, J Benaloh, M Blaze, W Diffie, J Gilmore, PG Neumann, RL Rivest, JI Schiller, B Schneier, “The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption”, in World Wide Web Journal v 2 no 3 (Summer 1997) pp 241–257 [5] H Abelson, RJ Anderson, SM Bellovin, J Benaloh, M Blaze, W Diffie, J Gilmore, M Green, PG Neumann, RL Rivest, JI Schiller, B Schneier, M Specter, D Weizmann, “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications”, MIT CSAIL Tech Report 2015-026 (July 6, 2015); abridged version in Communications of the ACM v 58 no 10 (Oct 2015) [6] M Abrahms, “What Terrorists Really Want”,International Security v 32 no 4 (2008) pp 78–105 [7] M Abrahms, J Weiss, “Malicious Control System Cyber Security Attack Case Study – Maroochy Water Services, Australia”, ACSAC 2008 [8] A Abulafia, S Brown, S Abramovich-Bar, “A Fraudulent Case Involving Novel Ink Eradication Methods”, in Journal of Forensic Sciences v41(1996) pp 300-302 [9] DG Abraham, GM Dolan, GP Double, JV Stevens,
    [Show full text]
  • Magazine 2/2017
    B56133 The Science Magazine of the Max Planck Society 2.2017 Big Data IT SECURITY IMAGING COLLECTIVE BEHAVIOR AESTHETICS Cyber Attacks on Live View of the Why Animals The Power Free Elections Focus of Disease Swarm for Swarms of Art Dossier – The Future of Energy Find out how we can achieve CO2 neutrality and the end of dependence on fossil fuels by 2100, thus opening a new age of electricity. siemens.com/pof-future-of-energy 13057_Print-Anzeige_V01.indd 2 12.10.16 14:47 ON LOCATION Photo: Astrid Eckert/Munich Operation Darkness When, on a clear night, you gaze at twinkling stars, glimmering planets or the cloudy band of the Milky Way, you are actually seeing only half the story – or, to be more precise, a tiny fraction of it. With the telescopes available to us, using all of the possible ranges of the electromagnetic spectrum, we can observe only a mere one percent of the universe. The rest remains hidden, spread between dark energy and dark matter. The latter makes up over 20 percent of the cosmos. And it is this mysterious substance that is the focus of scien- tists involved in the CRESST Experiment. Behind this simple sounding name is a complex experiment, the “Cryogenic Rare Event Search with Superconducting Thermometers.” The site of the unusual campaign is the deep underground laboratory under the Gran Sasso mountain range in Italy’s Abruzzo region. Fully shielded by 1,400 meters of rock, the researchers here – from the Max Planck Institute for Physics, among others – have installed a special device whose job is to detect particles of dark matter.
    [Show full text]
  • Lawyer: British Hacking Suspect Will Be Vindicated 14 August 2017
    Lawyer: British hacking suspect will be vindicated 14 August 2017 "Marcus Hutchins is a brilliant young man and a hero," said Marcia Hofmann, an attorney affiliated with the Electronic Frontier Foundation, a digital rights group, who represented Hutchins at the hearing. "He is going to vigorously defend himself against these charges. And when the evidence comes to light, we are confident he will be fully vindicated." Hours after the hearing, Hutchins resumed activity on Twitter. "I'm still on trial, still not allowed to go home, still on house arrest; but now i am allowed online," he wrote. He also joked about the experience with a sarcastic Marcus Hutchins (R), the British cyber security expert "to do" list from his US visit: "Things to do during accused of creating and selling malware that steals defcon: Attend parties. Visit red rock canyon. Go banking passwords, appeared at a court hearing shooting. Be indicted by the FBI. Rent supercars." Monday in Milwaukee, Wisconsin with his lawyers Marcia Homann and Brian Klein A federal indictment accuses Hutchins and another A lawyer for a 23-year-old British computer security individual of making and distributing the Kronos researcher accused of creating malware to attack "banking Trojan," a reference to malicious software the banking system on Monday called him a "hero" designed to steal user names and passwords used and predicted he would be "fully vindicated." at online banking sites. The lawyer's remarks came after Marcus The indictment set the time of the activity by Hutchins—who three months ago found a "kill Hutchins as being from July 2014 to July 2015.
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]
  • Congressional Record United States Th of America PROCEEDINGS and DEBATES of the 116 CONGRESS, FIRST SESSION
    E PL UR UM IB N U U S Congressional Record United States th of America PROCEEDINGS AND DEBATES OF THE 116 CONGRESS, FIRST SESSION Vol. 165 WASHINGTON, THURSDAY, MARCH 14, 2019 No. 46 House of Representatives The House met at 9 a.m. and was Pursuant to clause 1, rule I, the Jour- Mr. HARDER of California. Mr. called to order by the Speaker pro tem- nal stands approved. Speaker, this week, the administration pore (Mr. CARBAJAL). Mr. HARDER of California. Mr. released its proposed budget, and I am f Speaker, pursuant to clause 1, rule I, I here to share what those budget cuts demand a vote on agreeing to the actually mean for the farmers in my DESIGNATION OF THE SPEAKER Speaker’s approval of the Journal. home, California’s Central Valley. PRO TEMPORE The SPEAKER pro tempore. The Imagine you are an almond farmer in The SPEAKER pro tempore laid be- question is on the Speaker’s approval the Central Valley. Maybe your farm fore the House the following commu- of the Journal. has been a part of the family for mul- nication from the Speaker: The question was taken; and the tiple generations. Over the past 5 WASHINGTON, DC, Speaker pro tempore announced that years, you have seen your net farm in- March 14, 2019. the ayes appeared to have it. come has dropped by half, the largest I hereby appoint the Honorable SALUD O. Mr. HARDER of California. Mr. drop since the Great Depression. CARBAJAL to act as Speaker pro tempore on Speaker, I object to the vote on the Then you wake up this week and hear this day.
    [Show full text]
  • Online Money Laundering Operations to Take Place
    Laundering Money Online: a review of cybercriminals’ methods Jean-Loup Richet Tools and Resources for Anti-Corruption Knowledge – June, 01, 2013 - United Nations Office on Drugs and Crime (UNODC). Executive Summary Money laundering is a critical step in the cyber crime process which is experiencing some changes as hackers and their criminal colleagues continually alter and optimize payment mechanisms. Conducting quantitative research on underground laundering activity poses an inherent challenge: Bad guys and their banks don’t share information on criminal pursuits. However, by analyzing forums, we have identified two growth areas in money laundering: Online gaming—Online role playing games provide an easy way for criminals to launder money. This frequently involves the opening of numerous different accounts on various online games to move money. Micro laundering—Cyber criminals are increasingly looking at micro laundering via sites like PayPal or, interestingly, using job advertising sites, to avoid detection. Moreover, as online and mobile micro-payment are interconnected with traditional payment services, funds can now be moved to or from a variety of payment methods, increasing the difficulty to apprehend money launderers. Micro laundering makes it possible to launder a large amount of money in small amounts through thousands of electronic transactions. One growing scenario: using virtual credit cards as an alternative to prepaid mobile cards; they could be funded with a scammed bank account – with instant transaction – and used as a foundation of a PayPal account that would be laundered through a micro-laundering scheme. Laundering Money Online: a review of cybercriminals’ methods Millions of transactions take place over the internet each day, and criminal organizations are taking advantage of this fact to launder illegally acquired funds through covert, anonymous online transactions.
    [Show full text]
  • 8-30-16 Transcript Bulletin
    FRONT PAGE A1 Buffaloes bowl over Cowboys in rival game See B1 TOOELETRANSCRIPT SERVING TOOELE COUNTY BULLETIN SINCE 1894 TUESDAY August 30, 2016 www.TooeleOnline.com Vol. 123 No. 26 $1.00 Local suicides declined in 2015 JESSICA HENRIE are working. STAFF WRITER “I’m anxious to see how this Numerous suicide pre- year’s numbers compare,” she Tooele County Resident Suicides 2009-2015 vention programs in Tooele said. “I don’t want to be too Source: Tooele County Health Department Vital Statistics Office 20 County may be seeing some quick to say what we’re doing 20 results. is working. And there are so The suicide rate in the many factors — some people county was down last year, might have a terminal illness 14 according to the Tooele County or are under the influence.” 15 13 Health Department’s annual Bate added, “Even one death report for 2015. is too many, so it’s going to be 10 Last year, 13 county resi- a problem we’ll focus on until 10 9 9 dents died from suicide. That’s people get the help they need. seven fewer deaths than in People can be suicidal … and 2014, said Amy Bate, public never be suicidal again if they 5 information officer for the get the help they need. They 5 department. can lead a really happy life.” FILE PHOTO However, Bate will wait Suicide by the numbers Tawnee Griffith and Daniell Ruppell release a lantern into the sky as part of until 2016’s numbers come Suicide statistics on the 0 the Tooele County Health Department’s “With Help Comes Hope” suicide in before saying for sure the 2009 2010 2011 2012 2013 2014 2015 prevention event on May 14.
    [Show full text]