The mini computer in your pocket, or mobile phone as it’s more commonly known, unwittingly grants access to the international economy of cybercrime.
As does your tablet, laptop and desktop. The international cybercrime economy is booming.
The more apps on digital devices, the greater the chance of exposure. An unfortunate fact of modern life.
Cybercrime used to be an infrequent collateral damage feature of owning a digital device. Everything’s digital, your life is online. The odd fraudulent experience is to be expected. Once in awhile.
Over the years that odd experience has evolved into a vast illegal global economy.
The size of the economy is staggering, and as with any global economy it mirrors it’s legitimate counterparts. The economic ecosystem is all present and accounted for; producers, suppliers, service providers and consumers.
A revenue estimate has been placed on this economy. Last year global cybercrime revenues reached $1.5 Trillion. And that’s conservative.
In April 2018 the head of Criminology at Surrey University, Dr. Mike McGuire, published an in-depth study of cybercrime, criminals and money Into The Web of Profit
An impressively researched piece commissioned by cybersecurity company Bromium.
Illegal online markets formed 50% of revenues. There’s big money in dark web drug stores, stolen credit cards, phished bank account details and other log in credentials. Not to mention services for the trapped movement of commodities, human slaves.
Platforms of criminality where interactions and transactions take place. The dark version of huge legitimate platforms like Google, Linkedin, Facebook.
The revenue breakdown earned by groups and individuals of cybercrime is spent in similar fashion to the regular workers of the world.
15% of the cybercriminals sampled in the study spent the majority of their revenues on covering immediate needs – paying bills and everyday life purchases.
20% opted for disorganised or hedonistic spending.
15% engaged in calculated spending to attain status, or to impress partners and other criminals.
30% converted some of their revenues into assets, property.
20% were ambitious. They used at least some of their revenues to reinvest in further criminal activities. Buying equipment or more crimeware. Channelling their revenues into larger enterprises. The production of illegal drugs, human trafficking and terrorism.
Anything and everything is available within the cybercrime economy. There are roles to play for highly organised cyber gangs, as well as individuals plotting scams at home in their dressing gowns. Kind of like the guy in this story with or without his butane torch. Who knows?
A cyber criminal loves Thirst world countries. Those countries that are a mixture of first and third world.
Brazil, South Africa. These are where someone’s mobile phone becomes an extension of an ATM.
In Sub Sahara Africa alone 66% of the population are unbanked They have no access to a formal bank account. Mobile money payments dominate.
It’s also the worlds fastest growing mobile phone region. Most of the population have a basic mobile while smartphone usage is steadily increasing. Smartphones mean the internet and apps. Handheld computers. A cybercriminals dream.
One of the favoured scams in South Africa and Brazil is SIM swap fraud
Imagine you’re happily going on about your day when you take out your phone and see it has no signal. No big deal probably a cell tower black spot. The signal stays down for the next two hours. Dead air. It eventually comes back into signal or you end up calling your mobile operator.
Or worst case scenario you try and log into your online banking and don’t receive your one time verification pin through text message. It’s been diverted.
“Is there a problem with the network at the moment?” No, but you did order a new SIM card which was ported over with your mobile number to another phone.
A cyber criminal has essentially hijacked your phone for the time it takes to;
Contact your mobile provider and request a SIM swap port including the existing number over to his phone.
Use the new SIM to receive your one time online banking pass code through text message. Two factor authentication is send via text message and tied to the SIM of your phone.
Logged in to your online banking using the pass code and transferred most or all of your bank account contents into an account they control.
Cashed out the transferred amount immediately or moved it into another account. Cashing it out later.
If they’re greedy or trying their luck they may even pull a quick Whats app scam for good measure. You know the one.
Download all the original phone contacts onto Whats app then fire off a message to all contacts.
“I’m stranded, such and such has happened, I need your help. Please transfer a small amount into my bank account.”
It may get a few nibbles.
The Phish are always biting
The SIM swap crime cannot occur without the involvement or assistance of either the mobile phone company or the bank.
Forensic investigators in South Africa have traced the origins of the scam to either one of these organisations.
There’s cybercrime leg work to be done first though.
First the victims online bank account details need to be obtained. Through phishing. Or previously phished and available for sale on a dark web site.
In either case the victim has unwittingly clicked on a dodgy link which has exposed their online account details. Or entered their online log in details into a spoofed banking page. Perhaps a banking official has sold out the details.
It usually all starts with the phish.
Once the online banking details are obtained the cyber criminal will know the victims mobile operator through a different phishing attempt or they’ll chance their odds with the network operators. Most countries, especially developing ones will only have two or three main mobile networks.
Once it’s confirmed they can approach a staff member of the mobile phone store and go to work. Salaries are piss poor, corruption is prevalent and some will gladly provide customer account info. Or agree to a predetermined SIM swap for some extra bucks.
Longer established first world countries don’t get hit as frequently. Less chance of public corruption perhaps. Worryingly this seems to be changing though, 35 million crypto SIM scam
In Dublin this month a victim was targeted. Cyber thieves attempted to approve a loan through his smartphone banking app as well as other unsuccessful banking transfers. Same modus operandi where his mobile ‘lost signal’ for approximately 2 hours.
It’s relatively unknown and a new one for the Garda. After the incident a sergeant was quoted as saying “This is a new one, it’s completely new to me, if you had talked to me about this last week, I wouldn’t have heard of it.”
He added that the easiest way to avoid becoming victim to the scam was to use secure WiFi connections.
Great if you’re at home. Not so wonderful when you’re outside your home.
How do cybercriminals cash out?
The age old criminal conundrum, how to turn cyber fraud into usable possessable cash. Clean cash.
An oldie was simply moving it through Western Union. Or using them as the vehicle for the fraud. Fake lottery scams, romance scams.
In 2017, Western Union was ordered to pay $586 million by the U.S. Department of Justice to settle fraud charges.
Cyber criminals are adaptive and resourceful. The world has plenty of dirty cash cleaning machines. New laundromats are opening all the time.
Cryptocurrency is popular. Digital cash. Law enforcement have made significant strides in tracing bitcoin transactions in and out of wallets. Even through the use of Bitcoin tumblers, which randomly mix together bitcoin transactions to conceal the origin and destination of a transaction.
Bitcoin ATM machines can be very useful. Most of them are one way services. The machine creates an offline wallet for the user who has inserted cash. The cash is turned into bitcoin through the machine created wallet code. Or the cash can be sent to another bitcoin wallet. As some of these machines are located in random city corner shops or cafes they can be particularly appealing for lower level laundry.
Successful cyber criminals seem to be aware of the danger of Bitcoin tracking. They have moved across to cryptocurrencies created for more secure anonymity. Monero, Zcash.
Online gambling and gaming sites have become popular washers. The proliferation of these over the years has presented cyber criminals with the opportunity to get creative.
Casino money laundering has traditionally been popular but gaming has opened up a new frontier. Online gaming is massive. People like to use in game tokens to buy crap. Avatars, weapons, and various other tools. Some of these tokens are purchased through third party in game apps. Third party apps which the original game sometime has little control over. A bit of malicious code inserted here and there can turn them into crypto currency miners.
Online gaming money laundering seems to be mostly concentrated in the far east for now, China, South Korea.
A lot of the cybercrime economy uses the traditional mule courier as a popular money laundering asset. Mules take wads of illegally concealed cash and hop onto plains, trains and automobiles. They move it around the country or the world to a friendly financial depositor.
Role players are used for the purposes of hiring out their bank accounts. For a short period of time. The person allows access to their already established bank account for a one time deposit or transfer. They receive a fee for the hire. The cash then gets transferred out of the account into various others. If and when the bank notices an unusual transaction and contacts the account holder, the account holder can play dumb. “What, this occurred without my knowledge. I seem to have been a victim of banking fraud!”
International cybercrime is a monster from the digital deep. A money laundering megalodon.
It links into and assists global drug trafficking, terrorism and human trafficking. Transnational criminal enterprises.
With our digital world the blood is in the water. Unfortunately it’s only a matter of time before cybercrime takes it’s bite.
The best defence is education to it’s current trends and exercising caution online. Be vigilant. All 2 factor authentication for online accounts are either tied to a SIM card or a primary email address. If your mobile signal goes down whilst others are fine be suspicious. If Google starts promoting you for a password reset without a request from yourself listen to those alarm bells.
Exposing dark web cybercrime forums and their modus operandi can have it’s occupational hazards though.
Noted cyber security journalist Brian Krebs found out a Ukrainian hacker was planning on posting heroin to his home in the US through a dark web drugs market. Then spoof a call from one of Krebs’ neighbours alerting the local police and informing them of the delivery.
Krebs notified the FBI of the plot instead.
In cyber land it’s best to be one step ahead.