1 Spam and Transnational Crime KnujOn : A new initiative to fight email-borne security threats.

1

Spam and Transnational Crime

KnujOn: A new initiative to fight email-borne security

threats

International HTCIA 8/2007 Knujon LLC 2007© 2

Who we are

Garth Bruen – the KnujOn ProjectNortheastern University, Software Engineering Certificate Suffolk University, Masters in Public AdministrationNortheastern University, B.S. Criminal Justice

Dr. Robert Bruen – Coldrain Technologies Harvard University, ALM History of Science Boston College, Ph.D. Higher Education AdministrationBoston University, M.S. Computer Information SystemsNortheastern University, B.A. Philosophy and Religion


What I Want You To Leave Believing

KnujOn is dedicated to technology fraud preventionHowever…..

1. The Spam problem is about more than the email

2. Solutions to spam cannot rely solely on technology

3. Filtering and deleting spam makes the issue worse

4. Spam is not an impossible problem to solve


Questions as a starting point

•What drives spam?

•What and Who enables the spammers?

•Who profits from it (beyond the spammers)?

•How do we all suffer from spammers?

•What tools are currently available to prevent spam?

•Of those tools, what is working and what isn't?

•Where are the failures and breakpoints?

•Where can our efforts be maximized?


•2 years in Beta testing

•32,201 site suspensions

•Reduction in spam traffic to many of our clients

•Processing 20 – 30 thousand emails per day

• Weekly status reports to our clients

• Changing people’s minds, providing actionable information, raising public awareness

What has KnujOn accomplished so far?


What We Do

• Challenge Beliefs: current assumption that there is too much junk email to process effectively

• Collaborate Globally: accept junk email submissions from thousands of official and non-official clients as the starting point for our procedures

• Enforce Policies:

• use the current policy structures to address the problem

• reveal breakpoints and bottlenecks in Internet compliance


What We Do

• Share Our Progress: Provide our clients with feedback and avenues for satisfaction that they are not getting from the Internet community

• Generate Big Picture Thinking

• Explore the complex issues driving spam

• Illustrate the impact on individual victims as well as the burden on the economy

• Use spam to create a “map” of transnational crime


KnujOn: A better model

• No software to download

• No live connection needed

• No active process or database on the net

• Reporting/Processing in different locations

• Compact and highly mobile

• DoS of our sites wont stop the process

9


The criminals are fighting back with technology…..

• Cyber criminals are launching massive Denial of Service attacks against anti-spam services

• Worms have been designed to specifically attack anti-virus software companies (and specific people)

• DDoS and hacking attacks have been used against law enforcement networks as revenge


…and beyond technology

• Malaysian media pirates have threatened police and customs dogs (bounties have been placed on specific animals)

• “Spammer Tries to Hire Hit man to Kill Children of Witness”

• Journalists investigating counterfeit product networks in many countries have been murdered

• Nigeria’s Rx fraud czar under constant attack

• Saad Echouafni (massive 2004 DoS) remains a fugitive, armed and dangerous, possibly in North Africa


•

Problems Behind the Problem

The criminal threat is much more aggressive than ever before

• Targeted attempts to intimidate and disrupt enforcement for the purpose of protecting lucrative criminal operations are commonplace.

• As the spam money grows, so will the physical threats.

• “Cybercops drowning in data” – Jim Christy

• Government sponsored simulated cyber attacks on the U.S. were successful in penetrating defenses

• Foreign intelligence services are “eating our lunch” – Joel Brenner, National Counterintelligence Executive


Resources are impacted

• Employees in the U.S. spend about 100 hours each year dealing with spam, a daily loss of $130 million to our workforce

• Loss of productivity on the company side: $712 Per Employee, $71 billon to all U.S. businesses annually

• 210,000 American manufacturing workers could be added to the economy if parts were made legally

• Illicit traffic is a $600 Billion industry

• 90% of all email traffic is spam


Spam Beyond “Email”: Geocities “encrypted” spam sites


Spam that isn’t email






Spam that isn’t email : Search Stacking

DISCOVERing deceit at uhuzy.org

173 instances of the phrase “discover card”. Over 1000 instances of the word “discover” first site returned in a Google of “Discover Payment

Address”









Wiki Spam Social Networking sites Blogs Forums News:// iTunes?


Growth of the Internet and Illicit Traffic


Failure of Filtering In the Press

• PEW research study that suggested consumers have been worn down by spam and are now accepting it as a fact of modern life.

• Brockman & company survey that suggests anti-spam software "doesn't work."

• Research by the University of California, San Diego validates the contention that there are a small number of organized criminals behind most of the junk mail.

• People know the spam problem is worse than last year, and that the filter and block strategy has run its course.


*Based on 55,544,208 households with net access(2000 census) and $30 average cost of connection with only 10% of that going to support traffic that is wanted.

The Economic Idiocy of Spam Filtering

• 90% of the bandwidth taken up by spammers

• The communications network has been hijacked by fraudulent transmissions

• Consumers and taxpayers fund the maintenance on the this global network of cable, DLS, phone lines, optic, radio, etc…

In other words…..

• Americans are paying $1.5 Billion Per Month to ensure transmission of Spam* - $18 Billion per year

• If you have a virus scan and filtering software and get no spam in your inbox, you are still paying $27 per month to guarantee that it gets delivered just short of your mailbox


Paper Fraud On the Rise

•98% of forgers go free

•Only 2% of check frauds are arrested

•62% of bad checks go uncollected

•Only one state (Illinois) makes it illegal to order checks in someone else’s name

•Booming market in fake labels, packaging, and security holograms

•Forgery of FAA Part Approval forms found

•Deceptive mortgage and “prizes” mailings continue

27

Operational Highlights

Outline of a spamming operationWho are the spammers?

What is their operational path?How are they enabled?


Operation Highlights: Mapping the Distribution & Money


Operation Highlights: Mapping the Distribution & Money


Operation Highlights: the Spammers

Mercenary criminals, not really concerned with what is being sold in junk email

Spam, transaction sites, shipping, and supply are all distinct operations

They don’t have warehouses full of pills and handbags Possible that parties never meet face to face

Skills are easy to pick up and share Spamming “Kits” are available for sale/download Discussions and mentoring occur in chat rooms


Operation Highlights: Illicit Traffic is About Transactions* - not

Products or Spam

Attack the transaction, not the advertisement Blocking the transaction (at the website) keeps the

money from entering the cycle This will not happen if the spam is deleted. If the spam is

reported, there is a better possibility the site will be taken down

Once a connection is made to a victim, they are more likely to be victimized again


What does it mean to purchase goods sold in spam?

Where do the products sold in spam come from?

Who profits from merchandise sold in spam?

What is driving and enabling it?


The Path of Fake Goods Sold in Spam

Manufacture of these goods is often done using forced, prison, child or under compensated labor


The illegal factories are usually not inspected and pose serious health, safety and environmental threats



In order to operate large illegal factories, local government must be bribed or coerced



The products themselves represent copyright, trademark and intellectual property infringements



Fake goods must be smuggled out of source countries



Contraband is often carried by human mules, tying smuggling to human traffic, sexual exploitation, document forgery and other transnational crime



Taxes are unlikely to be paid on smuggled, counterfeit goods



Profits from illicit traffic fund criminal organizations, terror groups and bloody conflicts in developing countries



Substandard counterfeit goods explode, start fires, and poison people



Profits from illicit traffic must be moved by money launderers



Spammers snag customers!

650,000 people purchased at least one item sold in spam in a single month surveyed (Consumer Reports)

If the average spam “unit” is $75, that is $48,750,000 per month or $585,000,000 per year

While the majority of Internet users block and delete spam, the remainder keeps the spammers employed!


Knockoffs and Counterfeits as an industry

If the knockoff network was a single company it would be twice the size of Wal-Mart

If counterfeiting, smuggling, and piracy were a single industry it would be the world’s biggest


Product-Driven: Counterfeiting

German authorities seized $1.6 billion in pirated goods in 2006, which was a 500% increase from 2005

U.S. Customs and Border Protection reported an 83% increase in counterfeit good seizures in 2006

England claimed a 45% increase in fake drug traffic in 2005

Interpol has noted a steady 10-year surge in intellectual property crime

The International AntiCounterfeiting Coalition(iacc.org) claims a ten thousand percent increase in recent decades


What is being counterfeited?

Cigarettes – with twice the carcinogens Alcohol – with ethanol and other poisons Tea Leaves - dried with truck exhaust Weed Killer – that kills crops too Shampoo – with fecal matter (“shampoop”?) Break Pads – made from pressed sawdust Surge protectors – that explode


Scary Warning!

“We enforce if you are affiliated with or working for a brand name company mentioned either directly or indirectly, or any other related group, or were formally a worker, you cannot enter this web site, cannot access any of its files and you cannot view any of the HTM(L) files. If you enter this site you are not agreeing to these terms and you are violating code 431.322.12 of the Internet Privacy Act signed by Bill Clinton in 1995 and that means that you cannot threaten our ISP(s) or any person(s) or company storing these files, and cannot prosecute any person(s) affiliated with this page which includesfamily, friends or individuals who run or enter this web site.”


Distribution Network


The Secondary Threat of Software Piracy

The “big hack” Use of pirated software 50% worldwide ¼ of Software in U.S. is pirated Some developing countries have near 90%

piracy rates Microsoft and Vietnam: compromise or copout? Pirated software can provide an attack platform

for a variety of crimes


Tax Software and AutoCAD


Product-Driven: Software Piracy

Countries that are known sources for pirated software are also known for spying on the United States

Corrupt government elements or gangs? Wo Shing Wo, San Yee On, and 14K are all reportedly

involved in media piracy as well as human smuggling Authorities in China often claim Chinese Americans run

the gangs The international scope is complex and troubling


Threats from places you’ve never heard of

Transdnester: “Independent” republic within Russia; accused of being little more than a massive criminal enterprise

Ciudad del Este: Economic free zone in Paraguay; haven for smugglers and terrorists

Tuvalu: Tiny island nation that issues .TV domains to phishers and leases its telephone system for sex-lines

Nauru: Set up your bank here without ever going there; hid money for Slobodan Milosevic


Deposit Scams

Also called “Nigerian/419” or Advance Fee Scams

Present a unique problem for cybercops Victims of this kind of fraud have been

kidnapped or murdered while trying to retrieve their money overseas


.cd

.CD is emerging as a phisher favorite Is the domain extension for The Democratic Republic of

the Congo The DRC is not the same as the Republic of the Congo The DRC, formerly Zaire, has been in a state of political

upheaval since the late 1990’s Troubled countries are magnets for fraud and corruption The average consumer is not aware of the background

that allows spammers to operate


Sale of sovereignty

Nauru (.nr), Vanuatu (.vu), Cook Islands (.cc) and Western Samoa (.ws) like Tuvalu (.tv) are tiny island nations with few resources

Some use their very sovereignty as a commodity, and when that is sold there is nothing left

Countries can be “owned” by criminal groups – think about Al Qaeda and Afghanistan


Rx

Where The Bad Pills Come From

Filler Counterfeit Diverted Product Repackaging Up-Dosing


Rx

Impact of fake drugs and easy access

Deaths from painkiller overdoses have exceeded those from heroin and cocaine in recent years

In 2005 drug poisonings were second only to automobile accidents for unintended deaths

Counterfeit drug investigations by the FDA have increased 10 times since 2000

More steroids for young athletes


Rx


Rx


Rx


Rx


Rx


Rx


Rx


Rx


Vacations

What has happened to folks who use less-than-reputable travel services?

Customers pay for a trip and don't get anything. The company sends tickets or vouchers but the airline/hotel does

not honor them. Customers are charged extra(and often large) fees when

presenting vouchers. One fare is promised but a different one is charged. The company agrees to a schedule but the dates are then

changed by the company. Customers are promised a specific airline/hotel but different

services appear on the voucher(s).


Risky Loans

Mortgage fraud is on the increase 600 cases in 2004 to 21,971 in 2005 totaling over $1

Billion in losses(FBI) Hotspots are Michigan and Florida While the FBI reports that mortgage fraud cases are

increasing, convictions, seizures, and recovered funds are declining.


Risky Loans


Risky Loans

Some mortgage spams are just phishing/ID Theft attempts, others are “referrals”

Reverse Mortgages, “Teaser” ARMs, and “flipping” schemes are conducted by skilled industry insiders

Targets are often elderly, fixed income The increase in foreclosures has become a burden on the

market generally


Phishing

Phishing has evolved into multi-prong threats that combine viruses and ID theft

Hackers post exposed accounts for auction Changes in the banking industry may provide a

false sense of security (two-factor guidelines)


Phishing

Weakest points in any system will always be people Banks can lock down on-line transactions but deceived

customers and employees will still hand money over to crooks

Access is often a target an not simply money Increase in illicit traffic profits creates demand for more

money laundering


Market Manipulation

Spammers have successfully manipulated stock prices for their gain and other investor’s loss

Studies at Harvard, Oxford and Perdue have confirmed the viability of manipulating penny stocks for big gain

Penny Stocks(Pink sheets, OTCBB) are used because their small value does not require as much oversight or registration

Spammers use software similar to CAPTCHA to create stock touting images


Market Manipulation


Market Manipulation

Polish Epicenter Bulk of stock spam examined by Knujon

originated on Polish networks Secondary source: countries bordering Poland Tertiary source: Countries with large Polish

communities SEC Targeting a Latvian-Russian gang Points to “organic” nature of malware


And the list goes on, and on, and on….

Remainders Degrees Gambling Porn Sex Trade Political Attacks Hoaxes


Delivery Systems: MalWare

MalWare is often deployed unintentionally by users who: Download unknown programs Open attachments from unknown email senders Share files on peer-to-peer networks or other media

MalWare can also forced onto a machine through: Known, un-patched system exploits Buffer overflows Clever web scripting


Delivery Systems: MalWare


ISP Response to Sober Worm(2005)

adelphia.net Falltel.net Bblueyonder.co.uk Abtbroadband.com B-charter.net Fpacbell.net DPaeTec Arr.com C+sifycorp.com Atds.net A


ISP Response to Sober Worm(2005)

Why the failing grades?

•No clear reporting instructions•No feedback•Only took complaints from customers•Virus emails kept coming after detailed and repeated reports

Demonstrates a lack of consistency and professionalism from the companies that maintain the Internet


Where industry is failing us

•Knujon has a number of “add-on” modules available for Thunderbird, Outlook, Yahoo, Gmail, and AppleMail for reporting spam. These were developed by dedicated members, not by big software houses or ISPs

•The Internet industry continues to send confusing messages to consumers about security

•Defense Cyber Crime Institute called for "the industry to create tools to help us investigate large volumes of data.” The industry has not responded


Mystery Alerts

General warnings that do not include usable information will be ignored over time


Piracy Report Rejected by Microsoft


Spam Courtesy of CNN

Most media outlets have “built-in abuse interfaces”


Credit Cards, Air Miles and Mortgages

A confusing mix of transactions is being thrown out faster than consumer can absorb and understand them


“It’s as easy as firing off a text message”

Financial transactions on cell phones?


Phished by my own Credit Card

Questions about this bizarre email have not been addressed by Citibank


Who else is failing us?

The Media: by continuing to encourage people to ignore and delete spam rather than report it

The Business Community: by not properly protecting their brands on-line

The Government : by not providing feedback to citizens and more processing resources for electronic fraud


IP Theft & Espionage

Direct email is a favorite starting point for industrial espionage

Spies collect “gray material” on companies and researchers

Carefully crafted emails are used to open communication

Spies pretend to be colleagues and graduate students


IP Theft & Espionage

Threats can be foreign intelligence, foreign companies, domestic competitors, activists, and people with a grudge

Commonly held beliefs about spam and phishing, that they are purely the province of criminals and hackers, allow foreign intelligence services the opportunity to be “lost in the crowd”.


The Good News

30,000+ shutdowns through KnujOn happened because people reported junk mail

SEC has suspended trading of touted penny stocks, pursued many cases, frozen assets based on citizen tips

FTC has fined hundreds of companies for unsolicited faxes, one company was fined over $700,000, because of complaints

Services like APWG and CastleCops(PIRT/MIRT) are coordinating anti-phishing projects that target botnets in the process


Recommendations

1. Media needs to stop telling people to delete spam2. Create more cybercrime schools and professionals3. LE needs to publicize successes in enforcement4. Government needs to encourage reporting and expand processing

resources5. Banks need to have a proactive plan to educate customers and fight

phishing6. Researchers need to be educated about the dangers of industrial

espionage7. Private companies need to aggressively protect intellectual property


Join KnujOn

KnujOn wants your junk mail (yes, we’re serious)http://www.knujon.com

Phishing and BotNets:http://www.castlecops.comhttp://www.apwg.orghttp://www.isotf.org


Questions…

[email protected]

Date post:	26-Dec-2015
Category:	Documents
Upload:	olivia-webb
View:	213 times
Download:	0 times

1 Spam and Transnational Crime KnujOn : A new initiative to fight email-borne security threats.

Documents