+更多
专家名录
唐朱昌
唐朱昌
教授,博士生导师。复旦大学中国反洗钱研究中心首任主任,复旦大学俄...
严立新
严立新
复旦大学国际金融学院教授,中国反洗钱研究中心执行主任,陆家嘴金...
陈浩然
陈浩然
复旦大学法学院教授、博士生导师;复旦大学国际刑法研究中心主任。...
何 萍
何 萍
华东政法大学刑法学教授,复旦大学中国反洗钱研究中心特聘研究员,荷...
李小杰
李小杰
安永金融服务风险管理、咨询总监,曾任蚂蚁金服反洗钱总监,复旦大学...
周锦贤
周锦贤
周锦贤先生,香港人,广州暨南大学法律学士,复旦大学中国反洗钱研究中...
童文俊
童文俊
高级经济师,复旦大学金融学博士,复旦大学经济学博士后。现供职于中...
汤 俊
汤 俊
武汉中南财经政法大学信息安全学院教授。长期专注于反洗钱/反恐...
李 刚
李 刚
生辰:1977.7.26 籍贯:辽宁抚顺 民族:汉 党派:九三学社 职称:教授 研究...
祝亚雄
祝亚雄
祝亚雄,1974年生,浙江衢州人。浙江师范大学经济与管理学院副教授,博...
顾卿华
顾卿华
复旦大学中国反洗钱研究中心特聘研究员;现任安永管理咨询服务合伙...
转发
上传时间: 2018-07-18      浏览次数:643次
Criminals Are Using Clash Of Clans To Launder Money, New Report Claims

https://kotaku.com/criminals-are-using-clash-of-clans-to-launder-money-ne-1827698965

 

Online criminals are reportedly laundering hundreds of thousands of dollars using blockbuster mobile games like Clash of Clans, Clash Royale and Marvel Contest of Champions, according to a new report by German cybersecurity firm Kromtech.

 

Free-to-play games often rely on in-app purchases that allow players to exchange real money for gold, gems, or some other “premium” currency. With this premium currency, players can buy advantages, bypass time gates, and generally make themselves better at many games. In the most successful mobile games, like Clash of Clans and Clash Royale, in-game purchases rake in hundreds of millions of dollars in yearly revenue. The currency is also a relatively easy way to launder money.

 

Online criminals reportedly used 20,000 stolen credit cards to make purchases in Clash of Clans, Clash Royale, and Marvel Contest of Champions, Kromtech says. The criminals resold accounts with those same purchases on third-party markets like G2G or iGameSupply and received money in exchange, with no attachment to the stolen credit cards.

 

“I was really shocked,” said Bob Diachenko, head of communications and security researcher at Kromtech Security, in a Skype call with Kotaku. What shocked him most was how easy it is to launder money through free-to-play mobile games. “This process should be much more complicated than it is now,” he said. All Apple requires to create an Apple ID, which players can use to play Clash of Clans, is an e-mail address, a password, a date of birth and a handful of security questions. According to Diachenko’s team, criminals automated the Apple account-creation process.

 

Neither Clash of Clans publisher Supercell nor Marvel Contest of Champions publisher Kabam returned requests for comment.

 

Kromtech’s investigation started with a popular database-building software called MongoDB. For years, poor configurations allowed hackers to connect to and collect data from tens of thousands of MongoDB databases. Analyzing samples from one database, Kromtech happened upon these Clash of Clans criminals, who stored over a hundred thousands credit cards there. Those numbers, Diachenko presumed, were mined from other data breaches.

 

“When we started digging into this, I was also surprised to see the amount of shadow business behind the internal currency, gems, in Clash of Clans,” Diachenko said. “This internal currency just became a real currency in the real world. Good too for guys like this to launder their stolen credit card money.”