+更多
专家名录
唐朱昌
唐朱昌
教授,博士生导师。复旦大学中国反洗钱研究中心首任主任,复旦大学俄...
严立新
严立新
复旦大学国际金融学院教授,中国反洗钱研究中心执行主任,陆家嘴金...
陈浩然
陈浩然
复旦大学法学院教授、博士生导师;复旦大学国际刑法研究中心主任。...
何 萍
何 萍
华东政法大学刑法学教授,复旦大学中国反洗钱研究中心特聘研究员,荷...
李小杰
李小杰
安永金融服务风险管理、咨询总监,曾任蚂蚁金服反洗钱总监,复旦大学...
周锦贤
周锦贤
周锦贤先生,香港人,广州暨南大学法律学士,复旦大学中国反洗钱研究中...
童文俊
童文俊
高级经济师,复旦大学金融学博士,复旦大学经济学博士后。现供职于中...
汤 俊
汤 俊
武汉中南财经政法大学信息安全学院教授。长期专注于反洗钱/反恐...
李 刚
李 刚
生辰:1977.7.26 籍贯:辽宁抚顺 民族:汉 党派:九三学社 职称:教授 研究...
祝亚雄
祝亚雄
祝亚雄,1974年生,浙江衢州人。浙江师范大学经济与管理学院副教授,博...
顾卿华
顾卿华
复旦大学中国反洗钱研究中心特聘研究员;现任安永管理咨询服务合伙...
转发
上传时间: 2019-02-07      浏览次数:741次
How criminals use Uber and Airbnb to launder money stolen from your credit card


https://www.cnbc.com/2019/02/07/how-criminals-use-airbnb-uber-launder-stolen-credit-card-money.html

 

Cybercriminals are turning to new technologies to launder their ill-gotten gains, including recruiting fake Uber drivers, shady Airbnb hosts and crypto conversion specialists via the underground dark web, experts say.

 

Criminals are also ramping up older methods of money laundering, including buying gift cards and reselling them for a fraction of their price on the web, and relying on bank insiders to filter their funds through legitimate accounts and credit lines.

 

Ziv Mador, who leads cybersecurity firm Trustwave's SpiderLabs research team, said money laundering is essential to allowing cybercrime to proliferate. In fact, if you've ever had money stolen in a cyber scheme or from a hacked credit or debit card, this may be where it ended up.

 

"Cybercrime headlines tend to focus on new variants of malware or gross negligence resulting in large data breaches. It's a proverbial game of cat and mouse, with white hats fortifying defenses and black hats adjusting to bypass," he said. "However, missing from these stories and just as important for grasping how cybercriminals operate is what takes place post-breach or when funds are acquired illegally."

 

Fake Uber drivers and the 'acupuncture' scam

Techniques used by cybercriminals often differ from those used for laundering other types of dirty money. That's because techniques and methods for cybercrime are quickly shared and traded via dark web marketplaces, Mador explained. Cybercriminals are already operating fully on these marketplaces, and so it's a natural transition, he said.

 

For at least the past two years, cybercriminals have used increasingly creative methods centered on "gig economy" apps like Uber and Airbnb, according to Mador. The schemes work to filter dirty money through several automated systems, eventually making their way back to the criminal clean.

 

In one common scam, criminals recruit Uber drivers to pretend to take them on a ride. The criminal never shows up, but uses illicit money from a stolen credit card to pay for the trip. The driver then wires a portion of the payment for the trip back to the criminal.

 

Ads seeking help laundering assets by this method can be seen on the dark web, a network of websites outside the established internet only accessible through special applications, Mador said.

 

A dark web ad, provided by security researchers at Trustwave's SpiderLabs, seeks "fake" Uber drivers to help launder illicit cybercrime proceeds.

Trustwave

A dark web ad, provided by security researchers at Trustwave's SpiderLabs, seeks "fake" Uber drivers to help launder illicit cybercrime proceeds.

Uber first learned about the money laundering because it was so prevalent in the Chinese market, according to a spokesperson, and has taken several steps to fight this type of fraud. Uber ramped up its fraud-detection techniques in 2016, around the time the company pulled out of China. It has fallen to "historical lows" since then, the spokesperson said, but acknowledged it remains a problem. To fight it, the company frequently works with U.S. law enforcement, including one case involving a fake-passenger scheme that led to 13 arrests in New York in 2017.

 

One common technique fraudsters use is known on underground forums as "acupuncture," the spokesperson said, because it involves a criminal overseas — typically in China or India — colluding with a U.S.-based driver by dropping location "pins" in the application along the driver's regular route. The driver collects the earnings, usually from a stolen credit card, then wires a portion of it back to the overseas criminals, who are known as "nurses" in this scheme.

 

"One reason it's enticing to the real driver is they think 'at least I'm getting paid for driving a route that I'm normally driving anyway.' What they don't realize is it's not just defrauding Uber or our platform, it's wire fraud, it's serious legal liability for the driver," the spokesperson said.

 

Criminals use a similar scheme with Airbnb hosts, Mador explained. Hosts answer ads, generally posted on the dark web. But instead of hosting an actual guest, with all the work and hassle that might involve, they take payment from a fake guest who never has any intention of showing up. Once the money is processed through Airbnb's system, the host refunds a portion of the nightly bill to the cybercriminal.

 

In one ad provided by Trustwave, posted on the dark web in May 2018 in Russian, a cybercriminal says he or she is seeking "managers of Airbnb hosts -- I'm looking for people who have real hosts from this company," for a money laundering operation.

 

 

In a statement, Airbnb said, "Airbnb takes its responsibility as a participant in the financial ecosystem seriously and has developed sophisticated models, systems and processes to detect and prevent all forms of misuse and illegal activity. In addition to our own controls, Airbnb also works with other participants in the financial system including financial institutions, regulatory agencies and law enforcement to spot new trends in potential misuse and illegal activity and share information to combat illicit activity."

 

Cyber criminals also continue using more "traditional" laundering methods, especially in the form of "bank drops" and gift card purchases. Commodities like iPhones are also popular -- criminals will buy them in bulk with dirty money and sell them at a steep discount, pocketing the clean money.

 

According to the FBI, "Criminals can direct federal or state tax authorities to issue fraudulent tax refunds on prepaid debit cards," according to the Bureau, making it a popular method of executing tax refund scams. Virtual currency payment processors are also popular, as a way to funnel proceeds from cyber schemes like ransomware -- which often result in funds paid in cryptocurrency -- through several transactional layers in order to mask the origins of the cash.

 

Cleaning bitcoin with 'mixers' and other techniques

Other professional criminals on dark web chat rooms offer a variety of methods to clean dirty bitcoin.

 

One of them involves using "mixers," which "divide currency among multiple accounts, transfer bitcoin through several other accounts, and eventually send them to one, external and clean account," Mador said. The mixing service provider collects a fee for this service, making it a lucrative illicit business of its own.

 

Ziv Mador, Trustwave research leader

Ziv Mador, Trustwave research leader

In one dark web advertisement provided by Mador, a service provider called "dice456" offers a "way to clean your dirty coins ... send me the Bitcoin and I will change it to XMR [the symbol for Monero, another type of cryptocurrency] then convert it back to Bitcoin and send it to a brand new wallet. This will break the chain of a dirty business and you can spend the coin with peace of mind. We charge 5% for this service."

 

Some cybercriminals claim to have recruited employees of banks in order to help pass illicit funds through real accounts with few geographical boundaries.

 

Some of those compromised employees even advertise their services -- according to one individual purporting to be connected to a bank posting to a forum under the name "slim-shady," "I can get unlimited UK bank drops and are ready for loading. Cashout will be within the same hour of money dropping into account and your cut can be made any way you like."

 

Mador emphasizes that cybercriminals are relying as much on human weakness and curiosity as on technology to carry out and cover their crimes.

 

"We see the underground community's strengths in using and abusing the human factor to recruit people who are not deeply involved in dark web operations, turning them into the public face in their illegal activities."