Monthly Archives: November 2019

Rental scams

One of the cybercrimes that bothers us at Cambridge is accommodation fraud. Every October about 1% the people who come as grad students or postdocs rent an apartment that just doesn’t exist. Sites like Craigslist are full of ads that are just too good to be true. While the university does what it can to advise new hires and admissions to use our own accommodation services if they cannot check out an apartment personally, perhaps 50 new arrivals still turn up to find that they have nowhere to live, their money is gone, and the police aren’t interested. This is not a nice way to start your PhD.

Some years ago a new postdoc, Sophie van der Zee, almost fell for such a scam, and then got to know someone here who had actually become a victim. She made this into a research project, and replied to about a thousand scam ads. We analysed the persuasion techniques that the crooks used.

Here at last is our analysis: The gift of the gab: Are rental scammers skilled at the arts of persuasion? We found that most of the techniques the scammers used are straight from the standard marketing textbook (Cialdini) rather than from the lists of more exotic scam techniques compiled by fraud researchers such as Stajano and Wilson. The only significant exception was appeals to sympathy. Most of the scammers were operating out of West Africa in what appears to have one or more boilerhouse sales operations. They work from scripts, very much like people selling insurance or home improvements.

Previous cybercrime research looked at both high-value targeted operations and scale attackers who compromise machines in bulk. This is an example of fraud lying between the “first class” and “economy class” versions of cybercrime.

Rental scams are still a problem for new staff and students. Since this work was done, things have changed somewhat, in that most of the scams are now run by an operator using slick websites who, according to the local police, appears to be based in Germany. We have repeatedly tried, and failed, to persuade the police (local and Met), the NCA and the NCSC to have his door broken down. Unfortunately the British authorities appear to lack the motivation to extradite foreigners who commit small frauds at scale. So if you want to steal a few million a year, take it from a few thousand people, a thousand pounds at a time. So long as you stay overseas there seems to be little risk of arrest.

APWG eCrime 2019

Last week the APWG Symposium on Electronic Crime Research was held at Carnegie Mellon University in Pittsburgh. The Cambridge Cybercrime Centre was very well-represented at the symposium. Of the 12 accepted research papers, five were authored or co-authored by scholars from the Centre. The topics of the research papers addressed a wide range of cybercrime issues, ranging from honeypots to gaming as pathways to cybercrime. One of the papers with a Cambridge author, “Identifying Unintended Harms of Cybersecurity Countermeasures”, received the Best Paper award. The Honorable Mention award went to “Mapping the Underground: Supervised Discovery of Cybercrime Supply Chains”, which was a collaboration between NYU, ICSI and the Centre.

In this post, we will provide a brief description for each paper in this post. The final versions aren’t yet available, we will blog them in more detail as they appear.

Best Paper

Identifying Unintended Harms of Cybersecurity Countermeasures

Yi Ting Chua, Simon Parkin, Matthew Edwards, Daniela Oliveira, Stefan Schiffner, Gareth Tyson, and Alice Hutchings

In this paper, the authors consider that well-intentioned cybersecurity risk management activities can create not only unintended consequences, but also unintended harms to user behaviours, system users, or the infrastructure itself. Through reviewing countermeasures and associated unintended harms for five cyber deception and aggression scenarios (including tech-abuse, disinformation campaigns, and dating fraud), the authors identified categorizations of unintended harms. These categories were further developed into a framework of questions to prompt risk managers to consider harms in a structured manner, and introduce the discussion of vulnerable groups across all harms. The authors envision that this framework can act as a common-ground and a tool bringing together stakeholders towards a coordinated approach to cybersecurity risk management in a complex, multi-party service and/or technology ecosystem.

Honorable Mention

Mapping the Underground: Supervised Discovery of Cybercrime Supply Chains

Rasika Bhalerao, Maxwell Aliapoulios, Ilia Shumailov, Sadia Afroz, and Damon McCoy

Cybercrime forums enable modern criminal entrepreneurs to collaborate with other criminals into increasingly efficient and sophisticated criminal endeavors.
Understanding the connections between different products and services is currently very expensive and requires a lot of time-consuming manual effort. In this paper, we propose a language-agnostic method to automatically extract supply chains from cybercrime forum posts and replies. Our analysis of generated supply chains highlights unique differences in the lifecycle of products and services on offer in Russian and English cybercrime forums.

Honware: A Virtual Honeypot Framework for Capturing CPE and IoT Zero Day

Alexander Vetterl and Richard Clayton

We presented honware, a new honeypot framework which can rapidly emulate a wide range of CPE and IoT devices without any access to the manufacturers’ hardware.

The framework processes a standard firmware image and will help to detect real attacks and associated vulnerabilities that might otherwise be exploited for considerable periods of time without anyone noticing.

From Playing Games to Committing Crimes: A Multi-Technique Approach to Predicting Key Actors on an Online Gaming Forum

Jack Hughes

This paper proposes a systematic framework for analysing forum datasets, which contain minimal structure and are non-trivial to analyse at scale. The paper takes a multi-technique approach drawing on a combination of features relating to content and metadata, to predict potential key actors. From these predictions and trained models, the paper begins to look at characteristics of the group of potential key actors, which may benefit more from targeted intervention activities.

Fighting the “Blackheart Airports”: Internal Policing in the Chinese Censorship Circumvention Ecosystem

Yi Ting Chua and Ben Collier

In this paper, the authors provide an overview of the self-policing mechanisms present in the ecosystem of services used in China to circumvent online censorship. We conducted an in-depth netnographic study of four Telegram channels which were used to co-ordinate various kinds of attacks on groups and individuals offering fake or scam services. More specifically, these actors utilized cybercrime tools such as denial of service attack and doxxing to punish scammers. The motivations behind this self-policing appear to be genuinely altruistic, with individuals largely concerned with maintaining a stable ecosystem of services to allow Chinese citizens to bypass the Great Firewall. Although this is an emerging phenomenon, it appears to be developing into an important and novel kind of trust mechanism within this market