The document discusses the cybercrime ecosystem and specialization within it. It describes how cybercriminals specialize in specific criminal business functions like developing malware, exploit kits, crypting software, and spamming. This specialization allows criminals to scale up their operations and legitimize most business activities. The document also examines how cybercriminals realize financial gains through activities like spamming, renting botnets, selling accounts and personal information, money laundering through methods such as using money mules and stored value cards, and using online casinos and auction sites.

1. INSIGHTS INTO THE
CYBERCRIME ECOSYSTEM
Albert Hui GREM, GCIA, GCIH, GCFA, CISA

2. WHO AM I?
 Member of:
• Digital Phishnet
• Association of Certified Fraud Examiners
• SANS Advisory Board
 Former incident analyst / researcher at top-tier
retail, commercial, and investment banks.
 Former government security auditor.
 Now a security ronin.

3. JURISDICTION
ARBITRAGE
Cybercrime is borderless; cyber law enforcement is not.

4. TEN YEARS AGO
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
4

5. TODAY
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
5

6. TODAY
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
6
Photofromhttp://krebsonsecurity.com

7. TODAY
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
7
“In Spain, it is not a crime to own and operate a
botnet or distribute malware,” Capt. Lorenzana
told Krebsonsecurity in March. “So even if we
manage to prove they are using a botnet, we will
need to prove they also were stealing identities and
other things, and that is where our lines of
investigation are focusing right now.”

8. BUSINESS FUNCTION
SPECIALIZATION
Scale up the business.

9. CYBERCRIME ECOSYSTEM
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
9
Security
Researchers Malware
Writers
publish /
sell exploits
Script
Kiddies
sell malwares /
exploit kits
Packer / Crypter
Developer
Sell packers
/ crypters
sell / publish / make known of
vulnerabilities / techniques
Hackers
pay per install
P2P File Downloaders
/ Web Surfers
(Victims)
spread
malwares
Crack
Programmer Software Pirates
supply software
steal accounts
(e.g. QQ, game, credit card numbers, e-banking logins)
sell accounts / zombies
Accounts / Zombies
Resellers
Spammers,
Virtual Asset Resellers,
Personal Info Resellers
Fraudsters
sell accounts
sell credit card numbers /
e-banking logins
Money
Launderers
Money Mules
Bulletproof
Hosting
buy hosting
services
Botnet
Operators
Sell
zombies
sell
botnet
Traffic Resellers

10. WHY SPECIALIZE?
 Scale up
 Legitimize most business activities
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
10

11. PAY-PER-INSTALL
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
11

12. INSTALL SERVICE
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
12

13. EXPLOIT KIT
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
13

14. CRYPTER
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
14

15. DOWNLOADER
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
15

16. SEO
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
16

17. DOORWAY PAGE
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
17

18. CASH IN
Realizing financial gains

19. SPAMMING
 Spamming ads
 Spamming scam emails
 Spamming phishing emails
 Spam-assisted pump and dump
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
19

20. BOTNET
 Leasing out botnets (leave dirty jobs to the buyers)
 Why people pay for botnets?
• Orchestrate click frauds
• Cyber extortion rackets using DDoS
• Distribute more sinister malwares (e.g. Zeus, Torpig, Silent Banker)
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
20

21. CAPITALIZING ACCOUNTS
 Selling in-game items
 Selling game accounts
 Selling personal information (for telemarketing / defrauding)
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
21

22. VIRTUAL CURRENCIES
 WoW gold, Linden Dollar, Q幣,
etc.
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
22

23. MONEY LAUNDERING

24. WASH THY MONEY CLEAN
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
24

25. STORED-VALUE CARDS
 Prepaid credit cards
 Merchant gift cards
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
25

26. SAFE HAVENS
 Online gambling sites
 Offshore financial services
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
26

27. ONLINE AUCTIONS
 Money laundering via product purchase (洗寶)
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
27

28. SMURFING
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
28
$
$ $
$
$
$
$
$
$
$
$
$
$
$
$$

29. MONEY MULE
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
29

30. BUSINESS ETHICS OF
THE UNDERWORLD

31. SHAVING
 Many PPIs are accused of shaving
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
31

32. PHISHING
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
32

33. LOOK BEHIND YOUR BACK
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
33

34. LOOK BEHIND YOUR BACK
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
34

35. THANK YOU!
albert.hui@gmail.com
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
35