Cyber Criminal Networks and Money Mules: An Analysis of Low-Tech and High-Tech Fraud Attacks in the Netherlands

IF 0.7 Q4 CRIMINOLOGY & PENOLOGY

International Journal of Cyber Criminology Pub Date : 2015-07-01 DOI:10.5281/ZENODO.56210

R. Leukfeldt, J. Jansen

{"title":"Cyber Criminal Networks and Money Mules: An Analysis of Low-Tech and High-Tech Fraud Attacks in the Netherlands","authors":"R. Leukfeldt, J. Jansen","doi":"10.5281/ZENODO.56210","DOIUrl":null,"url":null,"abstract":"IntroductionMoney mules can be seen as a crucial part of the criminal network. They are of great importance for the core members of these networks because money mules are used to interrupt the trail that may lead law enforcement agencies to the top of the network. Money mules, for example, register bank accounts or businesses under their names, which are actually exploited by the criminal network.Several studies acknowledge the important role of money mules in the diversion of money stolen by cyber criminals who are engaged in financial cyber crimes, such as carding3 or phishing4 attacks (Choo, 2008; Moore & Clayton, 2009; McCombie, 2011;Aston et al., 2009; Soudijn & Zegers, 2012; Leukfeldt, 2014; Leukfeldt et al., 2016b, 2016c). Most of these studies, however, concentrate primarily on the core group of the criminal networks and only focus indirectly on money mules. Empirical studies into characteristics of internet money mules are lacking. Only Aston et al. and McCombie carried out some exploratory analyses of money mules used in Australian phishing attacks.In order to fill this knowledge gap, this paper focuses on money mules who are used by cyber criminal groups that carry out attacks on financial institutions. To gain insight into this group of criminals, which we believe plays a vital role in the crime process; we analyzed unique data from a fraud registration system of a major Dutch bank. We obtained 600 fraud incidents from the period 2011-2013. Based on these data, this paper provides insight into the characteristics of money mules and the way in which this group is used by criminal networks to transfer money from victim bank accounts. More specifically, we present background characteristics, the socioeconomic status of money mules, and the value and number of transactions to money mules.Review of LiteratureThe present study advances the work of Leukfeldt et al. (2016a, 2016b, 2016c). These studies provide insight into the composition, origin and growth, and criminal capabilities of criminal networks carrying out financial cyber crimes. Forty cyber criminal networks were analyzed in the Netherlands, Germany, UK and the US. The Dutch cases provided the authors with information about cyber criminal networks and their members largely as a result of investigative methods such as wiretaps, IP taps, observations, undercover policing and house searches. The authors reviewed the financial cyber crime cases systematically using an analytical framework. In the other three countries, the authors relied on interviews with case officers and public prosecutors involved in the criminal investigations against cyber criminal networks since no police files were available to them. This section briefly describes the main results of these three studies.Criminal CapabilitiesAll networks that were analyzed by Leukfeldt et al. are involved in attacks on online banking. The crime scripts of the Dutch networks have many similarities. Step one is obtaining login credentials from victims. Cyber criminals use phishing e-mails, phishing websites and malware to intercept these credentials. However, in order to transfer money from the account of the victims, so-called 'one-time transaction authentication codes' are needed. Hence, step two is obtaining these codes. Various methods are used to obtain these codes. In some cases, the criminals posed as bank employees and made telephone calls to the victims. In other cases, malware adapted the transaction that victims made without them knowing or being able to see it. Step three is related to the topic of the present study, i.e., transferring money to money mule accounts. Money from victims' accounts is not transferred to the accounts of core members directly. Rather, in order to obscure the trail to the core members, money mule bank accounts are used.5 Once money is transferred to the money mule account, the money is taken out in cash as fast as possible and via various links given to the core members. …","PeriodicalId":46103,"journal":{"name":"International Journal of Cyber Criminology","volume":"78 1","pages":"173-184"},"PeriodicalIF":0.7000,"publicationDate":"2015-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Cyber Criminology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5281/ZENODO.56210","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"CRIMINOLOGY & PENOLOGY","Score":null,"Total":0}

引用次数: 11

Abstract

IntroductionMoney mules can be seen as a crucial part of the criminal network. They are of great importance for the core members of these networks because money mules are used to interrupt the trail that may lead law enforcement agencies to the top of the network. Money mules, for example, register bank accounts or businesses under their names, which are actually exploited by the criminal network.Several studies acknowledge the important role of money mules in the diversion of money stolen by cyber criminals who are engaged in financial cyber crimes, such as carding3 or phishing4 attacks (Choo, 2008; Moore & Clayton, 2009; McCombie, 2011;Aston et al., 2009; Soudijn & Zegers, 2012; Leukfeldt, 2014; Leukfeldt et al., 2016b, 2016c). Most of these studies, however, concentrate primarily on the core group of the criminal networks and only focus indirectly on money mules. Empirical studies into characteristics of internet money mules are lacking. Only Aston et al. and McCombie carried out some exploratory analyses of money mules used in Australian phishing attacks.In order to fill this knowledge gap, this paper focuses on money mules who are used by cyber criminal groups that carry out attacks on financial institutions. To gain insight into this group of criminals, which we believe plays a vital role in the crime process; we analyzed unique data from a fraud registration system of a major Dutch bank. We obtained 600 fraud incidents from the period 2011-2013. Based on these data, this paper provides insight into the characteristics of money mules and the way in which this group is used by criminal networks to transfer money from victim bank accounts. More specifically, we present background characteristics, the socioeconomic status of money mules, and the value and number of transactions to money mules.Review of LiteratureThe present study advances the work of Leukfeldt et al. (2016a, 2016b, 2016c). These studies provide insight into the composition, origin and growth, and criminal capabilities of criminal networks carrying out financial cyber crimes. Forty cyber criminal networks were analyzed in the Netherlands, Germany, UK and the US. The Dutch cases provided the authors with information about cyber criminal networks and their members largely as a result of investigative methods such as wiretaps, IP taps, observations, undercover policing and house searches. The authors reviewed the financial cyber crime cases systematically using an analytical framework. In the other three countries, the authors relied on interviews with case officers and public prosecutors involved in the criminal investigations against cyber criminal networks since no police files were available to them. This section briefly describes the main results of these three studies.Criminal CapabilitiesAll networks that were analyzed by Leukfeldt et al. are involved in attacks on online banking. The crime scripts of the Dutch networks have many similarities. Step one is obtaining login credentials from victims. Cyber criminals use phishing e-mails, phishing websites and malware to intercept these credentials. However, in order to transfer money from the account of the victims, so-called 'one-time transaction authentication codes' are needed. Hence, step two is obtaining these codes. Various methods are used to obtain these codes. In some cases, the criminals posed as bank employees and made telephone calls to the victims. In other cases, malware adapted the transaction that victims made without them knowing or being able to see it. Step three is related to the topic of the present study, i.e., transferring money to money mule accounts. Money from victims' accounts is not transferred to the accounts of core members directly. Rather, in order to obscure the trail to the core members, money mule bank accounts are used.5 Once money is transferred to the money mule account, the money is taken out in cash as fast as possible and via various links given to the core members. …

查看原文本刊更多论文

网络犯罪网络和金钱骡子:对荷兰低技术和高技术欺诈攻击的分析

钱骡可以被看作是犯罪网络的重要组成部分。他们对这些网络的核心成员非常重要，因为金钱骡子被用来中断可能导致执法机构到达网络顶端的线索。例如，“钱骡”以自己的名义注册银行账户或企业，这些账户或企业实际上被犯罪网络所利用。几项研究承认，金钱骡子在转移从事金融网络犯罪的网络罪犯所窃取的资金方面发挥了重要作用，这些网络犯罪包括诈骗或网络钓鱼攻击(Choo, 2008;Moore & Clayton, 2009;McCombie, 2011;Aston et al.， 2009;Soudijn & Zegers, 2012;Leukfeldt, 2014;Leukfeldt et al.， 2016b, 2016c)。然而，这些研究大多集中在犯罪网络的核心群体上，而只间接地关注“钱骡”。缺乏对互联网货币骡子特征的实证研究。只有Aston et al.和McCombie对澳大利亚网络钓鱼攻击中使用的金钱骡子进行了一些探索性分析。为了填补这一知识空白，本文将重点放在网络犯罪集团使用的对金融机构进行攻击的钱骡子上。为了深入了解这群犯罪分子，我们认为他们在犯罪过程中起着至关重要的作用;我们分析了荷兰一家大银行欺诈登记系统的独特数据。我们获得了2011-2013年期间的600起欺诈事件。基于这些数据，本文深入了解了钱骡的特征，以及犯罪网络利用这个群体从受害者的银行账户转移资金的方式。更具体地说，我们呈现了背景特征，货币骡子的社会经济地位，以及货币骡子的交易价值和数量。本研究推进了Leukfeldt et al. (2016a, 2016b, 2016c)的工作。这些研究对实施金融网络犯罪的犯罪网络的构成、起源和发展以及犯罪能力提供了深入的了解。研究人员分析了荷兰、德国、英国和美国的40个网络犯罪网络。荷兰的案件为作者提供了有关网络犯罪网络及其成员的信息，这在很大程度上是通过窃听、IP窃听、观察、卧底警察和房屋搜查等调查方法获得的。本文运用分析框架对金融网络犯罪案例进行了系统回顾。在其他三个国家，由于没有警方档案，作者依靠对参与网络犯罪网络刑事调查的案件官员和检察官的采访。本节简要介绍了这三项研究的主要结果。犯罪能力Leukfeldt等人分析的所有网络都涉及对网上银行的攻击。荷兰电视台的犯罪剧本有很多相似之处。第一步是从受害者那里获取登录凭证。网络犯罪分子使用网络钓鱼电子邮件、网络钓鱼网站和恶意软件拦截这些凭证。但是，为了从受害者的账户中转移资金，需要所谓的“一次性交易认证码”。因此，第二步是获取这些代码。获取这些代码的方法多种多样。在某些情况下，犯罪分子冒充银行职员给受害者打电话。在其他情况下，恶意软件在受害者不知道或无法看到的情况下修改了他们的交易。第三步与本研究的主题有关，即将资金转移到钱骡账户。受害者账户中的钱不会直接转入核心成员的账户。相反，为了掩盖核心成员的踪迹，他们使用了钱骡银行账户一旦钱被转移到钱骡账户，钱就会尽快以现金形式取出，并通过各种链接提供给核心成员。…

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Cyber Criminology CRIMINOLOGY & PENOLOGY-

CiteScore

2.60

自引率

40.00%

发文量

审稿时长

16 weeks

期刊介绍： International Journal of Cyber Criminology (IJCC) is a peer reviewed online (open access) interdisciplinary journal published biannually and devoted to the study of cyber crime, cyber criminal behavior, cyber victims, cyber laws and cyber policy. IJCC is an unique Diamond open access, not for profit international journal, where the author(s) need not pay article processing charges / page charges and it is totally free for both the authors and the audience. IJCC will focus on all aspects of cyber/computer crime: Forms of Cyber Crime, Impact of cyber crimes in the real world, Policing Cyber space, International Perspectives of Cyber Crime, Developing cyber safety policy, Cyber Victims, Cyber Psychopathology, Geographical aspects of Cyber crime, Cyber offender behavior, cyber crime law, Cyber Pornography, Privacy & Anonymity on the Net, Internet Fraud and Identity Theft, Mobile Phone Safety, Human Factor of Cyber Crime and Cyber Security and Policy issues, Online Gambling, Copyright and Intellectual property Law. As the discipline of Cyber Criminology approaches the future, facing the dire need to document the literature in this rapidly changing area has become more important than ever before. The IJCC will be a nodal centre to develop and disseminate the knowledge of cyber crimes primarily from a social science perspective to the academic and lay world. The journal publishes theoretical, methodological, and applied papers, as well as book reviews. We do not publish highly technical cyber forensics / digital forensics papers and papers of descriptive / overview nature.