Where's the Money in Cyber-Crime? An Analysis of Reshipping Mule Scams

Speaker/Bio

MANUEL EGELE is an Assistant Professor in the Department of Electrical and Computer Engineering at Boston Univserity (BU). He also holds an affiliate appointment with the Computer Science department at BU and is a Junior Fellow at the Hariri Institute of Computing. Prior to his appointment at BU, he was a Systems Scientist at Carnegie Mellon University. Before that, he was a post-doctoral researcher at the Computer Security Group of the Department of Computer Science at the University of California, Santa Barbara. He received his M.Sc. (2006) and Ph.D. (2011) degrees in computer science from the University of Technology in Vienna. His research interests span all areas of systems security – in particular mobile and embedded systems security, privacy, and malicious code analysis.

His current research interests include the large-scale and automated analysis of embedded systems firmware that controls the computing devices in our daily lives, such as WiFi routers, surveillance cameras, or a variety of Internet of Things (IoT) gadgets. He is also interested in the threat posed and the mitigation of malicious software that encrypts a victim's files to extort a ransom payment in exchange for the decryption keys (so-called ransomware). His research on privacy violations in iOS applications (PiOS) won a distinguished paper award at the Network and Distributed Systems Security Symposium (2011).

Abstract

In this talk we present our analysis on a prolific aspect in cyber-crime, so-called reshipping scams. While compromises at various retailers and other businesses frequently disclose credit card information, turning that information into cash is a non-trivial endeavor. Cyber criminals have implemented and operated elaborate schemes, featuring reshipping mules, "customer service", and other business-like aspects to accomplish this task. Our analysis of a trove of data about such scams indicates that a single operation can easily make US$ 7M per year, and we estimate the overall impact of these scams at US$ 1.8B. Finally, our analysis also reveals possible approaches for intervention which stake-holders could implement to thwart reshipping scams.