Thursday 4 October 14:00 - 14:30, Green room
Masarah Paquet-Clouston (GoSecure)
There is no doubt that there has been an increasing interest in understanding the industry of social media fraud (SMF), which is the process of creating fake 'likes' and 'follows' on online social networks (OSN), and its potential deceptive capabilities. This paper explores an undocumented segment of this industry: wholesaling, from botnet supply operations to bulk reselling.
To begin, the paper focuses on a previously unexplored aspect of Linux/Moose, an IoT botnet conducting SMF. Linux/Moose infects devices in order to use them as proxies to relay traffic to social networks. Its architecture includes a whitelist of IP addresses that can push traffic through those proxies, a feature reminiscent of a reseller model. We analyse the traffic fingerprints left by each IP address on the systems we infected and uncover the value of these whitelisted IPs, which is not what we had anticipated. Then, we collect information on bulk reseller panels, the direct working partners of the botnet operators. While analysing their striking similarities, we discover a new key actor in the industry: software panel sellers. We investigate the panels in an attempt to understand how they are connected to main SMF providers like Linux/Moose.
Finally, we map the SMF supply chain, discuss key actors that, if targeted, would disrupt the entire industry, and show the likely unequal revenue division in the chain. This is a first review study on the wholesale industry of SMF. It provides key insights for actors willing to curb this illicit activity, from law enforcement agencies to policy makers and cybersecurity professionals.
Masarah Paquet-Clouston is a security researcher at GoSecure, a Ph.D. student at Simon Fraser University in criminology, and one of Canada's decorated 150 scientific innovators. With her background in economics and criminology, she specializes in the study of markets behind illicit online activities. Her work has been published in several peer-reviewed journals, such as Social Networks, Global Crime and the International Journal for the Study of Drug Policy, and she has presented at various international conferences including WEIS, Black Hat Europe, Botconf and the American Society of Criminology.
Vanja Svajcer (Cisco Talos)
Martijn Grooten (Virus Bulletin)
Kurt Baumgartner (Kaspersky Lab)
Mike Scott (Kaspersky Lab)