Financially-MotivatedCybercrime:TheTurnto
IntermediariesChrisJayHoofnagle,AdjunctProfessor,ISchool&Law
AniketKesari,JD/PhDYale/BerkeleyStudentAmandaMaya,JDCandidate
DamonMcCoy,AssistantProfessor,NYUCS&EngineeringPlatformLaw:
PublicandPrivateRegulationofOnlinePlatformsApril20–21,2017
PopularPerception:Cybercrimeisanonymous,placeless
Source:FBI.gov
Noface
Numbersareneeded
Nokeyboard
CSCybercrimeLit:CybercriminalsDependentonPlatforms—Payments,Hosting,etc
• “…foraparticularspamnetwork,justthree acquiringbanksmanagedthemerchantaccountsfor95%ofthenearly1billionspammessagesanalyzed…”
• Cybercriminalsmaybedifficulttoreach,buttheirplatformsarenot
• Goldman&McCoy,DeterringFinanciallyMotivatedCybercrime,8J.Nat'lSec.L.&Pol'y 595(2015-2016)
• Levchenkoetal.,ClickTrajectories:End-to-EndAnalysisoftheSpamValueChain,Proceedingsofthe2011IEEESymposiumonSecurityandPrivacy (2011)
OnlinePharmacies:Turn totheIntermediaries
Googleagreestoanti-pharmaadprocedures
“Canada’s”
Thuspharmas havetocompeteinorganicsearch
Sponsored:noillegalpharma
Okaytohaveinorganicresults
Howtogettothetop?
Collecttop-rankedresults
Linkanalysisofads,html
links,customerservice,
paymentinPalantirGotham
Hoofnagle et al., Online Pharmacies and Technology Crime, inTHE HANDBOOK OFTECHNOLOGY, CRIME ANDJUSTICE (Michael McGuire and Thomas J. Holt, eds.) (Routledge Press 2017)
• Botnets,hackingforhire• Transnationalcriminalorganizations• Counterfeitgoods• Anti-prostitution
ForPlatformLaw:HowDoEnforcersUsetheLawtoPoliceIntermediaries?
Interventions:Rule65TROs&FRCRMP41
• StandardRule65TRO,PIsusedfor• Anti-botnetactivities• Counterfeiting
• Reliefisgrantedquickly—sometimeswithindays• Reliefincludesseizuresofscoresofdomainnames• Exparte• InnewKelihos botnet,gov’treliedonFRCRMP41
• Butprocedurelooksthesame—• Gov’tidentifies,seizescommand&controlservers• “Sinkholes”communicationsorpatchesvulnerablebots
• DepartmentofTreasury’sSpeciallyDesignatedNationalsListisbeingusedtoblocktransactionswithcyberactors.
• Theseareassetblocks,bansonUScompaniesdoingbusinesswithdesignatedindividuals
• 3programsbeingused:• Cyber:Nooneyetdesignated.
• EO13694(Obama2015)• Cyber2:Russianoperationrelatedto2016electionhacking.
• EO13757(Obama2016)• TCO:PacNet groupmoneylaundering.
• TransnationalCriminalOrganizationsSanctionsRegulations, ExecutiveOrder13581
Interventions:TreasurySanctions
• Thesearebothprivateandpublicinterventions• OperationChokepoint• Self-regulatoryefforts
• Amex(closedloopsystem)attemptingtocutoffBackpage.com (”escort”services)
• CAAG’smoneylaunderingcaseagainstBackpage standsatopeffortstocircumventAmex’sban
Interventions:PaymentSystems
• CDA&DMCAisafocusofthelegalliteratureofintermediaries• Butourworkfocusesonotherinterventions• We’lldiscussclaimantabuse,dueprocess,overbreadth• Wesuspectintermediaryattackswillcontinuetobeeffectiveagainstfinancially-motivatedcybercriminals,especiallywhenpaymentplatformsaretargeted
• ToomanyalternativesintheDNSspace;whack-a-mole• Googlewillcontinuetobeakeyintermediary• Decentralizationofserviceproviders(e.g.BitCoin)isanunlikelyalternative
Concluding
Thanksto…
• CenterforLong-TermCybersecurity• PalantirTechnologies• Laurin Weissinger,Nuffield