Financially-MotivatedCybercrime:TheTurnto

IntermediariesChrisJayHoofnagle,AdjunctProfessor,ISchool&Law

AniketKesari,JD/PhDYale/BerkeleyStudentAmandaMaya,JDCandidate

DamonMcCoy,AssistantProfessor,NYUCS&EngineeringPlatformLaw:

PublicandPrivateRegulationofOnlinePlatformsApril20–21,2017

PopularPerception:Cybercrimeisanonymous,placeless

Source:FBI.gov

Noface

Numbersareneeded

Nokeyboard

CSCybercrimeLit:CybercriminalsDependentonPlatforms—Payments,Hosting,etc

• “…foraparticularspamnetwork,justthree acquiringbanksmanagedthemerchantaccountsfor95%ofthenearly1billionspammessagesanalyzed…”

• Cybercriminalsmaybedifficulttoreach,buttheirplatformsarenot

• Goldman&McCoy,DeterringFinanciallyMotivatedCybercrime,8J.Nat'lSec.L.&Pol'y 595(2015-2016)

• Levchenkoetal.,ClickTrajectories:End-to-EndAnalysisoftheSpamValueChain,Proceedingsofthe2011IEEESymposiumonSecurityandPrivacy (2011)

OnlinePharmacies:Turn totheIntermediaries

Googleagreestoanti-pharmaadprocedures

“Canada’s”

Thuspharmas havetocompeteinorganicsearch

Sponsored:noillegalpharma

Okaytohaveinorganicresults

Howtogettothetop?

Collecttop-rankedresults

Linkanalysisofads,html

links,customerservice,

paymentinPalantirGotham

Hoofnagle et al., Online Pharmacies and Technology Crime, inTHE HANDBOOK OFTECHNOLOGY, CRIME ANDJUSTICE (Michael McGuire and Thomas J. Holt, eds.) (Routledge Press 2017)

• Botnets,hackingforhire• Transnationalcriminalorganizations• Counterfeitgoods• Anti-prostitution

ForPlatformLaw:HowDoEnforcersUsetheLawtoPoliceIntermediaries?

Interventions:Rule65TROs&FRCRMP41

• StandardRule65TRO,PIsusedfor• Anti-botnetactivities• Counterfeiting

• Reliefisgrantedquickly—sometimeswithindays• Reliefincludesseizuresofscoresofdomainnames• Exparte• InnewKelihos botnet,gov’treliedonFRCRMP41

• Butprocedurelooksthesame—• Gov’tidentifies,seizescommand&controlservers• “Sinkholes”communicationsorpatchesvulnerablebots

• DepartmentofTreasury’sSpeciallyDesignatedNationalsListisbeingusedtoblocktransactionswithcyberactors.

• Theseareassetblocks,bansonUScompaniesdoingbusinesswithdesignatedindividuals

• 3programsbeingused:• Cyber:Nooneyetdesignated.

• EO13694(Obama2015)• Cyber2:Russianoperationrelatedto2016electionhacking.

• EO13757(Obama2016)• TCO:PacNet groupmoneylaundering.

• TransnationalCriminalOrganizationsSanctionsRegulations, ExecutiveOrder13581

Interventions:TreasurySanctions

• Thesearebothprivateandpublicinterventions• OperationChokepoint• Self-regulatoryefforts

• Amex(closedloopsystem)attemptingtocutoffBackpage.com (”escort”services)

• CAAG’smoneylaunderingcaseagainstBackpage standsatopeffortstocircumventAmex’sban

Interventions:PaymentSystems

• CDA&DMCAisafocusofthelegalliteratureofintermediaries• Butourworkfocusesonotherinterventions• We’lldiscussclaimantabuse,dueprocess,overbreadth• Wesuspectintermediaryattackswillcontinuetobeeffectiveagainstfinancially-motivatedcybercriminals,especiallywhenpaymentplatformsaretargeted

• ToomanyalternativesintheDNSspace;whack-a-mole• Googlewillcontinuetobeakeyintermediary• Decentralizationofserviceproviders(e.g.BitCoin)isanunlikelyalternative

Concluding

Thanksto…

• CenterforLong-TermCybersecurity• PalantirTechnologies• Laurin Weissinger,Nuffield