New York University Scientists Trace Cybercrime Banking Networks and Win Best Research Paper Award
May 2018 by Marc Jacob
New York University researchers at the Anti-Phishing Working Group’s (APWG) cybercrime research conference, in San Diego California, demonstrated their method for exposing bank accounts used to clear payments for purchase of counterfeit goods on the Internet, and brought home the conference award for best electronic crime research paper.
The paper, “Bullet-Proof Payment Processing,” describes how the research team deployed secret shoppers to purchase counterfeit goods online and trace the venues that mediated the payments for their purchases to locate the merchant accounts that cleared the stealth customer’s payments.
The authors, Dr. Damon McCoy and Hongwei Tian of New York University’s Tandon School of Engineering and D. Sean West and Stephen M. Gaffigan of SMGPA found that their research program wasn’t as simple as shooting tracers in the cloud, as the corrupt merchants quickly responded with evasive action.
“Anything you try - they adapt to - and try to stay in business,” said Dr. McCoy on the floor of the 13th annual APWG Symposium on Electronic Crime Research last Thursday after receiving the award on behalf of his team. “We found these third parties who we know are serving counterfeit goods merchants, with expertise in setting up shell companies and merchant accounts at banks. These facilitators and payment processors know that people like us are trying to detect and close down those merchant accounts and want to detect and block our test purchasers,” McCoy said.
McCoy said disrupting the payment mechanisms is singularly efficient because of the degree of resources that have to be expended in their replacement, including fake companies and bank accounts that require extensive cost and process to restore. Replacing a website or suspended domain name is relatively trivial in comparison, McCoy observed.
Honorable mention was also awarded to Pranshu Bajpai, Michigan State University, Aditya K Sood, SecNiche Security, and Richard Enbody, Michigan State University for their paper “A Key-Management-Based Taxonomy for Ransomware”. These researchers’ work are exemplars of the kind of applied research that has been proceeding from the symposium since its inception in 2006 at the APWG’s annual conference in Orlando, Florida, which focused initially on the technologies of cybercrime and defenses against it.
APWG eCrime is one of the only peer-reviewed academic conferences to focus on research of electronic crime as its own discipline. The competition was fierce from researchers from industry and academia, with accepted papers from Michigan State University, University of Washington at Bothell, Arizona State University, Nile University, University of Ottawa, Forcepoint, Cisco Umbrella Research, New York University / SMPGA, University of Oxford, Universidat Nacional del Sur, IBM, PayPal, PhishMe, SecNiche, and Data Metrics.
Since 2006, the scope of the topical spaces formally cited on the symposium’s call for papers (CFP) has expanded incrementally while maintaining the insistence on relevance to the principal focus on cybercrime. This year, the CFP added to the subjects of interest at the conference: user psychology, crypto currencies and public policy dimensions of cybercrime research.
APWG Secretary General Peter Cassidy, founder of the conference, said, “As an applied research conference for academia and industry, we pursue expansion of scope only to the extent that the topics are representative of the experience in the field. The next extension of our CFP will likely include artificial intelligence and machine learning technologies.”
The Symposium on Electronic Crime Research was conceived as a comprehensive venue to present state-of-the-art basic and applied research into electronic crime, engaging every aspect of its development as well as technologies and techniques for electronic crime detection, related forensics and prevention. The symposium brings together the most heterogeneous community of counter-cybercrime stakeholders to confer over the latest research, to foster collaborations, to provide a convenient venue for funding agencies to connect with leading principal investigators in the field – and to introduce leading minds to member companies of the APWG who may employ them.