Friday, February 10, 2012

Inside the The Mule Network



Inside the The Mule Network
By Idan Aharoni on April 12, 2011
http://www.securityweek.com/inside-mule-network
While Fraudsters have the Capabilities of Stealing Millions of Credentials,
Eventually They Can Cash Out Only as Many Mules as They Have Access to

Every fraud operation can be split into two parts: obtaining credentials and
cashout. In the former, fraudsters use various tools and methods, such as
Phishing, Vishing and malware to obtain information on their victims. In the
latter, fraudsters monetize the stolen data, or in other words - they
perform a "cashout". There are various forms of cashout, depending on the
type of credentials that the fraudsters have in their possession (and that,
in turn, is derived from the type of tool or method used to obtain them in
the former stage). Cashing out credit cards stolen from a hacked online
merchant, a "shopadmin" in fraudster terminology, is usually done by
ordering items online and later selling them off. Online banking
credentials, on the other hand, would be usually cashed out through a money
transfer to another account. In both cases, and most other types of cashout,
the fraudster would need an online account or a real-world shipping address
in his possession. Those are usually obtained through the use of mules.

Money MuleIn the "old days", fraudsters who controlled mules mostly
recruited them in the real-world. Unlike the hackers, who could sit on the
other end of the planet, "mule herders" had no such luxury. The mules
themselves were often junkies and other accomplices of the mule herder
interested in making a quick buck. Today, however, is a whole different
story. As in other areas of fraud, fraudsters were able to streamline the
process of recruiting and controlling mules with an astounding success rate,
while overcoming the biggest barrier of the mule herders - location,
location, location. By cracking the formula of recruiting and herding mules
online, fraudsters can sit in Russia, Nigeria or any other place on the
planet and run a very efficient mule operation anywhere on the planet. A
single mule herder can run multiple mule operations, each focusing on a
different country and language. If in the past most mules were accomplices,
today they're mostly unwitting mules, regular Joes who get scammed into
being mules and are not necessarily less innocent than the actual victims of
the fraud.

Just like any other type of scam, mule recruitment can be executed in
various levels of sophistication. They all share a common trait - they all
approach job searchers with a cover story of being a legitimate company
searching for "work-from-home" employees, who came across the recipient's CV
and is interested in recruiting him/her. The least sophisticated type of
mule recruitment is done exclusively via E-mail. Similar to a Nigerian scam,
individuals receive an E-mail from "company X" describing the usual shtick,
without forgetting of course to mention the wage that they offer in an
attempt to lure the recipient. The E-mail then simply asks the recipient to
reply to the message and send his/her personal information. More
sophisticated operations contain a link to a website of the fake company,
appearing much more convincing as a legitimate employer. In some operations,
long and legitimate-looking employment contracts are sent to the mules
during the "recruited process", again to mask the truth by appearing
legitimate. The most sophisticated mule recruitment operations, though, have
full-fledged CRM systems used to keep track and manage the "employees" and
the status of their work. These incredibly sophisticated systems allow the
mule herders to go over the details of individuals who replied back, track
items or funds sent to the mules and communicate with them through a
messaging service. Operations with this level of sophistication are more
common than you'd think. So common, that some underground vendors make their
living exclusively by offering this type of platform to their nefarious
buyers.

If at the beginning only "traditional" mule roles, accepting items bought
with stolen credit cards or money sent through a wire transfer, were
recruited online - over time fraudsters learned and still learn how to
recruit mules for other ventures. "In-store carding" mules, for example.
These mules, who were traditionally accomplices of the fraudster, walk into
brick-and-mortar merchants with fake plastic cards encoded with stolen
credit card information. They purchase high-value items, re-encode the data
of another stolen card and then go "hit" other merchants. Today, unwitting
mules are recruited specifically for that task, believing they scored a
"mystery shopping" position in a company evaluating retailer employees. They
go into retail stores with a fake card that was sent to them by the mule
herder and purchase an item they were told in advance to purchase. As
"mystery shoppers" don't get to keep the items they bought for evaluation,
they of course must send the merchandise and the credit card back to their
employer (the mule herder), with the promise that their expenses will be
added to a promised paycheck. To completely pull the wool over the mule's
eyes, he or she is then requested to complete a detailed survey of the
shopping experience at the retailer. The charade continues for an entire
month, during which time the mule receives different fake cards for every
purchase. Then, when it's time to receive the paycheck for his/her hard
work, the boss suddenly stops replying to any E-mails and disappears. The
mule herder has already moved on to another mule.

Today, almost all mule jobs have been filled by unwitting victims and it's
only a matter of time that fraudsters learn how to recruit them for the
rest. Legitimate sites give us a glimpse for what the future holds. Multiple
legitimate service providers offer individuals on their web sites to apply
for a job and perform it from home, much like the mule recruitment scams.
Some of them offer positions that would fit well into the fraud ecosystem,
such as an over-the-phone "mystery shopper" service. These services use
independent workers who register online to call businesses and evaluate the
level of customer service administered. As fraudsters operate "by-fraudsters
for-fraudster" call centers, it's only a matter of time we'll see them
recruiting mules for these positions as well.
Read Idan's Other Featured Fraud & Cybercrime Columns Here

While recruiting unwitting mules definitely has its benefits, they are still
much harder to manage than accomplices. Another mule-related trend is the
"J-1 mules" - accomplices of the fraudsters who fly to the United States on
a temporary J1 Visa, open bank accounts using fake passports and receive
fraudulent money transfers to those accounts. Travelling mules from other
countries are not only popular in the United States, but in Europe as well.
The proliferation of budget airlines in the continent has made it profitable
to send accomplices across the border. We've seen cases where mule herders
purchased their mules' flight tickets with stolen credit cards and sent them
across the border just to pick up some items bought with a different set of
stolen cards.

Mules have been considered to be the "bottleneck" of fraud. While fraudsters
have the capabilities of stealing millions of credentials, eventually they
can cash out only as many mules as they have access to. Fraudsters are aware
of it just as much as security professionals and they invest their efforts,
resources, time and ingenuity to open this bottleneck as much as they can.
Because of it, we can expect new scams and innovations coming from
fraudsters not only in the realm of obtaining credentials or new ways to
cash them out, but also in establishing the infrastructure that allows them
to do just that.

==========================================
(F)AIR USE NOTICE: All original content and/or articles and graphics in this
message are copyrighted, unless specifically noted otherwise. All rights to
these copyrighted items are reserved. Articles and graphics have been placed
within for educational and discussion purposes only, in compliance with
"Fair Use" criteria established in Section 107 of the Copyright Act of 1976.
The principle of "Fair Use" was established as law by Section 107 of The
Copyright Act of 1976. "Fair Use" legally eliminates the need to obtain
permission or pay royalties for the use of previously copyrighted materials
if the purposes of display include "criticism, comment, news reporting,
teaching, scholarship, and research." Section 107 establishes four criteria
for determining whether the use of a work in any particular case qualifies
as a "fair use". A work used does not necessarily have to satisfy all four
criteria to qualify as an instance of "fair use". Rather, "fair use" is
determined by the overall extent to which the cited work does or does not
substantially satisfy the criteria in their totality. If you wish to use
copyrighted material for purposes of your own that go beyond 'fair use,' you
must obtain permission from the copyright owner. For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml

THIS DOCUMENT MAY CONTAIN COPYRIGHTED MATERIAL. COPYING AND DISSEMINATION IS
PROHIBITED WITHOUT PERMISSION OF THE COPYRIGHT OWNERS.

--
Thanks for being part of "PoliticalForum" at Google Groups.
For options & help see http://groups.google.com/group/PoliticalForum
 
* Visit our other community at http://www.PoliticalForum.com/
* It's active and moderated. Register and vote in our polls.
* Read the latest breaking news, and more.

No comments:

Post a Comment