In this post we will examine real cases where social media has been exploited by criminals. A couple of types of exploitation are social engineering and criminal intelligence gathering. We will explore both and also establish links to money laundering and white collar crime.
It is estimated criminals earn over $3 billion annually from exploiting social media. From extortion of people through the threat of uncovering personal sexual behaviour to using the platforms to research potential victims, criminals are active searching your profiles.
In the immediate aftermath of the Boston bombing 125 charities emerged claiming to raise funds for victims – criminals seeking to quickly capitalise on a tragic event. This is the power and danger of Social media. The speed with which it can be utilised for harm.
We are too quick to tweet, post, pin and share practically everything with practically anyone. The habit for sharing so much and not always knowing who the recipient is can get us into trouble. The more information you post, the larger the dossier of information available to set the stage for a compromise- such as password cracking, identity theft, and more. One of the most common methods criminals use to gain access is spear phishing, and the fact that we often share too much information makes it fairly easy for an attacker to gather enough material on you to conduct a successful spear phishing scam. You may think it’s your “friend” sending you that cute picture, but it may be a criminal looking to get you to click on it so he can infect your machine and steal your data. This is particularly relevant with mobile communications like ‘Whatsapp’. The volume of images and videos shared has exploded throughout the Coronavirus pandemic. The problem is the downloading of a video that has been shared millions of times could infect your device even though it has come to you innocently from a friend. It is that easy to be infected. Symantec report 43% of attacks via social media relate to malware and ransomware. Be careful what you download!
Add to this the very personal nature of what you post and the human instinct to create memorable passwords. Maybe a favoured sports star? Or a pet/child’s name. Or let’s think about birthdays. They are all used extensively by people on social media and easily identified by criminals looking to hack your accounts. Add to this ‘the post moaning about the bank’, effectively giving the criminal what bank you are with and it isn’t hard to see a pattern developing.
Russian FBI arrest.
Social media is used extensively by criminals. The recent arrest of ‘PlinOfficial’ a Russian rapper shows how social media is used in money laundering. Real name Maksim Boiko, a 29 year old Russian with no describable education or talent is pictured repeatedly with wads of cash in Instagram posts. Some might say this is a related cultural thing as he tries to imitate US rappers. But the story goes much deeper than that. Boiko is an interesting character. Raised in Serbia from a working class family, he has traveled extensively as can be seen from his social media presence. Paris, New York, China.
Boiko had expensive tastes. He drinks Moet, drives a Mercedes and wears a Hublet watch. All of which could be either fake or of course rented/loaned, but what stands out from his profiles is a propensity to like the finer things in life while simultaneously not having an income to support it – and yet support it he does.
While in Paris he posted on several job websites looking for work with a friend, “Two, strapping lads (21 & 22 years old) in search of work in the European Union. Currently we are in France but we’re prepared to go wherever there is a reasonable offer. No bad habits. We are open to any employment offers.”
It would appear this post changed his life dramatically. Probably picked up by an OCG and then he was ensnared in crime. He re-appears in China. It is suggested he was working as a ‘middle-man’ in the trade of goods between China and Russia but the movement of funds suggest otherwise. In one ‘cash’ transaction he sent his parents a ‘package’ that contained 1.5 million Roubles, given to them by an ‘associate’.
“Lots of people ask me, what am I doing in China and where does all the money come from,” (we bet they do!) Boiko wrote on VKontakte. He explained he had become a trading rep which for 10% commission he supplied Chinese goods to Russia. Boiko assured his readers the commissions were the source of his limitless and legal “hustle” – slang for making a profit.
However, the owners of the Russian company paying the commission were reluctant to state Boiko was an employee of theirs. They agreed he was in China and had done some work but distanced themselves from saying he worked for them. The volumes of cash he was being imaged with do not align with trading commission as an ‘ad-hoc’ employee – and why cash when clearly the business would be online international payments? Sometimes suspicion isn’t hard to find.
His arrest by the FBI has revealed much deeper links to the criminal underworld and a network that laundered over $4 billion. He was linked via social media and email to an organised criminal gang who’s stock-in-trade was fleecing Crypto currency (among other more traditional crime). The FBI have since linked him digitally to the group through iCloud, email accounts and images. Digital is frequently the investigators choice for evidence. Unlike traditional crime there is no DNA, fingerprints and trace evidence of a physical nature that links individuals. It is, to a large degree, painstakingly detailed digital investigation.
The above story details the use of digital communications and social media that organised criminals make. They also scan social media for intelligence on possible victims.
Sean O’Neill is a fraud and security advisor with Bedfordshire Police.
‘I’ve visited people who have lost all their ISAs,’ O’ Neill says. ‘They are often in debt after the attack, after falling in love with somebody online. The average loss is £70,000.’
He refers to the scam of online love. A tactic used to lure vulnerable people into parting with cash in the hope of a lasting romance.
But social engineering isn’t the skill used to conduct the criminal act. It is the skill of identifying the victim. Criminals will scan through social media looking for the right ques to identify a lonely or vulnerable individual. Getting this first bit right helps them save wasted time trying to scam people who are more robust in their ability to spot a fraud and more able to withstand the torrent of lies.
Ques like age, wealth, single/divorced, posts indicating a search for love, an illness, bereavement or other life trauma, images of family and friends, places and people – all used to lure the victim in and create a back story for the criminal.
Don’t click it!
Shortened web links on social media can be dangerous. Criminals use these to get you to click and visit the malicious website, that will then infect your device. According to Websenses threat report, 32% of malicious links on social media are shortened URLs. Be careful what you click!
In more serious cases, criminals have used social media to lore people to locations that they wouldn’t have gone to and then sexually abuse or even murder them. A recent study of 61 homicides revealed startling detail of how predators lore victims, one as young as 12, to their death through creating false social media accounts and eventually engineering a meeting to violently attack the victim. Using direct references to sex or tactics seeking ‘pity’ from the potential victim are all used.
A study in 2011 identified that men looking to groom a child via the internet and social media, are generally under 30, white, single, employed and without a criminal record. Not someone that would ‘stand out in a crowd’.
A 2015 study identified homicides specifically facilitated through Facebook. The authors identified six personas for the suspects;
- Reactors – Use an event to socially engineer the victim
- Informers – Lore people by helping them.
- Fantasists – Completely fabricated account.
- Imposters – Posing as a friend in a hacked/cloned account
- Predators – typically a male who has a ‘female’ facebook account.
- Antagonists – An escalating argument that ends in a physical meeting.
In this post we have identified many forms of criminality that is enabled by Cyber and social media in particular. We have also briefly discussed what law enforcement do in terms of tracking digital evidence. Here at CYW Solutions we are working on a platform for the financial industry. This will network intelligence between institutes but also, crucially, use social media and the science of psychographics to identify links between people, entities, transactions and crime. We believe the use of this intelligence, appropriately graded will make the financial industry much safer and reduce significantly the options for crime. it would certainly have flagged Boiko much earlier in his alleged criminal pursuits.