Unmasking the Cameleons of the Criminal Underground: An Analysis From Bot To Illicit Market Level

Back to the list of Speakers and Sessions
Watch the stream
Large corporations have access to sophisticated anti-fraud systems that monitor dozens of signals each time a customer or employee logs into their web portal. Past investigations have shown that malicious actors use malware to build profiles of their victims, and create virtual environments that replicate precisely the victims’ computers’ fingerprints. These profiles can be loaded up in specially crafted browser plugins and used in account takeover attacks. These profiles are sold on private markets and can fetch in the hundreds of dollars when they also include the cookies and credentials of the victims for financial institutions. The aim of this presentation is to map over a period of a month all of the Canadian activities of a machine fingerprint market. Our analysis extends past research first by developing a new understanding of how, and which, Canadians are targeted by this type of attack. Secondly, it presents models that predict not only the price of profiles for sale but also which profiles will end up being sold among the thousands that are for sale. We present estimations for the Canadian market for profiles for sale, and propose hypotheses as to the size of the impact of these illicit activities.

Large corporations have access to, and use, incredibly sophisticated anti-fraud systems that monitor dozens of signals each time one of their customers or employees log into their web portal. These signals include what browser is used, what plugins are installed, and even the language of the users’ software. Past investigations have shown that malicious actors use malware to build profiles of their victims, and create virtual environments that replicate precisely the victims’ computers fingerprint. These profiles can be loaded up in specially crafted browser plugins and used in account takeover attacks. These profiles are sold on private markets and can fetch in the hundreds of dollars when they also include the cookies and credentials of the victims for financial institutions. The aim of this presentation is to build on past research and to map over a period of a month all of the Canadian activities of a machine fingerprint market. Our analysis extends past research first by developing a new understanding of how, and which, Canadians are targeted by this type of attack. Secondly, it presents models that predict not only the price of profiles for sale – i.e., what makes a profile more valuable – but also which profiles will end up being sold among the thousands that are for sale. Through these analyses, we end up with estimations for the Canadian market for profiles for sale, and propose hypotheses as to the size of the impact of these illicit activities on the Canadian economy. The market for fingerprinting victims is growing exponentially, and is promising to be, along with ransomware, one of the biggest threats of the coming year. With more detailed knowledge about this problem, companies and individual victims will be better suited to protect themselves against these attacks, and limit the monetization of the criminal underground.


David Décary-Hétu Associate Professor, Université de Montréal

Prof. David Décary-Hétu has a Ph.D. in criminology from the Université de Montréal (2013). He first started as a Senior Scientist at the School of Criminal Sciences of the Université de Lausanne before moving to his current position as an Associate Professor at the School of Criminology of the Université de Montréal. The main research interests of Prof. Décary-Hétu focus on the impacts of technology on crime. Through his innovative approach based on big and small data, as well as social network analysis, Prof. Décary-Hétu studies how offenders adopt and use technologies, and how that shapes the regulation of offenses, as well as how researchers can study offenders and offenses. Prof. Décary-Hétu is the Deputy Director of the International Centre for Comparative Criminology (ICCC), the Chair of the Division of Cybercrime of the American Society of Criminology and the Chair of the Darknet and Anonymity Research Centre (DARC) that was funded by the John R. Evans Leaders Funds from the Canada Foundation for Innovation. His team collects and studies data from all types of offenders who use anonymity technologies such as the darkweb, cryptocurrencies and encryption. Prof. Décary-Hétu has received funding from both public and private grantors operating at the local, provincial, federal and international level. He has published in leading academic journals and is invited regularly in the news media to comment on recent events.