If you can't buy bootleg gear online in New York, this may be why

Cyber-sherlock sheds light on studies into counterfeit goods

Usenix Enigma A university sleuth investigating online bootleggers has spoken of his research into counterfeit markets – including revealing the moment he accidentally blocked off a chunk of Manhattan to scammers.

Understanding the money trail behind illicit internet businesses has been a passion of Damon McCoy, an assistant professor of computer science at New York University. On Monday, he told the Usenix Enigma security conference in San Francisco of his team’s research into the underground world of counterfeiters, and some successes in hurting their profits.

When someone buys something online, a payment processor liaises between the seller and the buyer's credit-card company. Some of these payment processors have tailored their business models to protect counterfeiters and the money they make, it turns out.

McCoy’s foray into the field involved chasing down spammers who sold knockoff drugs and software in the mid-2000s. He found 95 per cent of the fraudsters funneled their funds through three banks in Asia. His evidence was used by credit-card companies to fine the payment processors, which in turn axed all ties with the spammers.

Cutting off the crooks' financial lifelines was more effective at shutting them down than knocking their servers or botnets offline. McCoy eavesdropped on one conversation between the spammers as they complained that "fucking Visa burned us with napalm," after one set of fines.

“You don’t see these kind of complaints when a botnet gets taken down,” he said. “It shows we hurt them.”

Two years ago, after pursuing spammers, McCoy was commissioned by four luxury goods manufacturers to study the trade of ersatz valuables. He found underworld merchants had changed tactics to protect their ill-gotten gains.

McCoy and his team obtained pre-paid credit cards to buy counterfeit goods online – as they had in the first study – but found these were blocked by payment processors. They tried using ordinary business cards but these were also unusable.

So McCoy worked with one of the manufacturer's legal department to set up a limited liability company, and started issuing business credit cards registered to his organization. That worked for a few months, allowing McCoy to order fake goods. He would then report the dodgy dealers and their payment processors to get them shut down.

The scammers and their payment handlers soon wised up to McCoy's efforts, and started blocking not only his credit cards but also the IP addresses he and his team were using to investigate them.

“If you live within three miles of me in Manhattan you probably can’t buy counterfeit goods online thanks to me,” he said. “I used a lot of coffee shops in the area to make these purchases and the IP addresses got blocked.”

McCoy and his team then diversified their operation by drafting in helpers across the country. From that they discovered that two payment processors were handling the bulk of the traffic for counterfeit sales: RealyPay and Payworks – both based in China.

“We really hoped they were not complicit and were being duped,” McCoy said. “However, as I did more investigating, I found out they know what they are doing and tailor their services to the customers to keep merchants from being detected.”

Follow the money

For a start, the pair of payment processors charge about double the usual fee for their services, typically four to six per cent of the cost of the transaction compared to two to three per cent of legitimate business. They also charged a 5,000RMB (US$760) annual fee. McCoy speculated the high costs were being used to pay off credit card company fines. It appears the processors didn't hit the counterfeit merchants with the fines directly, he said.

McCoy said that after the research was handed over, RealyPay was shut down, at least temporarily. Its website is still up and running.

In addition, the team identified three Chinese banks that were handling most of the payments for the dodgy sales – the Bank of China, the Bank of Communications, and the Agricultural Bank of China. It is not clear what measures the banks have taken against sellers of fake gear. A bank in South Korea was also fingered by McCoy’s team, and it ended all dealings with bootleggers shortly afterwards.

Part of the problem is China’s strict banking secrecy laws, McCoy explained. We have no way of knowing if the banks are fining payment handlers, he said, but it doesn’t appear that the counterfeiters are being hampered so far. ®

Other stories you might like

  • Minimal, systemd-free Alpine Linux releases version 3.16
    A widespread distro that many of its users don't even know they have

    Version 3.16.0 of Alpine Linux is out – one of the most significant of the many lightweight distros.

    Version 3.16.0 is worth a look, especially if you want to broaden your skills.

    Alpine is interesting because it's not just another me-too distro. It bucks a lot of the trends in modern Linux, and while it's not the easiest to set up, it's a great deal easier to get it working than it was a few releases ago.

    Continue reading
  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Slack-for-engineers Mattermost on open source and data sovereignty
    Control and access are becoming a hot button for orgs

    Interview "It's our data, it's our intellectual property. Being able to migrate it out those systems is near impossible... It was a real frustration for us."

    These were the words of communication and collaboration platform Mattermost's founder and CTO, Corey Hulen, speaking to The Register about open source, sovereignty and audio bridges.

    "Some of the history of Mattermost is exactly that problem," says Hulen of the issue of closed source software. "We were using proprietary tools – we were not a collaboration platform before, we were a games company before – [and] we were extremely frustrated because we couldn't get our intellectual property out of those systems..."

    Continue reading

Biting the hand that feeds IT © 1998–2022