Usenix Enigma A university sleuth investigating online bootleggers has spoken of his research into counterfeit markets – including revealing the moment he accidentally blocked off a chunk of Manhattan to scammers.
Understanding the money trail behind illicit internet businesses has been a passion of Damon McCoy, an assistant professor of computer science at New York University. On Monday, he told the Usenix Enigma security conference in San Francisco of his team’s research into the underground world of counterfeiters, and some successes in hurting their profits.
When someone buys something online, a payment processor liaises between the seller and the buyer's credit-card company. Some of these payment processors have tailored their business models to protect counterfeiters and the money they make, it turns out.
McCoy’s foray into the field involved chasing down spammers who sold knockoff drugs and software in the mid-2000s. He found 95 per cent of the fraudsters funneled their funds through three banks in Asia. His evidence was used by credit-card companies to fine the payment processors, which in turn axed all ties with the spammers.
Cutting off the crooks' financial lifelines was more effective at shutting them down than knocking their servers or botnets offline. McCoy eavesdropped on one conversation between the spammers as they complained that "fucking Visa burned us with napalm," after one set of fines.
“You don’t see these kind of complaints when a botnet gets taken down,” he said. “It shows we hurt them.”
Two years ago, after pursuing spammers, McCoy was commissioned by four luxury goods manufacturers to study the trade of ersatz valuables. He found underworld merchants had changed tactics to protect their ill-gotten gains.
McCoy and his team obtained pre-paid credit cards to buy counterfeit goods online – as they had in the first study – but found these were blocked by payment processors. They tried using ordinary business cards but these were also unusable.
So McCoy worked with one of the manufacturer's legal department to set up a limited liability company, and started issuing business credit cards registered to his organization. That worked for a few months, allowing McCoy to order fake goods. He would then report the dodgy dealers and their payment processors to get them shut down.
The scammers and their payment handlers soon wised up to McCoy's efforts, and started blocking not only his credit cards but also the IP addresses he and his team were using to investigate them.
“If you live within three miles of me in Manhattan you probably can’t buy counterfeit goods online thanks to me,” he said. “I used a lot of coffee shops in the area to make these purchases and the IP addresses got blocked.”
McCoy and his team then diversified their operation by drafting in helpers across the country. From that they discovered that two payment processors were handling the bulk of the traffic for counterfeit sales: RealyPay and Payworks – both based in China.
“We really hoped they were not complicit and were being duped,” McCoy said. “However, as I did more investigating, I found out they know what they are doing and tailor their services to the customers to keep merchants from being detected.”
Follow the money
For a start, the pair of payment processors charge about double the usual fee for their services, typically four to six per cent of the cost of the transaction compared to two to three per cent of legitimate business. They also charged a 5,000RMB (US$760) annual fee. McCoy speculated the high costs were being used to pay off credit card company fines. It appears the processors didn't hit the counterfeit merchants with the fines directly, he said.
McCoy said that after the research was handed over, RealyPay was shut down, at least temporarily. Its website is still up and running.
In addition, the team identified three Chinese banks that were handling most of the payments for the dodgy sales – the Bank of China, the Bank of Communications, and the Agricultural Bank of China. It is not clear what measures the banks have taken against sellers of fake gear. A bank in South Korea was also fingered by McCoy’s team, and it ended all dealings with bootleggers shortly afterwards.
Part of the problem is China’s strict banking secrecy laws, McCoy explained. We have no way of knowing if the banks are fining payment handlers, he said, but it doesn’t appear that the counterfeiters are being hampered so far. ®