Transcript Chinese Online Underground Economy

Matt Jennings
 Introduction
 Value
Chains
 Major value chains in the illegal market
 Means of Communication
 Conclusion
 513
million Chinese Internet users
 Over 300 million online applications
 More than 160 million subscribers
 45% have experience theft of instant
messaging accounts
 32% have had their game accounts
hacked
 Caused
832 million USD worth of damage
 Over 90,000 participants
 Easy money
 Complex organization
 Use legal web-based communication
1.
2.
3.
Person/business receives raw materials
as input
Add value to the raw materials through
different processes
Sell finished product to customers
1.
2.
3.
4.
Real Assets Theft
Network Virtual Assets Theft
Internet Resources and Services abuse
Blackhat techniques, tools and training
 Primary
motivation of cybercrime
 Banking accounts, credit limits, balances
of payment accounts, stock/fund
accounts
 The target
 Techniques:
• Trojan Horses
• Phishing
 Large
user base in online games
 Virtual currency and equipment
translates to real world money
 No rigid law on “virtual property”
 Computing
power, storage, bandwidth, IP
addresses, network traffic, sensitive data
 More resources = More Power
 Botnets
• Email/messaging
• Drive by downloads
• “hanging-on” software
 Click
fraud/spam bots
 DDoS extortion
 Engine
of the underground economy
 Hackers provide Products and Services
to the economy
 Products
• Malware, trojans, vulnerabilites
• Zero-day exploits
 Services
• Attack a target
• Train new criminals
 Most
is done through public channels
 QQ chatting
 Baidu Post Bar
• 100,000 illicit threads
 Most
visible market is for advertisement
and communication
 Higher-tiered aspects are hidden
 Cooperation between law enforcement
and network security professionals
 Legal countermeasures
 Chinese
Internet
 Value chains in illegal market
 Means of Communication
 New laws


Muncaster, Phil. "Exposing China's Vast Underground Economy â ¢
The Register." Exposing China's Vast Underground Economy â ¢ The
Register. The Register, 18 Aug. 2012. Web. 23 Sept. 2012.
<http://www.theregister.co.uk/2012/08/18/baidu_tencent_used_b
y_chinese_cyber_crims/page2.html>.
Jianwei, Zhuge, Gu Liang, and Duan Haixin. Institute on Global
Conflict and Cooperation. Rep. University of California, July 2012.
Web. 27 Sept. 2012.
<http://igcc.ucsd.edu/assets/001/503677.pdf>.