Cell phone money laundering presented at Virus Bulletin 2011

by Denis Maslennikov (Kaspersky lab),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2011/abstracts/Maslennikov.xml

Summary : "In Russia, the vast majority of cell phone SIM cards are prepaid. One of the major Russian operators offers a fully legal
service which allows anyone who uses an operator's SIM card to transfer the prepaid amount of money from a SIM card to:
A credit card
A bank account
Unistream (a Western Union analogue)
Another cell phone number by sending a special SMS message to a short free number.
Unfortunately, this 'feature' is already actively exploited by cybercriminals. First, they buy a number of
SIM cards. This is done in order to have a pool of anonymous cell phone numbers. These numbers are then used in
ransomware, mobile malware and SMS scam campaigns.
Ransomware is a group of malicious applications which block users' computers, sometimes by showing various kinds of
annoying pop-up pornography windows. In order to unlock the PC it asks the infected user to pay a ransom by replenishing a
particular cell phone number for a standard amount of money (e.g. $10, $20, $30).
In the case of mobile malware, there are already many SMS trojans. These usually send two SMS messages. The first one
creates a transfer from the infected phone's prepaid SIM card to the hacker's SIM card. The second SMS is sent in order
to confirm the transfer completed successfully.
The SMS scam campaigns are hugely popular. They can be incredibly massive in scope. The SMS messages contain a 'phishy'
text asking the user to top up a particular cell phone number. Examples include: 'Mom, I'm in trouble. Please
replenish +7905******* for $10, I'll explain everything later.' The Moscow underground bombing in March 2010 and
Domodedovo explosion this year were also abused by cybercriminals. In both cases, cybercriminals performed SMS scam
campaigns related to them.
When a pool of cell phone numbers used by cybercriminals has been topped with credit, they need to launder the money.
Here is where the Beeline service comes in handy. To cash in, they use various techniques: Transfer money from cell phone number to credit card
Transfer to another cell phone number (in order to create a long chain of events)
Send SMS messages to premium rate numbers if they rented them
Lately, cybercriminals have also used mediators (money mules) who help with money laundering in several ways - via SMS
messages to premium rate numbers, WebMoney, carded credit cards and others. There are a lot of advertisements on the
hackers' forums where people offer their services and help in money laundering.
This particular set of conditions has created some very prosperous underground businesses that, as far as we know, are
unique to Russia. In this presentation, we will show the particular methods used by the criminals, how they make money
and, most importantly, how much money they are making."