240 likes | 457 Views
Cheating and Cybercrimes @ Gambling Sites.Com. John McMullan, PhD Saint Mary’s University Aunshul Rege, PhD Student Rutgers University. Internet Gambling. Proliferation of cybercrimes @ gambling sites; yet little research done
E N D
Cheating and Cybercrimes @ Gambling Sites.Com John McMullan, PhD Saint Mary’s University Aunshul Rege, PhD Student Rutgers University
Internet Gambling • Proliferation of cybercrimes @ gambling sites; yet little research done • Wood & Griffith (2008) – cheating & perceptions of poker players; American Gaming Association (2006) – cheating & perceptions of internet casino players; McMullan & Rege (2007) – cyberextortion & internet gambling; CERT-LEXSI (2006) – organized crime & internet gambling • No systematic mapping of relationships between internet gambling and criminal behaviour or cheating • This presentation covers: • Types of cheating and cybercrimes • Techniques of cheating and cybercrimes • Organizational dynamics of cheating and cybercrimes • Legal challenges of cybercrimes
Methods • 48 combinations of keywords • 10 page, 100 item cutoff; 4800 docs • Approx. 500 documents • 2000 to 2008 timeframe • Document Analysis • Availability (Internet & Library) • Accessibility • Internet (News sites; FinCEN; FATF) • Reports & White Papers (Internet Gambling Report IV; Game Developers; Gaming Commissions) • Academic Databases (Sociological Abstracts; EBSCO Academic Search Premier; ACM Digital Library • - Search Criteria • Technical skill • Tactical and strategic knowledge • Division of labour • Organizational traits of cybercrime • - Credibility • Authenticated websites • Triangulating sources • Registry of sources
Diversity of cybercrime • We uncovered hundreds of examples of alleged cheats and crimes related to internet gambling • For purposes of this presentation, we focus on 24 case studies indexing the diversity of criminal conduct • Cheating (3): PokerSmoke; HoldemGenius; PartyPoker (JJProdigy) • Collusion (3): FullTiltPoker; AbsolutePoker; UltimateBet • Malware and botnets (2): CheckRaised; BrotherSoft • Software exploitation (2): Cryptologic; Texas Hold ‘Em • Fraud (2): MaxLotto; India Lottery Scam • Money laundering (3): BetWWTS; Giordano; Uvari • DDoS attacks (2): FullTiltPoker; TitanPoker • Cyberextortion (3): BetCris; Canbet; Multibet • Phishing and identity theft (4): Euromillion Espana; PartyPoker; Lucky7Lottery; Massachusetts State Lottery
Approach • Internet crime is rational • Structured to enhance successful outcomes • Structured to manage problems of social control • Opportunity • Relations with victims • Detection • Prosecution • Sanction • Different types of organizations emerge to survive in the digital environment • Techno-nomads • Digital Associates • Criminal Assemblages
Ten examples emphasizing some of the more complex criminal events • Cheating & Techno Nomads • PokerSmoke & HoldemGenius • Collusion & Digital Associates • AbsolutePoker & Ultimatebet • Identity Fraud & Criminal Networks • Euromillion Espana & PartyPoker • Cyberextortion & Criminal Networks • Betcris & Canbet • Money Laundering & Criminal Networks • Uvari Bookmaking Scheme & Giordano Group
Cheating & Techno Nomads • AI programs • Hands-free, robotic poker player • Plays at level of a professional player in tournaments • Sophisticated Decision Engine • Advanced Neural Network Technology • Memorized opponents’ game styles, recognized betting patterns, calculated pot and hand odds – on auto-pilot!
Cheating & Techno Nomads • Similar technology to PokerSmoke • Used in hundreds of online poker rooms to increase edge over other players • Fully functional website • Regular software upgrades • Online tutorials • Customer support
Characteristics of Techno-nomads • Ranged in technical expertise: users, producers, marketers • Worked alone or on ‘contract’ • Underground economy: services, technical knowledge, digital loot, training, manufacturing • Anonymous • Avoided contact with victims • Impersonation • Surprise attacks • Escapist/ lived in digital shadows • Evasion & Avoidance of Law/Security
Collusion & Digital Associates • Tokwiro and Kahwanake Commission • Player vigilance • NioNio’s win rate: $300,000 in 3,000 hands • Ten SD above average = winning one million dollar lottery six consecutive times • Nio Nio core of organized network of 19 super accounts using 88 virtual persons to cheat players for 43 months – May 04 – Jan 08.
Collusion & Digital Associates (ctd) • Software code allowed systemic cheating and theft – take $25 mill US • Corporate Shell Game: Logic, Excapsa, Tokwiro, Blast Off Ltd. • 3 Super Accounts Connected to W.S.P winner and former founder of UltimateBet • (aka. allegedly Russ Hamilton) • Detection, Prosecution, Penalty
Collusion & Digital Associates • Teams in both one-off or ongoing projects: fraud, theft, small-scale money laundering, seat stealing, and cheating scams • Tokwiro Enterprises and Kahnawake Gaming Commission • PotRipper aka A.J. Ripper aka allegedly to be A.J. Green (former executive) • Seven Superuser accounts • #363 aka allegedly to be Scott Tom (owner) – inside access • Real-time information sharing of hole cards • Stole b/w 0.5 and 1 mill in 6 weeks • Detection, Prosecution, and Compensation
Other Digital Associates • Business crimes • Withholding winning revenue from players • Fraud by fabricating phantom websites and malware to deceive would be clients • Identity theft • Employee/workplace crimes • hacking into corporate data bases • selling gaming information, software, and algorithmic programs [BetonSports, Cryptologic] • small-scale organized crime • money laundering through botnet manipulations and chip dumping • online betting fraud [India 2007]
Characteristics of Digital Associates • Working Crafts • Routinization • Impersonation/multiple identities • Multiple, simultaneous targeting of victims • Small takes • Efficient Modus Operandi • Effective Modus Vivendi: evading detection, avoiding punishment • Managing Risk with Victims • Size & density of sites, activities & users
Identity Fraud & Crime Networks Euromillion Espana • Combined confidence cheating with identity theft • Multinational in scope • Valued at $200 mill. • OC groups in Spain, France, Australia, UK • Traditional tactics (social eng, fake docs) • Technological tactics (emails, fake sites) • Deceptive attack [tricked by fraudulent messages] • Malware attack [use of malicious code to retrieve personal information] • DNS attack [manipulate IP addresses to send personal information] • 300 members of crime networks eventually arrested by undercover operation • Yet crime networks remained regenerative
Identity Fraud & Crime Networks Phishing Site Screenshot • Well-organized phishing scam • Created perfect replica of Party Poker site • Hosted site on their own illegal servers • Sent spoofed email warning of Impact of new gambling law onPartyPoker users • Link to cloned site • Log in w/ personalinformation • ID theft; playerimpersonation;playing credit theft; digital data black marketing
Cyberextortion & Crime Networks • Between 2000 and 2006, hundreds of gambling sites targeted for hundreds of millions of dollars • British bookmakers alone in 2004 lost over $70 mill. to cyberextortion groups • DDoS attacks; digital shakedowns • Network Organization – organizers; extenders; executors • Lateral networked structures: • regenerative characteristics • minimum personal contacts • virtual recruitment via online mediums - dispersed automatic hierarchy of authority - top-down compartmentalization operation - fluid flexible modus operandi
Tax Evasion, Avoidance & Crime Networks Computer Emergency Response Team - Laboratoire d'EXpertise en Sécurité Informatique (CERT-LEXSI) (2006). Online Gaming Cybercrime: CERT- LEXSI’S White Paper, July 2006.
Tax Evasion, Avoidance & Crime Networks • Uvari Group • Illegal gambling • Criminal members scattered globally • Intermediary between gamblers and sport betting companies • Use of virtual and terrestrial Sites • Uvari group opened accounts for players in offshore markets – Isle of Man, Curacao, etc • Traded player identities for incentives, bonuses, and tax benefits • Created hundreds of dummy accounts in Uvari names – tax evasion for players on wins and tax deductions for losses for Uvari members on dummy accounts • Family bonds & entrepreneurial ties • Flat; networked structure; no hierarchy
Money Laundering & Crime Networks Gambling sites as laundering enterprises • Used shell corporations & bank accounts worldwide [Central America, Caribbean, and Hong Kong] to clean illicit capital • playwithal.com • 40,000 customer accounts were used to move money through gambling sites to offshore banks • Family affair • Giordano (organizer) • son-in-law (controller) • Wife & daughter (finances) • Other members • Clerks; runners; enforcers
Characteristics of Crime Networks • Structured as businesses • Global in scope and modus operandi • More complex division of labour • Greater organizational prominence and persistence • Substantial financial takes and more complicated modus operandi • Dot.cons networks = international pods of loosely connected groups • Networks as nodal ‘contact points’ for crimes • Rhizomatic structures/regenerative • Yet crime assemblages were higher risk events: fusion of internet galaxy and terrestrial world • Greater police ad private security interest • The ‘dialectics’ of techno-war: opportunity reduction remedies vs. counter detection measures • Private ‘fiefdoms’ of security vs. industry-wide security • The rise of ‘civilian strikeback’ measures
Legal Challenges • Revise standard laws • Up-to-date technically • Enact legal definitions for virtual environments • Harmonize definitions within nation states • Harmonize Legal Matters Across Jurisdictions • Legal definitions • Licensing agreements • Evidence Admissibility • On-site audits/inspections
Legal Challenges (ctd) • Strengthen Transborder Enforcement • Unified Legal Permissions • Harmonize policing standards re: search & seizure, intangible data, warrants, notifications, and storage of evidence • Calibrate judicial approvals for the management and execution of intercepted data and decrypted data so as to permit wide use in multilateral contexts • Improve ‘market solutions’ to cybercrime • Extend & rationalize relations between public and private security • Create industry-wide benchmarks for cybersecurity that are cost-effective and applicable to all • Establish new modified legal environments to galvanize better technical preventative market-driven crime solutions
Thank youQuestions? John McMullan, PhD Saint Mary’s University Aunshul Rege, PhD Student Rutgers University