Techniques used by cybercriminals often differ from those used for laundering other types of dirty money. That’s because techniques and methods for cybercrime are quickly shared and traded via dark web marketplaces, Mador explained. Cybercriminals are already operating fully on these marketplaces, and so it’s a natural transition, he said.
For at least the past two years, cybercriminals have used increasingly creative methods centered on “gig economy” apps like Uber and Airbnb, according to Mador. The schemes work to filter dirty money through several automated systems, eventually making their way back to the criminal clean.
In one common scam, criminals recruit Uber drivers to pretend to take them on a ride. The criminal never shows up, but uses illicit money from a stolen credit card to pay for the trip. The driver then wires a portion of the payment for the trip back to the criminal.
Ads seeking help laundering assets by this method can be seen on the dark web, a network of websites outside the established internet only accessible through special applications, Mador said.
TrustwaveA dark web ad, provided by security researchers at Trustwave’s SpiderLabs, seeks “fake” Uber drivers to help launder illicit cybercrime proceeds.
Uber first learned about the money laundering because it was so prevalent in the Chinese market, according to a spokesperson, and has taken several steps to fight this type of fraud. Uber ramped up its fraud-detection techniques in 2016, around the time the company pulled out of China. It has fallen to “historical lows” since then, the spokesperson said, but acknowledged it remains a problem. To fight it, the company frequently works with U.S. law enforcement, including one case involving a fake-passenger scheme that led to 13 arrests in New York in 2017.
One common technique fraudsters use is known on underground forums as “acupuncture,” the spokesperson said, because it involves a criminal overseas — typically in China or India — colluding with a U.S.-based driver by dropping location “pins” in the application along the driver’s regular route. The driver collects the earnings, usually from a stolen credit card, then wires a portion of it back to the overseas criminals, who are known as “nurses” in this scheme.
“One reason it’s enticing to the real driver is they think ‘at least I’m getting paid for driving a route that I’m normally driving anyway.’ What they don’t realize is it’s not just defrauding Uber or our platform, it’s wire fraud, it’s serious legal liability for the driver,” the spokesperson said.
Criminals use a similar scheme with Airbnb hosts, Mador explained. Hosts answer ads, generally posted on the dark web. But instead of hosting an actual guest, with all the work and hassle that might involve, they take payment from a fake guest who never has any intention of showing up. Once the money is processed through Airbnb’s system, the host refunds a portion of the nightly bill to the cybercriminal.
In one ad provided by Trustwave, posted on the dark web in May 2018 in Russian, a cybercriminal says he or she is seeking “managers of Airbnb hosts — I’m looking for people who have real hosts from this company,” for a money laundering operation.