Masarah Paquet-Clouston
ABSTRACT
In the past year, a new spamming scheme has emerged: sexual extortion messages requiring payments in the cryptocurrency Bitcoin, also known as sextortion. This scheme represents a first integration of the use of cryptocurrencies by members of the spamming industry. Using a dataset of 4,340,736 sextortion spams, this research aims at understanding such new amalgamation by uncovering spammers' operations. To do so, a simple, yet effective method for projecting Bitcoin addresses mentioned in sextortion spams onto transaction graph abstractions is computed over the entire Bitcoin blockchain. This allows us to track and investigate monetary flows between involved actors and gain insights into the financial structure of sextortion campaigns. We find that sextortion spammers are somewhat sophisticated, following pricing strategies and benefiting from cost reductions as their operations cut the upper-tail of the spamming supply chain. We discover that one single entity is likely controlling the financial backbone of the majority of the sextortion campaigns and that the 11-month operation studied yielded a lower-bound revenue between $1,300,620 and $1,352,266. We conclude that sextortion spamming is a lucrative business and spammers will likely continue to send bulk emails that try to extort money through cryptocurrencies.
- Androutsopoulos, I., Paliouras, G., Karkaletsis, V., Sakkis, G., Spyropoulos, C. D., and Stamatopoulos, P. Learning to filter spam e-mail: A comparison of a naive bayesian and a memory-based approach. In Proceedings of the workshop "Machine Learning and Textual Information Access" (2000), 4th European Conference on Principles and Practice of Knowledge Discovery in Databases (PKDD-2000), pp. 1--11.Google Scholar
- Bitcoin-Wiki. Privacy. https://en.bitcoin.it/wiki/Privacy, 2019. Retrieved May 17, 2019.Google Scholar
- Chen, C., Zhang, J., Chen, X., Xiang, Y., and Zhou, W. 6 million spam tweets: A large ground truth for timely twitter spam detection. In 2015 IEEE international conference on communications (ICC) (2015), IEEE, pp. 7065--7070.Google ScholarCross Ref
- EUROPOL. Internet organized crime threat assessment report IOCTA. https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment, 2018. Retrieved March 6, 2019.Google Scholar
- F. Reid, M. H. An analysis of anonymity in the bitcoin system. In 2011 IEEE International Conference on Privacy, Security, Risk, and Trust, and IEEE International Conference on Social Computing (2011).Google ScholarCross Ref
- Filtz, E., Polleres, A., Karl, R., and Haslhofer, B. Evolution of the bitcoin address graph. In Data Science--Analytics and Applications. Springer, 2017, pp. 77--82.Google ScholarCross Ref
- Gutmann, P. The commercial malware industry. DEF CON conference, https://www.cs.auckland.ac.nz/~pgut001/pubs/malwarebiz.pdf, 2007. Retrieved February 2, 2019.Google Scholar
- Harrigan, M., and Fretter, C. The unreasonable effectiveness of address clustering. In 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld) (2016), IEEE, pp. 368--373.Google Scholar
- Haslhofer, B., Karl, R., and Filtz, E. O bitcoin where art thou? insight into large-scale transaction graphs. In SEMANTiCS (Posters, Demos, SuCCESS) (2016).Google Scholar
- Hernandez-Castro, J., Cartwright, E., and Stepanova, A. Economic analysis of ransomware. Available at SSRN 2937641, 2017. Retrieved March 6, 2019.Google Scholar
- Heydari, A., ali Tavakoli, M., Salim, N., and Heydari, Z. Detection of review spam: A survey. Expert Systems with Applications 42, 7 (2015), 3634--3642.Google ScholarDigital Library
- Huang, D. Y., Aliapoulios, M. M., Li, V. G., Invernizzi, L., Bursztein, E., McRoberts, K., Levin, J., Levchenko, K., Snoeren, A. C., and McCoy, D. Tracking ransomware end-to-end. In 2018 IEEE Symposium on Security and Privacy (SP) (2018), IEEE, pp. 618--631.Google ScholarCross Ref
- IBM-X-Force-Exchange. Necurs delivers language targeted porn scams. IBM, https://exchange.xforce.ibmcloud.com/collection/Necurs-delivers-language-targeted-porn-scams-fdb9d6b7941506807cbe56dd06e142d0, Sept 2018. Retrieved February 7, 2019.Google Scholar
- John, J. P., Moshchuk, A., Gribble, S. D., Krishnamurthy, A., et al. Studying spamming botnets using botlab. In USENIX Symposium on Networked Systems Design and Implementation (NSDI) (2009), vol. 9.Google Scholar
- Kalodner, H. A., Goldfeder, S., Chator, A., Möser, M., and Narayanan, A. Blocksci: Design and applications of a blockchain analysis platform. Retrieved March 6, 2019.Google Scholar
- Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G. M., Paxson, V., and Savage, S. Spamalytics: An empirical analysis of spam marketing conversion. In Proceedings of the 15th ACM conference on Computer and communications security (2008), ACM, pp. 3--14.Google ScholarDigital Library
- Kanich, C., Weaver, N., McCoy, D., Halvorson, T., Kreibich, C., Levchenko, K., Paxson, V., Voelker, G. M., and Savage, S. Show me the money: Characterizing spam-advertised revenue. In USENIX Security Symposium (2011), pp. 15--15.Google ScholarDigital Library
- Kessem, L. The necurs botnet: A pandora's box of malicious spam. IBM, https://securityintelligence.com/the-necurs-botnet-a-pandoras-box-of-malicious-spam/, April 2017. Retrieved March 6, 2019.Google Scholar
- Levchenko, K., Pitsillidis, A., Chachra, N., Enright, B., Félegyházi, M., Grier, C., Halvorson, T., Kanich, C., Kreibich, C., Liu, H., et al. Click trajectories: End-to-end analysis of the spam value chain. In 2011 ieee symposium on security and privacy (2011), IEEE, pp. 431--446.Google Scholar
- Lumley, T., Diehr, P., Emerson, S., and Chen, L. The importance of the normality assumption in large public health data sets. Annual review of public health 23, 1 (2002), 151--169.Google Scholar
- Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G. M., and Savage, S. A fistful of bitcoins: Characterizing payments among men with no names. In Proceedings of the 2013 conference on Internet measurement conference (2013), ACM, pp. 127--140.Google ScholarDigital Library
- Monaco, J. V. Identifying bitcoin users by transaction behavior. In Biometric and Surveillance Technology for Human and Activity Identification XII (2015), vol. 9457, International Society for Optics and Photonics, p. 945704.Google Scholar
- Möser, M., and Böhme, R. Join me on a market for anonymity. In Proceedings of the Workshop on the Economics of Information Security (WEIS) (University of California at Berkeley, 2016). Retrieved March 7, 2019.Google Scholar
- Möser, M., Böhme, R., and Breuker, D. An inquiry into money laundering tools in the bitcoin ecosystem. In 2013 APWG eCrime Researchers Summit (2013), IEEE, pp. 1--14. Retreived March 20, 2019.Google Scholar
- Nakamoto, S. Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin. pdf, 2008. Retrieved January 4, 2019.Google Scholar
- Nick, J. D. Data-driven de-anonymization in bitcoin. Master's thesis, ETH-Zürich, 2015. Retrieved March 11, 2019.Google Scholar
- Overall, J. E., Atlas, R. S., and Gibson, J. M. Tests that are robust against variance heterogeneity in kx 2 designs with unequal cell frequencies. Psychological reports 76, 3 (1995), 1011--1017.Google Scholar
- Paquet-Clouston, M., Haslhofer, B., and Dupont, B. Ransomware payments in the bitcoin ecosystem. Journal of Cybersecurity 5, 1 (2019), tyz003.Google ScholarCross Ref
- Rao, J. M., and Reiley, D. H. The economics of spam. Journal of Economic Perspectives 26, 3 (2012), 87--110.Google ScholarCross Ref
- Reid, F., and Harrigan, M. An analysis of anonymity in the bitcoin system. In Security and Privacy in Social Networks. Springer, 2013, pp. 197--223.Google ScholarCross Ref
- Ron, D., and Shamir, A. Quantitative analysis of the full bitcoin transaction graph. In Financial Cryptography and Data Security (2013), Springer, pp. 6--24. Retrieved February 15, 2019.Google ScholarCross Ref
- Schultz, J. Anatomy of a sextortion scam. Cisco Talos Intelligence, https://blog.talosintelligence.com/2018/10/anatomy-of-sextortion-scam.html, Oct 2018. Retrieved January 17, 2019.Google Scholar
- Sedhai, S., and Sun, A. Hspam14: A collection of 14 million tweets for hashtag-oriented spam research. In Proceedings of the 38th International ACM SIGIR Conference on Research and Development in Information Retrieval (2015), ACM, pp. 223--232.Google ScholarDigital Library
- Spagnuolo, M., Maggi, F., and Zanero, S. Bitiodine: Extracting intelligence from the bitcoin network. In International Conference on Financial Cryptography and Data Security (2014), Springer, pp. 457--468.Google ScholarCross Ref
- Stone-Gross, B., Holz, T., Stringhini, G., and Vigna, G. The underground economy of spam: A botmaster's perspective of coordinating large-scale spam campaigns. LEET 11 (2011), 4--4.Google ScholarDigital Library
- Stringhini, G., Hohlfeld, O., Kruegel, C., and Vigna, G. The harvester, the botmaster, and the spammer: on the relations between the different actors in the spam landscape. In Proceedings of the 9th ACM symposium on Information, computer and communications security (2014), ACM, pp. 353--364.Google ScholarDigital Library
- Tu, H., Doupé, A., Zhao, Z., and Ahn, G.-J. Sok: Everyone hates robocalls: A survey of techniques against telephone spam. In 2016 IEEE Symposium on Security and Privacy (SP) (2016), IEEE, pp. 320--338.Google ScholarCross Ref
- Zimmerman, D. W., and Zumbo, B. D. Rank transformations and the power of the student t test and welch t'test for non-normal populations with unequal variances. Canadian Journal of Experimental Psychology/Revue canadienne de psychologie expérimentale 47, 3 (1993), 523.Google Scholar
- Spams meet Cryptocurrencies: Sextortion in the Bitcoin Ecosystem
Recommendations
Cryptocurrencies as the Money of the Future
Internet of Things, Smart Spaces, and Next Generation Networks and SystemsAbstractThis article discusses, the role of cryptocurrency in the economy, its negative and positive aspects, the attitude of the population to cryptocurrencies, and the analysis of indicators of the current state of cryptocurrency, the possibility of ...
Comments