Measuring eWhoring

eWhoring is the term used by offenders to refer to a type of online fraud in which cybersexual encounters are simulated for financial gain. Perpetrators use social engineering techniques to impersonate young women in online communities, e.g., chat or social networking sites. They engage potential customers in conversation with the aim of selling misleading sexual material – mostly photographs and interactive video shows – illicitly compiled from third-party sites. eWhoring is a popular topic in underground communities, with forums acting as a gateway into offending. Users not only share knowledge and tutorials, but also trade in goods and services, such as packs of images and videos. In this paper, we present a processing pipeline to quantitatively analyse various aspects of eWhoring. Our pipeline integrates multiple tools to crawl, annotate, and classify material in a semi-automatic way. It builds in precautions to safeguard against significant ethical issues, such as avoiding the researchers’ exposure to pornographic material, and legal concerns, which were justified as some of the images were classified as child exploitation material. We use it to perform a longitudinal measurement of eWhoring activities in 10 specialised underground forums from 2008 to 2019. Our study focuses on three of the main eWhoring components: (i) the acquisition and provenance of images; (ii) the financial profits and monetisation techniques; and (iii) a social network analysis of the offenders, including their relationships, interests, and pathways before and after engaging in this fraudulent activity. We provide recommendations, including potential intervention approaches.This work was supported by the Engineering and Physical Sciences Research Council (EPSRC) [grant number EP/M020320/1], by MINECO (grant TIN2016-79095-C2-2-R), and by the Comunidad de Madrid (P2018/TCS-4566, co-financed by European Structural Funds ESF and FEDER)

Understanding the role of outsourced labor in web service abuse

Modern Web services are typically free and open access, often supported by advertising revenue. These attributes, however, leave services vulnerable to many forms of abuse, including sending spam via Web-based email accounts, inflating page rank scores by spamming backlinks on blogs, etc. However, many of these schemes are nontrivial to execute, requiring technical expertise and access to ancillary resources (e.g. IP diversity, telephone numbers, etc.). Thus, many scammers prefer to offload the execution of their abuse schemes onto hired labor. This desire to minimize effort has created a demand for workers to carry out malicious tasks. Meanwhile, various online labor marketplaces have emerged that connect employers with cheap, human workers. Abusers have turned to online freelancing sites to find workers willing to carry out numerous schemes. Outsourcing is an attractive option for entrepreneurial scammers, as the workers are typically cheap, technically adept, and exist in vast numbers. In this dissertation, we investigate how outsourcing impacts the security of Web services; no longer must service providers be wary of automated tools, they must now contend with inexpensive human labor willing to do any menial task. In the first part of the dissertation, we characterize the role of freelance labor in Web service abuse, analyzing over seven years of data from the popular crowdsourcing site Freelancer.com, as well data from our own active job solicitations. We identify the largest classes of abuse work, including account creation, social networking link generation and search engine optimization support, and characterize how pricing and demand have evolved in supporting this activity. We show that scammers heavily employ outsourced labor, with abuse jobs constituting approximately 30% of the job solicitations on the site. Further, we demonstrate that workers quickly adapt their skill sets in responses to changes in demand for various abuse tasks. Lastly, the engagement portion of our study shows that workers actually deliver the promised goods, though the quality of the items is often variable. The second part of the dissertation focuses exclusively on the role of humans in circumventing CAPTCHAs. Human CAPTCHA solving services represent a heavily commercialized, outsourced abuse task, and we perform an in-depth analysis of this industry. CAPTCHAs are an ubiquitous defense used to protect open Web resources from being exploited at scale. In response to the widespread deployment of CAPTCHAs, a robust solving ecosystem has emerged, selling real-time human labor to bypass these protections. We analyze the behavior and dynamics of CAPTCHA-solving service providers, their price performance, and the underlying labor markets driving this economy. Ultimately, our work shows that CAPTCHAs are effective at differentiating between humans and computers. However, due to the vast number of human workers willing to solve CAPTCHAs for low wages, CAPTCHAs cannot necessarily prevent widespread abuse; instead, they serve as a low- cost economic impediment to abusers The results from these two studies demonstrate the increasing role that outsourcing plays in abusing Web services at scale. Furthermore, they suggest that Web services not only need to consider automated threats, but also must contend with an agile human labor pool. Lastly, they suggest one way to evaluate deployed security mechanisms, by monitoring the price and demand fluctuations for various abusively obtained product

Understanding the role of outsourced labor in web service abuse

Modern Web services are typically free and open access, often supported by advertising revenue. These attributes, however, leave services vulnerable to many forms of abuse, including sending spam via Web-based email accounts, inflating page rank scores by spamming backlinks on blogs, etc. However, many of these schemes are nontrivial to execute, requiring technical expertise and access to ancillary resources (e.g. IP diversity, telephone numbers, etc.). Thus, many scammers prefer to offload the execution of their abuse schemes onto hired labor. This desire to minimize effort has created a demand for workers to carry out malicious tasks. Meanwhile, various online labor marketplaces have emerged that connect employers with cheap, human workers. Abusers have turned to online freelancing sites to find workers willing to carry out numerous schemes. Outsourcing is an attractive option for entrepreneurial scammers, as the workers are typically cheap, technically adept, and exist in vast numbers. In this dissertation, we investigate how outsourcing impacts the security of Web services; no longer must service providers be wary of automated tools, they must now contend with inexpensive human labor willing to do any menial task. In the first part of the dissertation, we characterize the role of freelance labor in Web service abuse, analyzing over seven years of data from the popular crowdsourcing site Freelancer.com, as well data from our own active job solicitations. We identify the largest classes of abuse work, including account creation, social networking link generation and search engine optimization support, and characterize how pricing and demand have evolved in supporting this activity. We show that scammers heavily employ outsourced labor, with abuse jobs constituting approximately 30% of the job solicitations on the site. Further, we demonstrate that workers quickly adapt their skill sets in responses to changes in demand for various abuse tasks. Lastly, the engagement portion of our study shows that workers actually deliver the promised goods, though the quality of the items is often variable. The second part of the dissertation focuses exclusively on the role of humans in circumventing CAPTCHAs. Human CAPTCHA solving services represent a heavily commercialized, outsourced abuse task, and we perform an in-depth analysis of this industry. CAPTCHAs are an ubiquitous defense used to protect open Web resources from being exploited at scale. In response to the widespread deployment of CAPTCHAs, a robust solving ecosystem has emerged, selling real-time human labor to bypass these protections. We analyze the behavior and dynamics of CAPTCHA-solving service providers, their price performance, and the underlying labor markets driving this economy. Ultimately, our work shows that CAPTCHAs are effective at differentiating between humans and computers. However, due to the vast number of human workers willing to solve CAPTCHAs for low wages, CAPTCHAs cannot necessarily prevent widespread abuse; instead, they serve as a low- cost economic impediment to abusers The results from these two studies demonstrate the increasing role that outsourcing plays in abusing Web services at scale. Furthermore, they suggest that Web services not only need to consider automated threats, but also must contend with an agile human labor pool. Lastly, they suggest one way to evaluate deployed security mechanisms, by monitoring the price and demand fluctuations for various abusively obtained product

An Analysis of Underground Forums

Underground forums, where participants exchange information on abusive tactics and engage in the sale of illegal goods and services, are a form of online social network (OSN). However, unlike traditional OSNs such as Facebook, in underground forums the pattern of communications does not simply encode pre-existing social relationships, but instead captures the dynamic trust relationships forged between mutually distrustful parties. In this paper, we empirically characterize six different underground forums — BlackHatWorld, Carders, HackSector, HackE1ite, Freehack, and L33tCrew — examining the properties of the social networks formed within, the content of the goods and services being exchanged, and lastly, how individuals gain and lose trust in this setting