Banking malware is malicious software that aims to steal money from victims via manipulated bank transfers in online banking. This paper describes how the profits of banking malware are generated and subsequently laundered, with a particular focus on the use of bitcoins and other digital payment methods. Computers are infected with banking malware via phishing emails, in which people are persuaded in various ways to click on links or open attachments, or via exploit kits, programs that try to find weak spots in the security of computer systems. After infection, bank transfers of the online banking accounts of victims are manipulated via fake website screens (web injects). Behind the screens the amounts and beneficiaries of transactions are modified, emptying the victims’ bank accounts. In the next step, the banking malware profits are laundered. In this paper we describe two models that are used in particular (next to more traditional money laundering methods). The first model involves the use of money mules and a quick cash-out. The second model focuses on direct spending via (a) direct purchases of products via online shopping, (b) direct purchases of bitcoins via Bitcoin exchanges or (c) direct purchases of luxury goods. Bitcoins can be further laundered via so-called mixing services. All in all, these methods allow criminals to launder profits in relative anonymity and prevent seizure of the illegal profits.
The Internet of Things (IoT) is rapidly growing, and offers many economical and societal potentials and benefits. Nevertheless, the IoT also introduces new threats to our Security, Privacy and Safety (SPS). The existing work on mitigating these SPS threats often fails to address the fundamental challenges behind the mitigation measures proposed, and fails to make the relations between different mitigation measures explicit. This paper, therefore, offers a conceptual framework for understanding and approaching the challenges and obstacles that arise in addressing the SPS threats of the IoT. This contribution aims to help policymakers in adopting policies and strategies that stimulate others to develop, deploy and use IoT devices, applications and services in secure, privacyfriendly and safe ways.
Ransomware is malicious software (malware) that blocks access to someone’s computer system or files on the system and subsequently demands a ransom to be paid for unlocking the computer or files. Ransomware is considered one of the main threats in cybercrime today. Cryptoware is a specific type of ransomware, which encrypts files on computer systems. The ransom is often demanded in bitcoins. Based on desk research, a series of interviews, and the investigation of several police files, this paper investigates the modi operandi in which cybercriminals use ransomware and cryptoware to make profits and how they launder these profits. Two models, based on the payment of the ransom via vouchers and via bitcoins respectively, are identified and described. These methods allow criminals to launder profits in relative anonymity and prevent the seizure of the illegally obtained money.
In an attempt to strengthen the position of the police to fight cybercrime, the Dutch government proposed new legislation giving police agencies new investigative powers on the Internet. This proposed legislation is controversial as it allows police agencies to hack into computers and install spyware. This paper examines the background and contents of the proposed legislation and tries to answer the question to what extent these new investigative powers may result in infringements of the right to privacy and other fundamental rights of citizens, and whether these infringements are justified. The framework for this evaluation, mainly based on the European Convention on Human Rights, focuses on the legitimacy and necessity of the proposed investigative powers. The most important considerations are that new investigative powers are introduced while existing powers are not used adequately and that there are serious doubts as to whether these new investigative powers will be effective.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.