Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals

Abstract

E-commerce miscreants heavily rely on instant messaging (IM) to promote their illicit businesses and coordinate their operations. The threat intelligence provided by IM communication, therefore, becomes invaluable for understanding and mitigating the threats of e-commerce frauds. However, such information is hard to obtain since it is usually shared only through one-on-one conversations with the criminals. In this paper, we present the first chatbot, called Aubrey, to actively collect such intelligence through autonomous chats with real-world e-commerce miscreants. Our approach leverages the question-driven conversation pattern of small-time workers, who seek jobs and/or attack resources from e-commerce fraudsters, to model the interaction process as a finite state machine, thereby enabling an autonomous conversation. Aubrey successfully chatted with 470 real-world e-commerce miscreants and gathered a large amount of fraud-related artifacts, including previously-unknown SIM gateways, account trading websites, and attack toolkits, etc. Further, the conversations revealed the supply chain of ecommerce fraudulent activities on the deep web and the complicated relations (e.g., complicity and reselling) among miscreants.