Millions and Millions of Fraud Domains: China attacks Illegal Gambling and Telecom Fraud
Last week I was reviewing a publication by the United Nation Office on Drugs and Crime published in January 2024, titled “Casinos, Money Laundering, Underground Banking, and Transnational Organized Crime in East and Southeast Asia: A Hidden and Accelerating Threat.”
(URL to the UNODC report: UNODC: Casinos, Money Laundering, Underground Banking … full report)
(URL to the USIP report: https://www.usip.org/node/160386 )
The reason I was looking into the report is that this 106 page report is about how Chinese organized crime has planted themselves in Casino complexes across Cambodia, Indonesia, Lao PDR, the Philippine, Thailand, and Viet Nam. The same modus operandi that we associate with the crypto investment scams that use the horrible name “pig butchering” to describe the financial grooming that leads to the complete financial devastation of so many Americans. In fact, I discovered the UN report, only by seeing it quoted in he report by the United States Institute of Peace, “Transnational Crime in Southeast Asia: A Growing Threat to Global Peace and Security” where it was mentioned in a footnote.
Examining Chinese Ministry of Public Security reports
The UNODC report shares statistics from a Ministry of Public Security of China note, without providing a URL, that “between January to November 2023, authorities in the country successfully resolved 391,000 cases related to telecommunications and network fraud, totaling the arrest of 79,000 suspects, including 263 ‘backbone members or paymasters’ of cyberfraud groups” (in the countries mentioned above.) This included:
- interception of 2.75 BILLION fraud calls
- interception of 2.28 BILLION fraud messages
- the removal of 8.36 million fraud-related domain names
- and 328.8 billion yuan (US $46 billion) in funds related to fraud cases.
Since I am working on a project that we call “Twenty Targets for Takedown” that is attempting to shut own illicit websites by terminating their domain registrations and hosting arrangements, the number “8.36 million fraud-related domains” made me shudder.
I am fortunate to count among my network some of the leading experts in domain-name related fraud and abuse, the number seemed overwhelmingly high, and I asked my colleagues from CAUCE, the Coalition Against Unsolicited Commercial Email, for assistance in looking into it. One quick opinion was that this could include a definition of domain name that would be more akin to a hostname, similar to what we have on Blogspot. “garwarner.blogspot.com” is a hostname on the domain “blogspot.com” … but some would call it a “fully qualified domain name” and consider it a separate FQDN than other xyz.blogspot.com or abc.blogspot.com “domains.”
John Levine helped me solve the “did they really mean millions, or is this possibly a bad translation” by helping me find the Ministry of Public Security site where the article was coming from and share several updated versions of these statistics.
18 Million Websites!
The latest article we can find, dated 31MAY2024, quotes Li Guozhong ( 李国中 ) the Spokesman for China’s Ministry of Pubic Security describing their successes over the past five years. In 2021, they established a National Anti-Fraud Center which sent out 660 million notices and were able to help stop fraud against 18.44 million people. This most recent article, which is focused on fraud and doesn’t mention gambling at all, says that they have “handled 18 million domain names and websites.” That’s a machine translation of ( 处置涉案域名网址1800万个 ). I can confirm the 18 million … written as 1800 ten thousands – 1800万个. Handled is perhaps better rendered “disposed of” 处置 (Chǔzhì). Still unsure how to interpret 域名 ( Yùmíng – Domain name) 网址 (Wǎngzhǐ – website), but I think for now, I’m going to assume it means “URLs” or “FQDNs” as opposed to only registered domains
Just since July 2023, 49,000 cyber fraud suspects have been transferred to China from northern Myanmar. 82,000 criminal suspect have been arrested, including 426 key “financial backers” behind the fraud groups.
How Much Fraud? $64 Billion to $157 Billion per year!
The US Institute of Peace report estimates that there are as many as 500,000 scammers deployed in the region, earning potentially $64 Billion per year in fraud. The methodology they used for this calculation came from the UNODC report above. On p. 55 of that report, the UN said that they estimated each scammer was earning between $300 and 400 per day, and that they believed there were 80,000 to 100,000 scammers working six days per week in one unnamed Mekong country. Using that estimate, they gave a “range” of $7.5 Billion to $12.5 billion in scam revenue for that country. These numbers were calculated consistently with a Chinese MPS report about an initiative they called “Operation Chain Break” which estimated that scam compounds, including gambling and cyber scams, were generating $157 Billion per year.
China’s Ministry of Public Security is actively conducting military style raids to help recover these fraud suspects from northern Myanmar, where China shares a long border with the country, which remains deeply embroiled in a state of civil war. MPS is also working collectively with other Southeast Asian countries and says it has “destroyed 37 overseas fraud dens.”
China Launches Month of National Anti-Fraud Action
Gee, doesn’t that sound like REACT’s Erin West and Operation Shamrock — but with the full cooperation of the Government and Society?
- pushed out 420 million warning and dissuasion instructions
- met with 14.77 million people face-to-face to give warnings
- made 310 million phone calls to warn vitims
- sent 230 million dissuasion text messages
- intercepted 3.7 billion fraud calls
- intercepted 2.96 billion fraud-related text messages
- blocked 11.619 million fraud-related domain names — BLOCKED – this may mean “prevented access via Chinese Internet — which may mean the sites are still available to victimize foreigners
- intercepted 452.9 billion yuan of funds ($62 Billion USD)
To quote Director Easterly at CISA: SHIELDS UP!
*** This is a Security Bloggers Network syndicated blog from CyberCrime & Doing Time authored by Gary Warner. Read the original post at: https://garwarner.blogspot.com/2024/06/millions-and-millions-of-fraud-domains.html