Connect with us

Hi, what are you looking for?



Catch Me If You Can – Mining Data to Spot Cybercrime Patterns

Fighting web fraud is a game of cat and mouse between fraud analysts and cybercriminals where the odds are stacked against fraud analysts.

Fighting web fraud is a game of cat and mouse between fraud analysts and cybercriminals where the odds are stacked against fraud analysts. The bad guys have the upper hand pitting tools, targets, time and tenacity against fraud analysts doing their best to identify fraudulent transactions, prevent web fraud while at the same time not stopping good customers from transacting at their web site. Intentify Cybercrime Patterns

The fraud analysts I’ve met are diligent, always looking for edge that puts them ahead of scammers. For fraud analysts getting hit by web fraud is personal—like the feeling of violation you would get opening your front door and discovering someone broke into your house. What gives fraud analysts edge against scammers? Data. Like all things digital, web fraud is measurable and mineable.

How does data help fraud analysts stop and prevent fraud? It depends on the nature and context of the transaction. I’ll use an example from the non-digital realm to illustrate. I came across new research by UCLA scientists working with L.A. police to analyze crime patterns in order to identify crime ‘hotspots.’ The research is federally funded by the National Science Foundation and the U.S. Department of Defense. The researchers developed a mathematical model that enables them to predict how “each type of crime hotspot will respond to increased policing, as well as when each type might occur, by a careful mathematical analysis involving what is known as bifurcation theory” according to a UCLA report. The researchers leverage crime data to determine “whether a particular neighborhood will see an increase in crime.” One of the researches, Jeffrey Brantington, observes that “criminal offenders are essentially hunter-gatherers; they forage for opportunities to commit crimes.” Brantington’s observation applies to cybercriminals as well as local neighborhood carjackers.

Fraud analysts leverage data too—to discern patterns and identify cybercrime hotspots. Doing so enables them to adjust their strategy according to the patterns. This insight helps them increase their effectiveness at detecting fraud—and more importantly it helps them go on the offensive to prevent fraud. Here’s a simple example that illustrates how understanding patterns can help head-off fraud.

I queried our ThreatMetrix Fraud Network of global transaction data to see which countries for the month of May had the highest percent of transactions that were conducted using hidden proxies located in the United States. This view of web transaction traffic provides a window into behaviors that can be useful in identifying patterns that tip off cybercrime hot spots still in formation—a system fraud analysts can use to thwart scammers before they strike by tuning the rules that examine transactions looking for risk.

Hidden Proxy Usage

Keep in mind that just because someone is using a hidden proxy in the US from another country to appear as if they are located in the US isn’t always an indicator for fraud. For example, there may be political reasons why an internet user in a certain country takes pains to preserve their anonymity. But when this knowledge is combined with other transaction characteristics it can be a strong contributing factor to more accurately make the right call.

So, which country was hiding behind US proxies more any other as a percentage of all transactions (drum roll please)? The winner is—Iran, with a whopping 70% of all transactions coming through a hidden proxy in the US, followed by Burma with a comparatively small 17%. Tiny Benin, a country in West Africa, narrowly beat out the United States to make the top ten. I waded deeper into the data to try and understand why Iran might top out so much higher than any other country. I discovered that a disproportionate number of the Iranian-based hidden proxy transactions came through a single customer. I suspect this customer probably already knows this, and has researched further into the data by scrutinizing other characteristics of the transactions to determine the risk associated with them. It might be useful to run the same query on our network to see if a similar pattern existed in April, or six months ago. We might observe when this pattern emerged, and therefore better understand its origin. More data is better, as long as you can get it fast enough and have the analytical power to detect web crime patterns.

The researchers at UCLA want to give law enforcement authorities a leg-up on fighting crime by shining light on crime patterns early enough to help them focus resources early and use them wisely to stop crime and respond faster. Patterns can reveal the criminal mind from a macro perspective, providing them this advantage. This is even more critical in the fight against cybercriminals and scammers—where a fraction of a second can make all the difference.

Advertisement. Scroll to continue reading.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...