Casino royale: a deep exploration of illegal online gambling

The popularity of online gambling could bring negative social impact, and many countries ban or restrict online gambling. Taking China for example, online gambling violates Chinese laws and hence is illegal. However, illegal online gambling websites are still thriving despite strict restrictions, since they are able to make tremendous illicit profits by trapping and cheating online players. In this paper, we conduct the first deep analysis on illegal online gambling targeting Chinese to unveil its profit chain. After successfully identifying more than 967,954 suspicious illegal gambling websites, we inspect these illegal gambling websites from five aspects, including webpage structure similarity, SEO (Search Engine Optimization) methods, the abuse of Internet infrastructure, third-party online payment, and gambling group. Then we conduct a measurement study on the profit chain of illegal online gambling, investigating the upstream and downstream of these illegal gambling websites. We mainly focus on promotion strategies, third-party online payment, the abuse of third-party live chat services, and network infrastructures. Our findings shed the light on the ecosystem of online gambling and help the security community thwart illegal online gambling.

[1]  Nick Nikiforakis,et al.  Dial One for Scam: A Large-Scale Analysis of Technical Support Scams , 2016, NDSS.

[2]  Vern Paxson,et al.  Tools for Automated Analysis of Cybercriminal Markets , 2017, WWW.

[3]  Feng Qian,et al.  Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[4]  Lawrence K. Saul,et al.  Search + Seizure: The Effectiveness of Interventions on SEO Campaigns , 2014, Internet Measurement Conference.

[5]  Zhou Li,et al.  The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO , 2016, USENIX Security Symposium.

[6]  Vern Paxson,et al.  Ad Injection at Scale: Assessing Deceptive Advertisement Modifications , 2015, 2015 IEEE Symposium on Security and Privacy.

[7]  Guang Liu,et al.  How to Learn Klingon without a Dictionary: Detection and Measurement of Black Keywords Used by the Underground Economy , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[8]  Damon McCoy,et al.  Bullet-proof payment processors , 2018, 2018 APWG Symposium on Electronic Crime Research (eCrime).

[9]  Vern Paxson,et al.  Identifying Products in Online Cybercrime Marketplaces: A Dataset for Fine-grained Domain Adaptation , 2017, EMNLP.

[10]  Stefan Savage,et al.  An inquiry into the nature and causes of the wealth of internet miscreants , 2007, CCS '07.

[11]  Christopher Krügel,et al.  Framing Dependencies Introduced by Underground Commoditization , 2015, WEIS.

[12]  Bram Klievink,et al.  Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets , 2018, USENIX Security Symposium.

[13]  Stefan Savage,et al.  Priceless: the role of payments in abuse-advertised goods , 2012, CCS.

[14]  Marco Gruteser,et al.  USENIX Association , 1992 .

[15]  Gianluca Stringhini,et al.  Movie Pirates of the Caribbean: Exploring Illegal Streaming Cyberlockers , 2018, ICWSM.

[16]  Wouter Joosen,et al.  It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services , 2016, NDSS.

[17]  Chris Kanich,et al.  Show Me the Money: Characterizing Spam-advertised Revenue , 2011, USENIX Security Symposium.

[18]  Marc Najork,et al.  Detecting spam web pages through content analysis , 2006, WWW '06.

[19]  Ryan Brunt Booted : An Analysis of a Payment Intervention on a DDoS-for-Hire Service , 2017 .