The Underground Uber Networks Driven by Russian Hackers

  • 0

The Underground Uber Networks Driven by Russian Hackers

Category : FireEye

Uber’s ride-sharing service has given birth to some of the most creative criminal scams to date, including using a GPS-spoofing app to rip off riders in Nigeria, and even ginning up fake drivers by using stolen identities. Add to those this nefariously genius operation: Cybercriminals, many working in Russia, have created their own illegitimate taxi services for other crooks by piggybacking off Uber’s ride-sharing platform, sometimes working in collaboration with corrupt drivers.

Based on several Russian-language posts across a number of criminal-world sites, this is how the scam works: The scammer needs an emulator, a piece of software which allows them to run a virtual Android phone on their laptop with the Uber app, as well as a virtual private network (VPN), which routes their computer’s traffic through a server in the same city as the rider. The scammer acts, in essence, as a middleman between an Uber driver and the passenger—ordering trips through the Uber app, but relaying messages outside of it. Typically, this fraudulent dispatcher uses the messaging app Telegram to chat with the passenger, who provides pickup and destination addresses. The scammer orders the trip, and then provides the car brand, driver name, and license plate details back to the passenger through Telegram.

In one Russian-language crime-forum post, a scammer says their service runs in some 20 cities, including Moscow and St. Petersburg, as well as Kiev in Ukraine and Minsk in Belarus; another thread suggests the service has been used in New York and Portugal as well. In some cases, the scam middleman will use an Uber promotional code or voucher for a free or discounted ride—meaning they’d just pocket whatever fee charged to the passenger. In another variation of the scheme, some scammers are working with drivers to split profits—one post explicitly says the scammer cooperates with drivers.

“Presumably, this service would operate similarly to other money laundering schemes, in which the service provider would use compromised payment credentials to cover the cost of the Uber ride for a customer, who would pay him/her the discounted rate,” David S. Mainor, who manages financial-crime analysis at cybersecurity firm FireEye, told The Daily Beast.

Regardless, the passenger pays the scammer through the Russian service Qiwi, according to two posts on Russian-language crime forums, although other schemes may use Yandex.Money or Sberbank, judging by another post. If the payment is late, one scammer writes they will cancel the trip, “usually in the middle of the ring road =).”

And the prices are cheap. One scammer is offering four hours of UberX for 600 rubles, or just over $10, and the same amount of time in an UberBlack for 1,000 rubles, or $17. On another Russian crime site, a different fraudster offers more short-time rides, with up to 40 minutes costing 200 rubles—just $3. That scammer will also redirect the driver’s call to the passenger’s own phone for an extra 80 cents.

Obviously, this is not the most profitable scam in the world. But it still shows the ingenuity of fraudsters determined to squeeze whatever profit they can out of tech services, and the idea is seemingly to build a business, albeit an illegitimate one, over time, rather than pulling a quick, one-off scam. One guide suggests marketing the scheme to students, or people who don’t want to wait for the subway, and posting adverts on VK, Russia’s version of Facebook. It also recommends giving away the first trip for free, so as to build a loyal customer base.

Customers don’t necessarily have to ride in the Ubers either; one apparently satisfied user says they like to use Ubers as “couriers,” although it’s not clear what exactly the person may have been transporting.  Some scammers have even tried to automate much of the process, by setting up a bot to handle messages instead of having a human relay them through Telegram.

“Everything is easy and accessible at any time of the day,” writes that fraudster, whose avatar includes a cartoon of a taxi. The bot has not always worked as intended though, judging by some responses to the post. Earlier this year, the scammer offered a promotional code that when typed into the bot would offer a free ride, and another of their posts says this service uses Yandex.Taxi, a kind of Russian Uber alternative.

“Currently, actors tend to focus on Uber more than other ride-sharing services, likely due to the prevalence of Uber in the global ride-sharing market; however, other such comparable services, such as Lyft, share similar risk profiles,” Mainor from FireEye added.

Uber spokesperson Melanie Ensign told The Daily Beast, after being shown a screenshot for one of the illegitimate Uber services, “We have multiple detection and prevention measures in place for this type of fraud, including multi-factor authentication for suspicious logins either at the time of login or at the time a trip is requested.  “Our anti-fraud team also uses machine-learning models and pattern detection to identify fake accounts created with stolen credit cards and routinely deactivate fraudulent actors. In some cases, we’re able to proactively refund riders when we detect fraudulent activity, but they can also report issues to our team inside the Uber app for investigation. Additionally, we have a specialized team of fraud investigators who actively monitor online forums where these services are advertised,” she added.

Not everything has been smooth sailing for these scammers. A number of customers have complained of sloppy service, and, particularly at the start of the year, multiple users said Uber had somehow clamped down on the practice. But an apparently happy customer left a positive review on one related thread just last month.

At the end of one of the online advertisements, the scammer writes, “Enjoy your trips!”

Source: The Daily Beast

Author: JOSEPH COX


Leave a Reply

Support