Reseller Bots: Understanding the Ecosystem | F5 Labs
- by nlqip
Neutral/Mixed Intentions
Many of the actors in this system are neither completely benign nor completely malicious. Some of these practices are bifurcated into legal and illegal practices, such as the rather obvious distinction between criminal and benign payment facilitators. Some of these provide services that can genuinely be used either way, such as reshipping services and VPN services. In many cases the service providers prefer not to know how their services are being used, and therefore occupy a grey area in which resellers and related entities thrive.
Proxy/VPN Service Providers
To appear to be many individual buyers and evade easy detection, reseller bots need to use IP addresses from a variety of different geographical locations and Internet service providers. To maximize the probability of success, these IP addresses have to be of high reputation, that is, they must not appear on any lists of known malicious IPs. Naturally, in such a mature industry, there are service providers that offer this to resellers. Not all of these are malicious—many benign users employ legitimate VPN services for privacy—but many of them are. Without these services, retailers would easily be able to detect and mitigate resellers’ efforts, so this represents a critical service for resellers today.
Reshippers
These are service providers that are in the business of receiving shipments on behalf of people and reshipping them to a secondary location. Reshippers are controversial, since there are both benign and nefarious reasons that people use them.
Benign Reshipping
Some buyers may live outside of geographic regions where their favorite ecommerce sites ship. These people will buy commodities, ship them to reshipping services within supported regions, and forward the deliveries to their home. Reshipping can also serve a benign purpose if an ecommerce company charges too much to ship internationally; in this case it might be more cost effective to employ the services of a reshipper.
Malicious Reshipping
In contrast, malicious resellers who buy items with stolen credit cards cannot ship the stolen items to their own house, as this will increase the probability that they get caught. Instead, they use a false name and a reshipping address when they check out. Depending on the level of sophistication and scale of the fraud, some criminals ship their stolen goods through a whole chain of reshippers. The rise in the use of malicious reshippers, and the fact that some of them do not maintain records to prevent being subpoenaed by law enforcement, has given this business a bad reputation.
Secondary Marketplaces
Resellers need a place to sell their products. They typically use large secondary marketplaces with a large built-in customer base and built-in additional services such as inventory management, shipping and logistics, payments collection, fraud detection, etc. Large secondary marketplaces include Amazon, eBay and StockX. There are also secondary markets that do not provide these additional services, such as Craigslist, Facebook Marketplace, TikTok, and Instagram. In these marketplaces, resellers simply post their wares and generate demand that they can service through another medium—offline, on their own or through other digital platforms. These secondary markets are especially attractive to both criminal resellers that do not want to be tracked, or those who have been banned from large marketplaces like eBay and Amazon.
Marketing and Communication Platforms
Many resellers use Telegram, Discord, or other communication channels to stay in touch with their buyers. This is where they source ideas on what products to target, collect pre-orders, deal with customer complaints, and so on. These platforms are essential to ensure the engagement, satisfaction, and loyalty of buyers, which is key for the operation of the reseller’s business.
Payments Facilitators
Just as IP addresses can give resellers away, so can a payment method. If thousands of seemingly different customers all use the exact same payment card information, that tells retailers that they’re being targeted by bots, even if the IP addresses are globally distributed. This kind of analysis by retailers has driven resellers to use a variety of payment facilitators to distribute their funds and avoid detection. As with reshippers, these facilitators can be either benign or malicious.
Benign Facilitators
There are a number of fintech companies and large banks that offer products to assist with this. One large US bank offers customers a browser extension that generates a new, single-use credit card number for each transaction. This feature is designed to protect customers’ credit card information online, but it also lends itself very well to the reseller bot’s use case. Some third-party payment providers like PayPal process payments for retailer sites, but do not pass as much buyer information on to the retailer as credit cards do. This creates a loophole that resellers can exploit to get around defensive controls.
Malicious Facilitators
In addition to the legal payment methods above, the criminal contingent of resellers needs stolen credit cards to fund their purchases, for which they engage the services of other criminals with access to validated stolen credit cards. Because these stolen cards cost resellers less than their shopping value at the retailer, criminal resellers are effectively getting a discount on the commodities they buy, leading to higher profit margins.
Separate from the facilitators trafficking in stolen goods are those who operate payment networks on the edge of legality— these are service providers with hundreds of payment cards that they lease out to resellers for a period of time, similar to how attackers can rent a botnet. This allows the reseller to leverage these cards and then get billed for their spend plus an additional fee.
Conclusion
When we noted that the reseller bot industry was professionalized, we not only meant that it was lucrative and therefore competitive, but also that it is highly differentiated and mature. These various specialized entities work together to ensure that the resellers can acquire inventory at scale and resell it at a profit. Keep in mind that the entire ecosystem is reliant upon the buyer, who ultimately supplies all the value in the system. Unfortunately, buyers vary widely in their habits and motivation, which makes permanently disrupting this business model and ecosystem very difficult. The next article in this series will illustrate these challenges by exploring some case studies around the fight against reseller bots.
Source link
lol
Neutral/Mixed Intentions Many of the actors in this system are neither completely benign nor completely malicious. Some of these practices are bifurcated into legal and illegal practices, such as the rather obvious distinction between criminal and benign payment facilitators. Some of these provide services that can genuinely be used either way, such as reshipping services…
Recent Posts
- Hackers Strike at Heart of Italian Government
- The Rise of Ransomware-as-a-Service and Decline of Custom Tool Development | BlackFog
- Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks
- Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System