There are many types of filesharing services online. Some cloud providers, such as Dropbox, offer legitimate services to upload and share materials with other users. These are important, powerful tools for exchanging business-critical materials or personal documents.
However, other types of filesharing services — such as cyberlockers — are quite different. Cyberlockers are also designed to host user files, but they are typically advertised for users seeking to upload materials in either an anonymous or discrete fashion. These files can then be accessed remotely from any network device, in discreet locations with sophisticated authentication, such as encrypted passwords. To profit from this activity, cyberlocker administrators charge fees for hosting the content on their networks, and may also charge additionally for premium download speeds.
Crucially, cyberlockers do not have the built-in tools to authenticate hosts and users, nor internal frameworks to prevent the hosting of illicit materials, that legitimate file-sharing services do. And cyberlockers deliberately evade law enforcement and do not remove information; conversely, legitimate cloud providers swiftly take down illegal material and have strong relationships with law enforcement. This opens a big opportunity for criminals looking for a way to evade the law.
All of this makes cyberlockers powerful breeding grounds for nefarious activity, especially as they increasingly shift their activity to the dark web. These internet file-hosting services can facilitate illegal transactions of all kinds — from the dissemination of copyrighted materials, all the way up to major crimes such as human trafficking. Some cyberlockers also host playbooks that explain other different ways to access different types of illegal materials through other cyberlocker users or on the dark web.
Cyberlocker hosts can easily operate with high levels of anonymity, and are often highly sophisticated criminals, making elimination of these dangerous filesharing services difficult. Companies that facilitate transactions for illicit cyberlocker subscriptions face dire damage and critical risk. Without exploring advanced technological solutions, financial institutions and payment organizations expose themselves to a wide range of potential problems, such as brand-reputation damage and even legal exposure – as well as vulnerabilities they may not even know exist, but could be caught as a result of.
An Urgent Risk Problem
Criminals utilize cyberlockers so frequently because they are extremely difficult to detect and crack down on, and so easily operated anonymously from anywhere in the world.
There are several different categories of illegal activity with cyberlockers, says Lauren Keeney, account manager and consultant at EverC.
“The first is IP rights infringement and piracy – the hosting of movies, TV shows, music, software, audio books, live sports streaming,” she begins. “The second big bucket is child-exploitation materials. Unfortunately, there is a huge, worldwide market for videos and photos, that's only getting worse every day. They originate out of high-risk geographies, and there's a huge prominent market for this on cyberlockers today. And unfortunately it's getting worse. The same case goes with extreme adult content — video uploads of things such as kidnappings, violent sexual activity, and bestiality.”
She adds there is also a lot of cyberlocker activity around illegal drugs and pharmaceuticals as well as terrorist financing, illegal arms trafficking financing, and even human trafficking financing. “Unfortunately,” says Keeney, “we see it all.”
The Prolific Risk of Cyberlockers
Access to these illegal materials comes with a fee for users, of course. Cyberlocker administrators charge for access to their information or materials, sometimes with one-off transactions or monthly subscription fees.
But these transactions are not easily detected. “These are very, very sophisticated fraudster and criminal networks that understand how to circumvent financial institution controls, register quickly and swiftly under new identities, and basically continue business as normal,” says Keeney.
Most cyberlockers do not accept payments on their direct site — in many cases, payments flow via transaction laundering, where a merchant will register with a cyberlocker website, but there will not be an ability to pay anywhere. Instead, payments take place through vast networks of subscription sites. Essentially, the merchant has provided a payment-free website that creates a direct link into financial institutions and payment platforms. “The act of accepting payments on a non-disclosed website puts the merchant service provider at risk, because it's a case where payments were found to be taking place elsewhere,” she says.
Keeney says because cyberlocker activity is so discreet, it's difficult for financial institutions and payment providers to stop their unintentional involvement in transactions on these platforms — or, often, even know this activity is happening. Among the reasons why is because although cyberlockers are supposed to register under a cyberlocker merchant category code (MCC), many don't. “Often, they register under very generic merchant category codes, and basically operate in an undisclosed fashion under the radar,” she adds.
“By allowing cyberlockers or cyberlocker subscriptions to provide orders to collect money on behalf of this type of activity, merchant service providers — or anyone who happens to be involved in the payment chain — is essentially putting themselves at risk in a few different areas, including legal and regulatory risk,” continues Keeney.
Beyond this, cyberlockers open financial institutions and payment providers to: card-scheme risk, AML risk, CTF risk, fraud risk, and brand-reputation risk.
Eliminating Cyberlocker Activity
Even for financial institutions and payment providers that are aware that their technology may be involved in illegal cyberlocker activity, existing methods of prevention may not be enough — especially because these tactics are often reactive, and can't outpace sophisticated criminals.
“We sometimes see financial institutions who are terminating these accounts and then having them reappear even days later under a different identity,” says Keeney. “So, criminals have really developed an entire network of operating that allows them to not be interrupted, to continuously host materials and accept payments for them behind the scenes. Importantly, she adds, they always have ways of educating and redirecting their users in the event that material that has been posted has been taken down.
However, novel, next-generation technology can help financial institutions and payment providers identify and stay ahead of their unwilling involvement in illicit cyberlocker activity. Investing in technology such as a continuously scanning solution with AI or machine learning to detect and investigate cyberlockers and resellers of cyberlocker subscriptions can significantly lower critical risk. Advanced tools can help identify repeat offenders, mitigate “hit and run” behavior, and terminate cyberlockers from merchant portfolios quickly. The right technology helps financial institutions understand how criminals evade detection, which ultimately better positions companies to prevent involvement in future high-risk activity.
Keeney adds, “This is a global problem, and It's important to remember that just because this happens behind the scenes, doesn't mean that we don't need to continue to address it head on.”
Companies interested in evaluating their strategy for eliminating the critical risk of cyberlockers can speak with EverC to find the right tools and expertise to guide them in staying in compliance and eliminating critical risk in their merchant portfolios.