Big Tech & US Sanctions: A Mixed Response
Cybercriminal Infrastructure Provider Funnull Sanctioned for Facilitating Online Fraud
Table of Contents
The U.S.Treasury Department recently sanctioned Funnull,a company accused of providing critical infrastructure to cybercriminals,enabling large-scale online fraud and scams. The sanctions target Funnull’s role in supplying domain names,web design templates,and obfuscation services that allow malicious actors to operate with impunity. This action highlights the growing focus on disrupting the ecosystem that supports cybercrime, rather than solely targeting individual threat actors.
Funnull’s Role in the Cybercrime Ecosystem
Funnull, operating from China, provides a suite of services specifically tailored to the needs of cybercriminals. These services include:
Domain Name Generation: Utilizing Domain Generation Algorithms (DGAs), Funnull creates vast numbers of domain names, making it difficult to track and shut down malicious websites. This allows criminals to quickly switch domains when legitimate providers attempt to take down fraudulent sites.
Web Design Templates: The company sells pre-designed website templates specifically geared towards scamming and phishing operations, lowering the barrier to entry for less technically skilled criminals. IP Address Provisioning: Funnull provides IP addresses for websites, further concealing the origins of malicious activity.
Traffic Redirection: as demonstrated in a recent supply-chain attack,Funnull has been implicated in redirecting traffic from legitimate websites to malicious ones.
The polyfill.io Supply Chain Attack
In July 2024, Funnull acquired the domain polyfill[.]io, previously the home of a legitimate open-source project. This takeover enabled a significant supply-chain attack impacting approximately 384,000 websites. The malicious code injected into Polyfill redirected visitors to scam websites and online gambling sites, some of which are linked to Chinese criminal money laundering operations. This incident underscores the vulnerability of the open-source ecosystem and the potential for malicious actors to exploit trusted resources.
Connections to Chinese Criminal Activity and Facebook Operations
The Treasury Department’s inquiry revealed connections between Funnull and individuals involved in Chinese criminal enterprises. Notably, the sanctions mention Liu Lizhi, who operates numerous Facebook accounts and groups, including the “Enjoy Ganzhou” tourism page for Ganzhou, China – an entity already subject to OFAC sanctions.
Meta, responding to inquiries, confirmed it has closed the accounts and groups connected to Mr. Lizhi. This demonstrates a coordinated effort to dismantle the infrastructure supporting these operations across multiple platforms.
Adapting to Sanctions: A More Complex Infrastructure
Despite the sanctions, Funnull is actively adapting its operations. Security researcher Ben Edwards, who has been tracking Funnull’s activities, notes a significant increase in the number of DGAs used to hide and redirect traffic.
“Whereas before they might have used 60 DGA domains to hide and bounce their traffic, we’re seeing far more now,” Edwards stated. “They’re trying to make their infrastructure harder to track and more complex, so for now they’re not going away but more just changing what they’re doing. And a lot more organizations should be holding their feet to the fire.”
This shift suggests Funnull is attempting to become more resilient to disruption by increasing the complexity of its infrastructure,making it more challenging for law enforcement and security researchers to track and dismantle its operations.
Industry Response and Ongoing Efforts
The sanctions against Funnull represent a significant step in disrupting the cybercrime ecosystem. PayPal released a statement affirming its commitment to combating illicit activity on its platform, stating it “continually works to combat and prevent the illicit use of its services” and “proactively refer[s] cases to and assist[s] law enforcement officials around the world.”
However, the evolving tactics employed by Funnull highlight the need for continued vigilance and collaboration between governments, security researchers, and private sector companies to effectively combat online fraud and protect internet users. Holding infrastructure providers accountable for enabling criminal activity is crucial in stemming the tide of cybercrime.