A day's work becomes a one-click task
Automated tool traces fake webshop networks
Bring lots of people with a passion for technology and computing together at an inspiring location, and exciting, innovative things are bound to happen. That's exactly how it was at the fourth Dutch Open Hackathon, held at the Dutch Innovation Factory in Zoetermeer on 26 and 27 May. Several prominent Dutch organisations challenged digital problem-solvers to come up with answers to everyday challenges over the course of a single weekend. Various specialist APIs and datasets were put at their disposal by leading companies and public bodies such as the police, KPN, Kadaster and PostNL. As co-organiser of the multi-day hackathon, we too made data available: the .nl zone file, which contains DNS information about all .nl domain names. In just tweny-four hours, twenty-three teams were able to build working prototype apps. The best eight groups were invited to present their ideas in the form of persuasive pitches. At the conclusion, a jury acclaimed the CrimeBusterBot team the winners with their malicious website identification tool.
Richard Garsthagen, who led the CrimeBusterBot team, was taking part for the first time. A week before the event, he got the idea for a tool capable of detecting untrustworthy websites and tracing the associated networks. He took the idea along to the Dutch Innovation Factory in Zoetermeer, where he put together a five-strong team to realise it.
The first step was research. The team needed some examples of hard-to-spot fake webshops. What distinguishes a fake webshop? And how can you 'validate' a website – in other words, check that it's trustworthy? The team also talked to experts from the police and SIDN about what those organisations already do and what happens if you report something illegal on line. "The reports are forwarded to a national centre. However, nothing is done unless several people make complaints about the same site. Of course, by then it's too late." The feedback confirmed the need for an automated tool for use by investigators. With plenty of programming skill in the team, the first CrimeBusterBot prototype was up and running in no time.
.nl zone file
Dankzij de .nl-zonefile van SIDN kan de CrimeBusterBot meerdere websites automatisch valideren. Richard: “Normaliter kun je 1 domeinnaam checken en moet je aangeven dat je geen robot bent. Dit is dus een kwestie van handwerk en kan niet automatisch gedaan worden. Doordat SIDN haar database heeft opengesteld tijdens de hackathon hebben we dit wel kunnen doen.”
Tracing whole networks
At the end of a single day, the team had developed a tool capable of not only identifying fake websites, but also revealing the networks they belong to. "The tool validates websites and establishes whether sites – particularly webshops – are trustworthy. Using information about the technology underpinning untrustworthy websites, the tool can even trace the fraudster behind them. A crook can give a different name every time they create site, but it wouldn't be feasible to use different technology every time," Richard continues.
So the tool is doubly useful, as the team's initial tests demonstrated. With its very first scan, the bot found 328 untrustforthy websites when a single domain name was entered. That striking achievement was emphasised by Richard during the pitch. "The tool automatically took a hundred screenshots of fake websites. The images were flashed across the screen one after the other during our pitch. That created a real 'wow' effect."
How can you recognise malicious websites?
"It's amazing how many fake websites there are. Interestingly, scammers often reuse cancelled domain names. For example, one of our test scans threw up a website using the name of a failed electronics company. The fake was exactly like the failed company's old site, except for the ordering system." It's often hard for consumers to spot that kind of thing. Nevertheless, there are ways to tell that a site can't be trusted, according to Richard. If shoes or clothes that usually cost 150euros are being offered for 25, something's probably not right. It also helps to check whether the connection is secure – if it is, there'll be a padlock icon in your browser's address bar. Other things to be wary of are a contact form with no valid address and an ordering procedure in a different language. Many of those things don't apply if you order via social media, though. It's easy to see why checking out a website is normally a time-consuming job. With the CrimeBusterBot, however, it's just a few clicks.
Having got involved purely out of interest, Richard and zijn team ended up winning the hackathon. "Our success was down to developing an idea around the available datasets, rather than working the other way around." Good advice for anyone considering taking part in next year's event or one of the many other hackathons.
A single weekend isn't long enough to create a market-ready product, but the team delivered a prototype with great potential. And Richard doesn't want to leave it at that. "What we've developed so far is a proof of concept. And we'd definitely like to take that concept further. However, probably not by following a conventional business model. After all, we aren't a startup enterprise; we're a group of people who met at a hackathon, and we've all got day jobs. But the challenge of trying to develop the tool on a voluntary basis definitely appeals." Meetings with the police and SIDN are therefore planned. And the future looks bright for the winners of the Dutch Open Hackathon 2018.
How does SIDN help to tackle fake webshops?
Fake webshops are harmful to .nl's reputation as a strong and secure top-level domain. We therefore work hard to stamp out this form of internet crime. As well as taking reports from the victims of scams, we receive information from the LMIO (National Internet Fraud Report Desk) and the Fraudehelpdesk. In response, we check the registration data of the domain names involved. If it turns out to be false, that's a breach of the registration conditions, so we are able to deactivate the relevant names. SIDN Labs is also building its own systems for the early detection of fake webshops in the .nl domain. The tools promise to further enhance our ability to maintain the strength of the .nl domain.