The role of phone numbers in understanding cyber-crime

Costin, Andrei; Isacenkova, Jelena; Balduzzi, Marco; Francillon, Aurélien; Balzarotti, Davide
Research Report RR-13-277

Internet and telephones are part of everyone'smodern life. Unfortunately, also several criminal activities rely on these technologies to reach their victims. While the use and importance of the network has been largely studied, previous work overlooked the role that phone numbers can play into understanding online threats. In this work we aim at determining if leveraging phone numbers analysis can improve our understanding of the underground markets, illegal computer activities, or cyber-crime in general. This knowledge could then be
adopted by several defensive mechanisms, including blacklists or advanced spam heuristics. In our study we collected phone numbers from various public or private sources and we designed a framework for mining, analyzing, enriching and, finally, correlating phone numbers to malicious activities. Our results show that, in scam activities, phones numbers remain often
more stable over time than email addresses. Finally, using a combination of graph analysis and geographicalHLR lookup, we were able to identify recurrent cyber-criminal business models and to link together scam communities that spread over different countries.

Sécurité numérique
Eurecom Ref:
© EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in Research Report RR-13-277 and is available at :