HackMD - Collaborative Markdown Knowledge Base

## Response To Reviewer C ### IRB Issues We acknowledge what you concern about our IRB issues, and we will provide more detailed ethics discussion according to Menlo Report about our payment analysis. Besides, we will report your valuable comments to our institution's IRB board, and try to work out better guidelines that satisfy the general ethics issues of cyber-security together with our colleagues. ### Proxy and Backend Server Thank you for pointing out our incorrect usage of the term *Proxy*, and we'd like to replace the term *Proxy* with *Distributor* to reduce ambiguity in our revised version. To avoid being taken down, scammers use distributors to dynamically deliver domains of backend servers. Different from distributors, backend servers provide core gambling services, such as account management, betting and drawing. According to our observation, a gambling scam app commonly communicates a distributor immediately after initialization, and the payload between the distributor and the client is quite small. After the app loads the address of the backend server, it launches diverse gambling functions with much higher traffic volume. Utilizing this observation, we differentiate distributors and backend servers with their activation order and network traffic volume. We'd like to add these details to our revised version. ### More Apps Details Thank you for your valuable advice and we will provide more details including the following certifificate thumbprints in the revised version. | Issuer | SHA-1 | Number | | --- | --- | --- | | yibo | 713e483e2023d79fa49e2ef72106796e5482e5d6 | 482 | | Digital Haven (Beijing) Network Technology Co., Ltd | baad093a82829fb432a7b28cb4ccf0e9f37dae58| 137 | | test | ec544b1220066a8d20a752ff917a8a67379fcaf6 | 73 | | a | 1029e04097cbc2f152dee7d6b8d3d70339afdc1c | 31 | | Beijing Hurricane mobile Co.,Ltd | 78be780e089d25f76e263ce6db0c29599fd86066 | 18 | ### Upper Bound Thank you for your suggestion. In the revised version, we will include a clear and detailed description of the information on the payment pages. Also, we will refer to the "Tracking Ransomware End-to-End" paper to report more precise measurement results. ### Enterprise Certificate Utilizing the search engines, we managed to collect contact information of some owners of these enterprise certificates. We sent them emails, and are still waiting for their responses. We will report in the revised version if they response. In addition, we had already reported these abused enterprise certificates to Apple.