Investigation reveals how a Chinese organized crime faction runs a network of sites online bets and hides them through shell companies that sponsored different elite football teams, including the Argentine Football Association (AFA), as well as the Premier League and the French Football League. It is about “Yabo Sports”a company that signed contracts with the National Team, Manchester United, PSG and other football giants.
In a report presented by the cybersecurity company Infoblox at Black Hat USA 2024, one of the most important hacker conferences in the world, two researchers detailed how operations are hidden through a series of technologies designed so that these sites only are visible to a specific profile of the ideal victim and do not attract attention in other markets. Infoblox named the group that carries out these operations “Vigorish Viper”.
“The company is linked to an illegal gambling economy of 1.7 billion dollarswith connections to money laundering and even human trafficking in Asia. “These organized crime groups are at the center of modern slavery in China and Southeast Asia, with gambling and investment scams its most profitable industries, made possible by human trafficking and a pyramid of agents, many of them hired,” the researchers write in the report.
“Furthermore, the tactic of sponsoring European football teams to promote their brands, including many of the British Premier Leaguecreated a significant controversy in Europe and led to sanctions in April 2023 by the UK Gambling Commission,” they added.
The Argentine Football Association signed a contract in 2018: “The Argentine Football Association presents a new Regional Sponsor, the signature Yabo Sportsan Asian online information site,” the AFA official site published on June 4, 2018. A year later, Manchester United signed a deal worth $3.6 million per year. Bayern Munich, Hertha BSC (Germany), PSG and Monaco (France) also signed contracts.
Clarion AFA was contacted, which clarified that the agreement is no longer in force. “Expired in 2019”they assured from the local soccer entity.
How the connection was discovered
Infoblox detected the connection between Yabo Sports and organized crime from what is known as DNS “Detection and Response”. A DNS is a domain name system so that devices connected to the Internet can communicate: for example, “clarin.com” is a DNS that points to an IP, a numerical address, which is where the newspaper’s website is hosted. .
“Infoblox provides DNS detection and response, which is basically protecting users from threats at the DNS layer. By blocking these malicious domains and IP addresses before a connection is established, You can mitigate a large amount of malware (viruses), phishing, ransomware, etc.”, Reneé Burton, vice president of Threat Intelligence at Infoblox, explained to this medium.
“Let’s take an example: when a user visits a website or clicks on a link, they probably think they are clicking on a legitimate one. But it may happen that, behind, there are other connected domains ready to infect to the user or take them to a phishing site. Infoblox works on that layer, avoiding those connections before they reach the user,” he adds.
Infoblox claims that this supply chain was controlled by a single actor it calls Vigorish Viper and the report reveals an entire supply chain of cybercriminals with links to Chinese organized crime, illegal online gambling, money laundering and human trafficking. “We have a high degree of confidence that Vigorish Viper is Yabo Sports: Yabo is connected to Vigorish Viper, precisely, through name servers, DNS, domain names, trademarks and the underlying software code”says Burton.
Under this umbrella, the specialist explains that through the investigation they were able to “connect the dots between various journalistic investigations, financial reports and activity of human rights organizations, which included DNS connections used by organized crime”. As he explains, “this illuminates the fact that they are not isolated actors but connected through the same criminal provider.”
The topic has been in the media for years, but it was in August, with the presentation of the report, that we began to better understand how this scheme operates on a technical level. In 2021, The Athletic (sports media owned by the New York Times) published an investigation into these illegal gambling sites on Premier League jerseys. This same year, in France, various media reported links between cybercrime and Yabo, based on the signing of commercial agreements with teams of the stature of PSG and Monaco.
Illegal activities of organized crime
The company’s report, which was one of the most commented on in this edition of Black Hat, details the illegal activities to which Yabo is linked. “Victims of human trafficking in forced labor camps linked to Yabo on the Cambodia-Laos border should ‘provide personal’ to gambling operations and carry out so-called scams pig butchering”.
“Pig butchering” is a type of online scam where victims are lured by building trust (social media, dating apps, etc.) and then tricked into investing in “investment opportunities”. The name is an analogy to “fattening up” a victim with promises of quick profits.
“The victims, mostly Chinese, provide customer service on the websites of Yabo and other gambling brands,” the report adds.
The United Nations Office on Drugs and Crime (UNODC) assured, in relation to these cases, that “the organized crime groups that direct many of these (online casino) operations did so with increasing sophistication, through the use of data mining and processing, blockchain technology and, increasingly, generative artificial intelligence.”
The entire Infoblox report aims to expose that the infrastructure of this hacker group, Vigorish Viper, is representative of this type of practices.
Yabo Sports supposedly closed in 2022, although according to the report it was converted to other brands such as Kaiyun Sportswhose logo was seen on teams such as Aston Villa and Crystal Palace in England.
The names of the companies change, as do their websites, but the way they operate, ultimately, follows certain parameters: mask online betting sites, sign contracts with highly reputable teams to wash the image and leverage the fever of online betting sites that are increasingly promoted by football around the world.