Report on the Funnull Cybercrime Network and its Implications for Sustainable Development Goals

Executive Summary

An investigation by cybersecurity firm Silent Push has uncovered a vast cybercrime organization, Funnull, responsible for extensive financial scams and significant economic damage. This report details the network’s operations, the international response, and the profound challenges this form of organized crime poses to the achievement of key Sustainable Development Goals (SDGs), particularly SDG 8 (Decent Work and Economic Growth), SDG 16 (Peace, Justice and Strong Institutions), and SDG 17 (Partnerships for the Goals).

I. The Economic Impact of Cybercrime on SDG 8: Decent Work and Economic Growth

The activities of the Funnull network represent a direct threat to economic stability and growth, undermining the core principles of SDG 8. The organization’s large-scale siphoning of capital from national economies constitutes a significant impediment to sustainable economic development.

A. Discovery and Scale of Operations

• Initial investigations by Silent Push, a cybersecurity takedown firm, began in 2021 following an attempt to spoof a US financial services company’s trading application.
• The investigation revealed a massive criminal infrastructure, identified as Funnull, a Philippines-based entity providing the backbone for hundreds of financial scams.
• At its peak, the network was found to be operating approximately 1.4 million live hosting sites simultaneously.

B. Quantifiable Economic Damage

• The U.S. Treasury Department reported that Funnull-hosted websites resulted in over $200 million in losses for U.S. victims alone.
• The average loss per individual was a substantial $150,000, illustrating the devastating impact on personal financial security and contributing to economic inequality, a challenge addressed by SDG 10.
• Silent Push CEO Ken Bagnall describes this activity as an “unseen hole in the bucket of your GDP,” highlighting its nature as a large-scale drain on national economies rather than a series of isolated incidents.

II. Institutional Response and Multi-Stakeholder Partnerships (SDG 16 & SDG 17)

The effort to dismantle the Funnull network exemplifies the importance of strong institutions and global partnerships, which are central to SDG 16 and SDG 17. The collaboration between the private sector, international organizations, and government bodies is crucial for combating illicit financial flows.

A. Actions by National and International Bodies (SDG 16)

In a demonstration of institutional resolve to combat illicit financial flows, U.S. authorities have taken decisive action:

1. The U.S. Treasury sanctioned Funnull and its administrator, Liu Lizhi, in May.
2. The Federal Bureau of Investigation (FBI) issued a public alert, identifying 548 unique Funnull CNAMEs linked to over 332,000 domains, disrupting the criminal infrastructure.

B. Collaborative Efforts for Global Security (SDG 17)

The fight against such sophisticated cybercrime necessitates multi-stakeholder partnerships, as promoted by SDG 17. The Cyber Crime Atlas project is a prime example of this collaborative model.

• Lead Organization: World Economic Forum
• Private Sector Partner: Silent Push provides its platform, data, and analysts to map relationships between criminal syndicates.
• Objective: To create a comprehensive map of the cybercrime ecosystem to enable more effective disruption by international law enforcement agencies.

III. Systemic Challenges to Justice and Global Security (SDG 16)

Despite successful interventions, significant challenges remain in the pursuit of justice and the establishment of peaceful and inclusive societies. These challenges hinder the full realization of SDG 16 by exposing weaknesses in global governance and the rule of law.

A. The “Cat-and-Mouse” Dynamic

The process of threat intelligence and takedowns is a continuous struggle. Ken Bagnall notes that as security firms and law enforcement expose criminal infrastructure, the groups adapt their methods. This constant adjustment by criminal organizations complicates long-term monitoring and disruption efforts.

B. State-Sanctioned Cybercrime as a Barrier to Justice

A major obstacle is the operation of cybercrime syndicates with the tacit or explicit approval of certain nation-states. Bagnall equates this modern phenomenon to historical “privateering,” where governments unofficially sanction criminal acts that benefit the home country’s economy without directly affecting its citizens.

• This practice undermines international law and cooperation.
• It creates safe havens for criminal organizations, making prosecution and asset seizure exceedingly difficult.
• This form of state-condoned activity directly contravenes the spirit of SDG 16, which calls for effective, accountable, and transparent institutions at all levels.

Conclusion

The case of the Funnull network underscores that large-scale cybercrime is not merely a technological problem but a critical issue of national and global economic security. Addressing this threat is imperative for making progress on the Sustainable Development Goals. It requires a unified approach, strengthening national-level responses and fostering robust international partnerships (SDG 17) to protect economies (SDG 8) and uphold justice and the rule of law (SDG 16) on a global scale.

1. SDGs Addressed or Connected to the Issues Highlighted in the Article

• SDG 8: Decent Work and Economic Growth
• SDG 16: Peace, Justice and Strong Institutions
• SDG 17: Partnerships for the Goals

2. Specific Targets Under Those SDGs

1. SDG 16: Peace, Justice and Strong Institutions

   • Target 16.4: By 2030, significantly reduce illicit financial and arms flows, strengthen the recovery and return of stolen assets and combat all forms of organized crime.
     
     The article focuses on combating a “huge crime organization” (Funnull) involved in financial scams and “money laundering.” The efforts of Silent Push, the FBI, and the US Treasury to track, sanction, and take down these operations directly address the goal of combating organized crime and reducing illicit financial flows, which the article quantifies as costing “US victims alone more than $200 million in losses.”
   • Target 16.5: Substantially reduce corruption and bribery in all their forms.
     
     The article implies a form of state-level corruption or willful negligence by mentioning that scam operators based in certain countries “operate with those governments’ tacit approval, if not outright support.” The CEO equates this to “privateering,” where governments give a “subtle nod” to crimes that bring money into the home country, which undermines the rule of law.
   • Target 16.a: Strengthen relevant national institutions… to build capacity at all levels… to prevent violence and combat terrorism and crime.
     
     The collaboration between Silent Push and “international law enforcement agencies” like the FBI, along with the US Treasury’s sanctions, demonstrates an effort to strengthen institutional capacity to combat large-scale cybercrime. The article notes that crime must be “dealt with on a national level” to be effective.

2. SDG 8: Decent Work and Economic Growth

   • Target 8.1: Sustain per capita economic growth in accordance with national circumstances…
     
     The article highlights how large-scale cybercrime negatively impacts national economies. It is described as an “unseen hole in the bucket of your GDP” and a “large-scale siphoning of cash out of your economy.” Combating this crime is presented as essential for protecting economic stability and growth.

3. SDG 17: Partnerships for the Goals

   • Target 17.16: Enhance the global partnership for sustainable development, complemented by multi-stakeholder partnerships that mobilize and share knowledge, expertise, technology and financial resources…
     
     The entire initiative described is a multi-stakeholder partnership. Silent Push, a private cybersecurity firm, collaborates with public entities (FBI, US Treasury) and international organizations (World Economic Forum) to share data, knowledge, and technology to fight a global problem.
   • Target 17.17: Encourage and promote effective public, public-private and civil society partnerships…
     
     The article explicitly mentions the World Economic Forum’s “Cyber Crime Atlas project,” where Silent Push provides members “free access to its platform, data, and analysts.” This is a direct example of a public-private partnership designed to “map out relationships between criminal groups and ultimately use this knowledge to break up the entire ecosystem.”

3. Indicators Mentioned or Implied in the Article

1. For Target 16.4 (Reduce illicit financial flows and combat organized crime)

   • Indicator (Implied): Total value of illicit financial flows.
     
     The article provides specific monetary values that can be used as indicators of the scale of the problem, such as “$200 million in losses” for US victims and the statement that cybercrime “bilks world economies out of billions of dollars.”
   • Indicator (Implied): Number of criminal domains/operations identified and disrupted.
     
     The article mentions the identification of “1.4 million live hosting sites,” and the FBI alert lists “hundreds of thousands of domains linked to Funnull’s infrastructure.” The sanctioning of Funnull is a specific instance of disruption that can be counted.

2. For Target 8.1 (Sustain economic growth)

   • Indicator (Implied): Economic loss as a percentage of GDP.
     
     The article describes cybercrime as an “unseen hole in the bucket of your GDP” and a “siphoning of cash out of your economy.” This implies that measuring the financial drain caused by these crimes is a key metric for understanding their economic impact.

3. For Target 17.17 (Promote partnerships)

   • Indicator (Implied): Number and nature of public-private partnerships formed to address a specific global issue.
     
     The “Cyber Crime Atlas project” involving the World Economic Forum and Silent Push is a concrete example of such a partnership, which can be counted and described as an indicator of progress.

4. Table of SDGs, Targets, and Indicators

Source: theregister.com