Click here to receive your FREE subscription to Campus Technology
News
CMU Research Team Analyzes Internet 'Miscreants'
11/9/2007
A team lead by Carnegie Mellon computer science researchers has developed computer tools capable of following the operations of electronic black markets for viruses, stolen data, and attack services.Adrian Perrig, a CMU associate professor of electrical and computer engineering and public policy has led a team that developed the automated techniques to measure activities of spammers, virus writers, and identity thieves. In addition to Perrig, the team included Jason Franklin, a Ph.D. student in computer science, Vern Paxon of the International Computer Science Institute, and Stefan Savage of the University of California, San Diego.
The researchers estimated that more than $37 million in software tools for malicious programming were available for sale during their seven-month study period. During that time, more than 80,000 potential credit card numbers were available through "illicit underground Web economies," Franklin told the CMU press office.
The researchers found that buyers of malicious software tools and services would normally contact black market vendors using e-mail or instant messaging. Money generally changed hands through non-bank payment services such as e-gold, making the criminals difficult to track.
"These troublesome entrepreneurs even offer tech support and free updates for their malicious creations that run the gamut from denial of service attacks designed to overwhelm Web sites and servers to data stealing Trojan viruses," said Perrig.
The researchers proposed approaches to thwart black marketers, including slander attacks designed to undercut a vendor's reputation in the black market. "Just like you need to verify that individuals are honest on eBay, online criminals need to verify that they are dealing with 'honest' criminals," Franklin said.
In a slander attack, an attacker discounts the verified status of a buyer or seller through false defamation. "By eliminating the verified status of the honest individuals, an attacker establishes a 'lemon' market where buyers are unable to distinguish the quality of the goods or services," Franklin said.
Perrig's team also developed a technique to establish fake verified-status identities that are difficult to distinguish from other verified-status sellers, which makes it hard for buyers to identify honest verified-status sellers from dishonest verified-status sellers.
"So, when the unwary buyer tries to collect the goods and services promised, the seller fails to provide the goods and services. Such behavior is known as 'ripping.' And it is the goal of all black market site's verification systems to minimize such behavior," said Franklin.
"We believe these black markets are growing, so we will have even more incidents to monitor and study in the future," Perrig said.
Read More:
- Full Report: An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants (PDF)
Paul McCloskey is a contributing editor for the Campus Technology group of publications.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Sun, Stanford Working To Archive History
In May in San Francisco, experts from leading universities, libraries, and research institutions around the world met as part of an ongoing effort to address a pressing issue: archiving the world's history, right up to today.
- The Quilt Coalition Rolls Out XO Communications for High-Capacity Network Services
The Quilt, a coalition of 28 regional network organizations, has added XO Communications Services to its authorized vendor list. The Quilt represents 200 universities and thousands of other educational institutions across the United States. With this new relationship, Quilt members can purchase XO's high-speed IP transit and network transport services at competitive rates.
- Wimba Classroom 5.2 Expands Classroom Capture Support, Adds MP3 Downloads
At the NECC 2008 conference in Texas this week, Wimba launched a new version of Wimba Classroom, the virtual classroom component of the company's Collaboration Suite. The new 5.2 release expands options for classroom capture and adds a variety of other functional and ease of use features.
- Automation Chimera: Education Is Not Management
The lure of automating workflow online so human intervention is minimized is continually reinforced in the minds of higher education administrators by examples of automated campus systems such as financials, student information systems, and other enterprise systems. But what's good for management is not always good for learning.
- Cognos Releases BI Software for Linux-based IBM System z Mainframe
Cognos, which IBM acquired in January, has released an update to its business intelligence software that will run on the Linux operating system on IBM System z mainframes. IBM Cognos 8 BI was being developed by the two companies prior to the acquisition, but assimilation of Cognos into IBM accelerated development.
- Facebook and Collegiality: A Serendipitous Social Niche
Facebook is a way to greet a colleague as if she or he is on your own campus: a wave at a distance, a hello at the corner burrito place, a honk as you both leave the campus parking lot. Informal collegiality has been extended over the miles.
