CMU Research Team Analyzes Internet 'Miscreants'

A  team lead by Carnegie Mellon computer science researchers has developed computer tools capable of following the operations of electronic black markets for viruses, stolen data, and attack services.

Adrian Perrig, a CMU associate professor of electrical and computer engineering and public policy has led a team that developed the automated techniques to measure activities of spammers, virus writers, and identity thieves. In addition to Perrig, the team included Jason Franklin, a Ph.D. student in computer science, Vern Paxon of the International Computer Science Institute, and Stefan Savage of the University of California, San Diego.

The researchers estimated that more than $37 million in software tools for malicious programming were available for sale during their seven-month study period. During that time, more than 80,000 potential credit card numbers were available through "illicit underground Web economies," Franklin told the CMU press office.

The researchers found that buyers of malicious software tools and services would normally contact black market vendors using e-mail or instant messaging. Money generally changed hands through non-bank payment services such as e-gold, making the criminals difficult to track.

"These troublesome entrepreneurs even offer tech support and free updates for their malicious creations that run the gamut from denial of service attacks designed to overwhelm Web sites and servers to data stealing Trojan viruses," said Perrig.

The  researchers proposed approaches to thwart black marketers, including slander attacks designed to undercut a vendor's reputation in the black market. "Just like you need to verify that individuals are honest on eBay, online criminals need to verify that they are dealing with 'honest' criminals," Franklin said.

In a slander attack, an attacker discounts the verified status of a buyer or seller through false defamation. "By eliminating the verified status of the honest individuals, an attacker establishes a 'lemon' market where buyers are unable to distinguish the quality of the goods or services," Franklin said.

Perrig's team also developed a technique to establish fake verified-status identities that are difficult to distinguish from other verified-status sellers, which makes it  hard for buyers to identify honest verified-status sellers from dishonest verified-status sellers.

"So, when the unwary buyer tries to collect the goods and services promised, the seller fails to provide the goods and services. Such behavior is known as 'ripping.' And it is the goal of all black market site's verification systems to minimize such behavior," said Franklin.

"We believe these black markets are growing, so we will have even more incidents to monitor and study in the future," Perrig said.

Read More:

About the Author

Paul McCloskey is contributing editor of Syllabus.

Featured

  • MathGPT

    MathGPT AI Tutor Now Out of Beta

    Ed tech provider GotIt! Education has announced the general availability of MathGPT, an AI tutor and teaching assistant for foundational math support.

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • white desk with an open digital tablet showing AI-related icons like gears and neural networks

    Elon University and AAC&U Release Student Guide to AI

    A new publication from Elon University 's Imagining the Digital Future Center and the American Association of Colleges and Universities offers students key principles for navigating college in the age of artificial intelligence.

  • abstract technology icons connected by lines and dots

    Digital Layers and Human Ties: Navigating the CIO's Dilemma in Higher Education

    As technology permeates every aspect of life on campus, efficiency and convenience may come at the cost of human connection and professional identity.