SlideShare a Scribd company logo

2011.04 How to Isotope Tag a Ghost

Allison Miller
Allison Miller

This document discusses various methods for measuring criminal and illicit activities that cannot be directly observed, such as fraud, cash movement, and cybercrimes. It provides examples of direct measurement techniques including surveys and samples, as well as indirect methods like accounting gaps and system statistics. Specific measurement approaches are examined for crimes like fraud, cash usage, and cybercrimes including spam, botnets, and malware. The document advocates testing simple metrics and aggregating existing data to better estimate underground and illicit activities.

Technology
1 of 40
Download to read offline
How to Isotope- Tag a Ghost Allison Miller Thursday, April 28, 2011
Thursday, April 28, 2011
we don't talk about what we see; we see only what we can talk about Donella Meadows Thinking in Systems: A Primer Thursday, April 28, 2011
threat trees p(x) p(y) p(z) Thursday, April 28, 2011
Start Escalation Impact Breach Thursday, April 28, 2011
The Jungle-Gym Effect Thursday, April 28, 2011
The Porous Attack Surface Thursday, April 28, 2011
Enter the Ghosts Thursday, April 28, 2011
an example: Fraud Thursday, April 28, 2011
F r a u d Thursday, April 28, 2011
Haunted by an old problem How do we measure things we can’t observe directly? Thursday, April 28, 2011
Like what? Fraud/Crime Movement of cash Underground economy Thursday, April 28, 2011
Direct methods Samples/Surveys Intrusive observation Passive observation Indirect methods Gap accounting Impact indicators Qualitative modeling Thursday, April 28, 2011
Crime Thursday, April 28, 2011
NCVS is the Nation's primary source of information on criminal victimization. Sample of 76,000 households & ~135,300 persons Frequency, characteristics and consequences (crimes in the US) The survey enables BJS to estimate the likelihood of victimization via categories of violent & property crimes for the population as a whole Population segments: gender, age, ethnicity, geography http://bjs.ojp.usdoj.gov/index.cfm?ty=dcdetail&iid=245 Thursday, April 28, 2011
Thursday, April 28, 2011
0 50 100 150 200 1999 2000 2001 2002 2003 2004 2005 2007 2008 Total property crime Burglary Theft Motor vehicle theft Figure 2. Property crime rates overall fell by 32% from 1999 to 2008 Thursday, April 28, 2011
Financial Crimes Report to the Public: 2009 | 2008 | 2007 | 2006 | 2005 Financial Institution Fraud and Failure Reports: 2006-2007 | 2005 | 2004 | 2003 (pdf) | 2002 (pdf) | 2000-2001 (pdf) Insurance Fraud: Program Overview and Consumer Information Mass Marketing Fraud: A Threat Assessment, June 2010 Mass Marketing Fraud: Awareness and Prevention Tips Mortgage Fraud Reports: 2009 | 2008 | 2007 | 2006 National Money Laundering Strategy (pdf) Securities Fraud: Awareness and Prevention Tips http://www.fbi.gov/stats-services/publications Thursday, April 28, 2011
2010 Internet Crime Report www.ic3.gov Partnership between NW3C/BJA and the FBI Thursday, April 28, 2011
Cybercrime against Businesses, 2005 7,818 businesses in 2005 Data on: Monetary loss and system downtime Types of offenders, types of systems affected, vulnerabilities, whether incidents were reported to LE Highlights: 3,247 businesses incurred loss totaling $867M Majority of attacks went unreported to LE http://bjs.ojp.usdoj.gov/index.cfm?ty=pbdetail&iid=769 Thursday, April 28, 2011
Cash Thursday, April 28, 2011
Cash movement Velocity of money V=Nominal GDP/ Money Supply Thursday, April 28, 2011
http://research.stlouisfed.org/fred2/categories/32242 Thursday, April 28, 2011
Where’s George? http://www.wheresgeorge.com/ Thursday, April 28, 2011
Shadow Thursday, April 28, 2011
Method Approach Direct methods Surveys Audits Indirect methods Via national accounting Gap between production & expenditure Via national accounting Gap between official & actual laborVia national accounting Gap between official & actual income Monetary statistics Velocity of M1 (cash/currency) Monetary statistics Velocity of major bills Monetary statistics Transactions approach Monetary statistics Currency demand Physical input consumption Electricity consumption Soft modeling Cause/effect (DYMIMIC) The Shadow Economy: An International Study. Cambridge Press. Schneider & Enste (2002) Thursday, April 28, 2011
Changes over time 0 7.5 15 22.5 30 Belgium Sweden Ireland France Netherlands Germany GB USA Size of shadow economy as a % of official GNP (cash approach) Data Source: Schneider & Enste (1998) 1970 1980 1994 1995 1996 1997 Thursday, April 28, 2011
Comparing results 0 7.5 15 22.5 30 Belgium Sweden Ireland France Netherlands Germany GB USA Size of the shadow economy as % of official GNP Cash approach (Johnson 1990/93) Cash approach (Schneider 1989/90) Cash approach (Schneider 1990/93) Electricity Consumption (1989/90) Data Source: Schneider & Enste (1998) Thursday, April 28, 2011
Method Example Direct methods Samples/Surveys Crime surveys Intrusive observation Tax Audits Passive observation Bill tracking Indirect methods Gap accounting Income vs expenditure System statistics Velocity of money Impact indicators Energy consumption Qualitative modeling DYMIMIC Thursday, April 28, 2011
Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
Spam & Phishing Botnets Virus & Malware Transactional High-volume Feedback loop Centralized collection Widely distributed Thursday, April 28, 2011
Spam & Phishing Email ISPs & spam detection Content segmentation Metrics on origin, target, intermediaries Cyclicality, event correlation Botnets Virus & Malware Thursday, April 28, 2011
Spam & Phishing Majority of email is “bad” (~90% Q1‘2010) Malware taking share from spam Crafted attacks as well as blitzes Most campaigns are short (<24 hours) Botnets Virus & Malware Thursday, April 28, 2011
AV vendors Software, devices environments targeted Mechanism of infection Payload/impact Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
Custom malware Social networks: Infection mechanism & targets Drive-bys Mobile & POS devices Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
ISPs, independent researchers Mechanisms of communication, control Profiling & tracking (network, victims, targets) Feature analysis Performance (attack metrics) Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
Packet, Flow, Log (app, A/V, spam) analysis Machine learning algorithms for IRC-based C&C botnet traffic (Strayer et al) Clustering analysis for P2P botnet detection (Zeidanloo et al) DNS analysis & monitoring Changes in DNS traffic patterns (volume, errors) Sinkholing (domain name takeovers) IRC & P2P infiltration Honeypots Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
useful. Spam & Phishing Botnets Virus & Malware Google Postini Services Spam Trend & Analysis (July 2010, >3B email connections/day) McAfee Quarterly Threats Report, (>20M new malware samples in 2010) Symantec State of Spam & Phishing, 300M email addresses Trustwave Global Security Report 2011 (15 billion emails from 2006-10, 220 breach investigations) ENISA: Botnets: Measurement, Detection, Disinfection and Defence Thursday, April 28, 2011
Method Example Direct methods Samples/Surveys Spam & Phishing, Virus & Malware Intrusive observation Sinkholing, Audits Passive observation Honeypots, Flow analysis Indirect methods Gap accounting “Cuckoo’s Egg” System statistics Impact indicators Breach investigations Qualitative modeling Thursday, April 28, 2011
More opportunities for data aggregation System accounting Test simple metrics, data sets in experimental models For existing data-sets: Opportunities to move from transactional to flow- based Questions? Allison Miller @selenakyle Thursday, April 28, 2011

Recommended

Boomtime: Risk as Economics (Allison Miller, SiRAcon15)
Boomtime: Risk as Economics (Allison Miller, SiRAcon15)Boomtime: Risk as Economics (Allison Miller, SiRAcon15)
Boomtime: Risk as Economics (Allison Miller, SiRAcon15)Allison Miller
 
2013.10 Operating * by the Numbers
2013.10 Operating * by the Numbers2013.10 Operating * by the Numbers
2013.10 Operating * by the NumbersAllison Miller
 
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...Allison Miller
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
Know Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach ReportKnow Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach Reportbmonday
 
10 Things I've Learned About Data Journalism
10 Things I've Learned About Data Journalism10 Things I've Learned About Data Journalism
10 Things I've Learned About Data JournalismPaul Bradshaw
 
Anna tomkowicz listening - 2011
Anna tomkowicz listening - 2011Anna tomkowicz listening - 2011
Anna tomkowicz listening - 2011Ray Poynter
 
Data Breach Review - Takeaways for the Business Infographic
Data Breach Review - Takeaways for the Business InfographicData Breach Review - Takeaways for the Business Infographic
Data Breach Review - Takeaways for the Business InfographicIsis Holdings
 

Recommended

Boomtime: Risk as Economics (Allison Miller, SiRAcon15)
Boomtime: Risk as Economics (Allison Miller, SiRAcon15)Boomtime: Risk as Economics (Allison Miller, SiRAcon15)
Boomtime: Risk as Economics (Allison Miller, SiRAcon15)Allison Miller
 
2013.10 Operating * by the Numbers
2013.10 Operating * by the Numbers2013.10 Operating * by the Numbers
2013.10 Operating * by the NumbersAllison Miller
 
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...
2012.09 A Million Mousetraps: Using Big Data and Little Loops to Build Better...Allison Miller
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
Know Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach ReportKnow Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach Reportbmonday
 
10 Things I've Learned About Data Journalism
10 Things I've Learned About Data Journalism10 Things I've Learned About Data Journalism
10 Things I've Learned About Data JournalismPaul Bradshaw
 
Anna tomkowicz listening - 2011
Anna tomkowicz listening - 2011Anna tomkowicz listening - 2011
Anna tomkowicz listening - 2011Ray Poynter
 
Data Breach Review - Takeaways for the Business Infographic
Data Breach Review - Takeaways for the Business InfographicData Breach Review - Takeaways for the Business Infographic
Data Breach Review - Takeaways for the Business InfographicIsis Holdings
 
Something Wicked
Something WickedSomething Wicked
Something WickedAllison Miller
 
When Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsWhen Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsAllison Miller
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)Allison Miller
 
2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos Monkeys2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos MonkeysAllison Miller
 
2014.06 Defending Debit
2014.06 Defending Debit2014.06 Defending Debit
2014.06 Defending DebitAllison Miller
 
2014.04 Bit, Bit, Coin
2014.04 Bit, Bit, Coin2014.04 Bit, Bit, Coin
2014.04 Bit, Bit, CoinAllison Miller
 
2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & Disincentives2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & DisincentivesAllison Miller
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

More Related Content

More from Allison Miller

When Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsWhen Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsAllison Miller
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)Allison Miller
 
2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos Monkeys2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos MonkeysAllison Miller
 
2014.06 Defending Debit
2014.06 Defending Debit2014.06 Defending Debit
2014.06 Defending DebitAllison Miller
 
2014.04 Bit, Bit, Coin
2014.04 Bit, Bit, Coin2014.04 Bit, Bit, Coin
2014.04 Bit, Bit, CoinAllison Miller
 
2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & Disincentives2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & DisincentivesAllison Miller
 

More from Allison Miller (7)

Something Wicked
Something WickedSomething Wicked
Something Wicked
 
When Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-PilotsWhen Algorithms Are Our Co-Pilots
When Algorithms Are Our Co-Pilots
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
 
2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos Monkeys2013.05 Games We Play: Payoffs & Chaos Monkeys
2013.05 Games We Play: Payoffs & Chaos Monkeys
 
2014.06 Defending Debit
2014.06 Defending Debit2014.06 Defending Debit
2014.06 Defending Debit
 
2014.04 Bit, Bit, Coin
2014.04 Bit, Bit, Coin2014.04 Bit, Bit, Coin
2014.04 Bit, Bit, Coin
 
2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & Disincentives2012.12 Games We Play: Defenses & Disincentives
2012.12 Games We Play: Defenses & Disincentives
 

Recently uploaded

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

2011.04 How to Isotope Tag a Ghost

  • 1. How to Isotope- Tag a Ghost Allison Miller Thursday, April 28, 2011
  • 3. we don't talk about what we see; we see only what we can talk about Donella Meadows Thinking in Systems: A Primer Thursday, April 28, 2011
  • 7. The Porous Attack Surface Thursday, April 28, 2011
  • 8. Enter the Ghosts Thursday, April 28, 2011
  • 11. Haunted by an old problem How do we measure things we can’t observe directly? Thursday, April 28, 2011
  • 12. Like what? Fraud/Crime Movement of cash Underground economy Thursday, April 28, 2011
  • 13. Direct methods Samples/Surveys Intrusive observation Passive observation Indirect methods Gap accounting Impact indicators Qualitative modeling Thursday, April 28, 2011
  • 15. NCVS is the Nation's primary source of information on criminal victimization. Sample of 76,000 households & ~135,300 persons Frequency, characteristics and consequences (crimes in the US) The survey enables BJS to estimate the likelihood of victimization via categories of violent & property crimes for the population as a whole Population segments: gender, age, ethnicity, geography http://bjs.ojp.usdoj.gov/index.cfm?ty=dcdetail&iid=245 Thursday, April 28, 2011
  • 17. 0 50 100 150 200 1999 2000 2001 2002 2003 2004 2005 2007 2008 Total property crime Burglary Theft Motor vehicle theft Figure 2. Property crime rates overall fell by 32% from 1999 to 2008 Thursday, April 28, 2011
  • 18. Financial Crimes Report to the Public: 2009 | 2008 | 2007 | 2006 | 2005 Financial Institution Fraud and Failure Reports: 2006-2007 | 2005 | 2004 | 2003 (pdf) | 2002 (pdf) | 2000-2001 (pdf) Insurance Fraud: Program Overview and Consumer Information Mass Marketing Fraud: A Threat Assessment, June 2010 Mass Marketing Fraud: Awareness and Prevention Tips Mortgage Fraud Reports: 2009 | 2008 | 2007 | 2006 National Money Laundering Strategy (pdf) Securities Fraud: Awareness and Prevention Tips http://www.fbi.gov/stats-services/publications Thursday, April 28, 2011
  • 19. 2010 Internet Crime Report www.ic3.gov Partnership between NW3C/BJA and the FBI Thursday, April 28, 2011
  • 20. Cybercrime against Businesses, 2005 7,818 businesses in 2005 Data on: Monetary loss and system downtime Types of offenders, types of systems affected, vulnerabilities, whether incidents were reported to LE Highlights: 3,247 businesses incurred loss totaling $867M Majority of attacks went unreported to LE http://bjs.ojp.usdoj.gov/index.cfm?ty=pbdetail&iid=769 Thursday, April 28, 2011
  • 22. Cash movement Velocity of money V=Nominal GDP/ Money Supply Thursday, April 28, 2011
  • 26. Method Approach Direct methods Surveys Audits Indirect methods Via national accounting Gap between production & expenditure Via national accounting Gap between official & actual laborVia national accounting Gap between official & actual income Monetary statistics Velocity of M1 (cash/currency) Monetary statistics Velocity of major bills Monetary statistics Transactions approach Monetary statistics Currency demand Physical input consumption Electricity consumption Soft modeling Cause/effect (DYMIMIC) The Shadow Economy: An International Study. Cambridge Press. Schneider & Enste (2002) Thursday, April 28, 2011
  • 27. Changes over time 0 7.5 15 22.5 30 Belgium Sweden Ireland France Netherlands Germany GB USA Size of shadow economy as a % of official GNP (cash approach) Data Source: Schneider & Enste (1998) 1970 1980 1994 1995 1996 1997 Thursday, April 28, 2011
  • 28. Comparing results 0 7.5 15 22.5 30 Belgium Sweden Ireland France Netherlands Germany GB USA Size of the shadow economy as % of official GNP Cash approach (Johnson 1990/93) Cash approach (Schneider 1989/90) Cash approach (Schneider 1990/93) Electricity Consumption (1989/90) Data Source: Schneider & Enste (1998) Thursday, April 28, 2011
  • 29. Method Example Direct methods Samples/Surveys Crime surveys Intrusive observation Tax Audits Passive observation Bill tracking Indirect methods Gap accounting Income vs expenditure System statistics Velocity of money Impact indicators Energy consumption Qualitative modeling DYMIMIC Thursday, April 28, 2011
  • 30. Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
  • 31. Spam & Phishing Botnets Virus & Malware Transactional High-volume Feedback loop Centralized collection Widely distributed Thursday, April 28, 2011
  • 32. Spam & Phishing Email ISPs & spam detection Content segmentation Metrics on origin, target, intermediaries Cyclicality, event correlation Botnets Virus & Malware Thursday, April 28, 2011
  • 33. Spam & Phishing Majority of email is “bad” (~90% Q1‘2010) Malware taking share from spam Crafted attacks as well as blitzes Most campaigns are short (<24 hours) Botnets Virus & Malware Thursday, April 28, 2011
  • 34. AV vendors Software, devices environments targeted Mechanism of infection Payload/impact Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
  • 35. Custom malware Social networks: Infection mechanism & targets Drive-bys Mobile & POS devices Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
  • 36. ISPs, independent researchers Mechanisms of communication, control Profiling & tracking (network, victims, targets) Feature analysis Performance (attack metrics) Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
  • 37. Packet, Flow, Log (app, A/V, spam) analysis Machine learning algorithms for IRC-based C&C botnet traffic (Strayer et al) Clustering analysis for P2P botnet detection (Zeidanloo et al) DNS analysis & monitoring Changes in DNS traffic patterns (volume, errors) Sinkholing (domain name takeovers) IRC & P2P infiltration Honeypots Spam & Phishing Botnets Virus & Malware Thursday, April 28, 2011
  • 38. useful. Spam & Phishing Botnets Virus & Malware Google Postini Services Spam Trend & Analysis (July 2010, >3B email connections/day) McAfee Quarterly Threats Report, (>20M new malware samples in 2010) Symantec State of Spam & Phishing, 300M email addresses Trustwave Global Security Report 2011 (15 billion emails from 2006-10, 220 breach investigations) ENISA: Botnets: Measurement, Detection, Disinfection and Defence Thursday, April 28, 2011
  • 39. Method Example Direct methods Samples/Surveys Spam & Phishing, Virus & Malware Intrusive observation Sinkholing, Audits Passive observation Honeypots, Flow analysis Indirect methods Gap accounting “Cuckoo’s Egg” System statistics Impact indicators Breach investigations Qualitative modeling Thursday, April 28, 2011
  • 40. More opportunities for data aggregation System accounting Test simple metrics, data sets in experimental models For existing data-sets: Opportunities to move from transactional to flow- based Questions? Allison Miller @selenakyle Thursday, April 28, 2011