Stefan Savage Cyber Cafe


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Mention coauthors
  • Stefan Savage Cyber Cafe

    1. 1.  Security is often seen as a technical problem There is a broader socio-economic view  Actors ▪ Adversaries ▪ Victims ▪ Defenders  Incentives/Costs  Capabilities Key hypothesis:  Relationships  These extrinsic factors will provide a more effective basis for designing security interventions 2
    2. 2.  Security is poised to become a big data field  But defenses/policies need good models; good models need to be informed by good data  Very poor ground truth data in security field today For validating hypotheses  e.g., monetary payments are a structural bottleneck in all advertising-based e-crime For deriving hypotheses  e.g., how important is trust establishment for online criminals? 3
    3. 3.  Today, the largest driver for threats is $$$ Goods Click Bank Spam FakeAV Fraud Cred TheftAdvertising Theft Banking Spamming Trojans botnets h PPI service Phishing kits Crypters Traffic Exploit kits sales SEO kits Markets VPNs BP hosting Infrastructure
    4. 4.  Today, the largest driver for threats is $$$  Scale allows commodity monetization Complex value chain relationships 5
    5. 5. Click Trajectory study ofspam “value chain”• Aug 1 -- Oct 31 2010• 7 URL/Spam feeds + 5 botnet feeds • 968M URLs • 17M domains• Crawled domains for 98% of URLs in • 1000s of Firefox instances • Large IP address diversity• Multiple purchases from all major programs• Identify bottlenecks in process
    6. 6. St. Kitts & Nevis AGBank• Low diversity DnB NORD • 3 banks covered 95% of spam • Fewer banks willing handle “high-risk” merchants• High switching cost • In-person account creation, due diligence, multi-day process • Upfront capital, holdback forfeiture 7
    7. 7.  Major initiative underway  Undercover purchases  Drive merchant takedown Appears highly successful“Right now most affiliate programs have a mass of declines, cancels and pendings, and it doesnt dependmuch on the program imho, there is a general sad picture, fucking Visa is burning us with napalm (forproblematic countries, its totally fucked, on a couple of programs youre lucky if you get 50% through).” 8
    8. 8.  Security interventions should be understood in their larger socio-economic context  Don’t just plug holes; figure out which holes matter and why Empiricism and fieldwork are necessary parts of the solution here  The lab setting is great, but its not a substitute for studying the real world 9