This document summarizes a talk about detecting and mitigating bad social media actors like spammers and scammers. The talk discusses manual intervention methods, deconstructing social criteria to classify users, applying research like longest common subsequence analysis to detect obfuscated spam text, and using multiple detection layers and asynchronous responses to keep up with evolving attackers. The talk emphasizes thinking outside the box and viewing abuse problems as an ongoing war rather than individual battles. It encourages having fun and contacting the speaker if any other questions arise.

1. Cats and Mice
Ever evolving attackers and other game changers
By: Eric Kmetz (aka vect0rx)

2. Who Am I
● I’m a software developer, researcher, security enthusiast
● I’ve been interested in hacker stuff since the early 90s
● DEFCON since 11. On/off security goon since DC 15.
● Contact:
○ Twitter: @vect0rx
○ email: ekmetz650@gmail.com

3. What My Talk is About
● This talk isn’t about host/network level security, CVEs, DDoS, etc.
● This talk is about “8th layer” (aka ‘user layer’) security, specifically social
● Prevention, Detection and Mitigation of Bad Actors on Social sites:
○ Spammers
○ Scam/Fraud
○ Other abuse

4. Why Do We Care?
● Because you’re a researcher
● Or anyone a vested interest in a product’s success
● You use social networking sites
● What do you guys think?

5. What Can We Do?
● Manual Intervention
● Deconstruction
● Research
● Application of Research

6. Manual Intervention
● Find abusers through web interface and reports
● Deal with each case as it comes
● Pros: Diplomatic solutions, very low false positives
● Cons: Uses up lots of business resources, does not scale well

7. Deconstruction
● Quantify Social Criteria
● Classify Criteria
● Research Solutions
● Fine-Tune

8. Research
● The paper that changed everything
● Cliff notes
● Inspirations and Take aways

9. Applied Research
● Spammers love string obfuscation:
○ IM me camgirl80 at wahoo ,cpm
○ hxxp://pwning.nu/BofA/phish/
● There are many algorithms available to help
● Longest Common Subsequences

11. LCS application
● LCS basics
● But wait…. there’s more
● Abstraction of Behavior for Digital Signatures

12. Not the end-all solution
● Best deployed in layers and not as sole countermeasure
● Synergies of Layers to Improve Accuracy
● Inliers and Outliers
● System Integrity and Efficiency

13. Confusing The Mice
● Attackers Evolve
● Social Sites need to evolve with them
● Countermeasures
○ Multiple Layers of Detection
○ Asynchronous Response
● What Would This System Look Like

14. Cool! Wait, What?
Take-homes
● Solving abuse problems through leveraged intelligence and deconstruction
● Think outside the box
● It’s the war, not the battle
● H4v3 funn with thiiis!

15. Questions?
● Questions, thoughts on topic...
● Feel free to contact if one comes up later!
○ Twitter: @vect0rx
○ email: ekmetz650@gmail.com
● FIN

16. Acknowledgements
● Rich Friedberg - For the help early on in understanding
a mental framework and nomenclature with which I
could understand and categorize attackers by
commonalities, TTP, etc.
● Javvad Malik - For helping me prepare my first talk for
BSivesLV 2015

17. References
● Peter Christen. A Comparison of Personal Name Matching:
Techniques and Practical Issues, Joint Computer Science Technical
Report Series. The Australian National University. TR-CS-06-02. Web
<https://cs.anu.edu.au/techreports/2006/TR-CS-06-02.pdf>