Simple Tactics Can Disrupt Internet Underground, Undermine Cybercriminals
Computer researchers suggest several methods that can be used to attack the "reputation systems" used by hackers to conduct business.
To reduce cybercrime, the government may want to consider the tactics employed by the music industry against copyright scofflaws, suggests Jason Franklin, a Ph.D. student in computer science at Carnegie Mellon University.
Franklin has co-authored a paper with Adrian Perrig, associate professor at Carnegie Mellon University; Vern Paxson, associate professor at University of California, Berkeley; and Stefan Savage, assistant professor at the University of California, San Diego, which explores the underground hacker economy.
The paper, "An Inquiry Into The Nature And Causes Of The Wealth Of Internet Miscreants," measures and analyzes the Internet's black market for information. It is based on seven months of observation, from January to August 2006, during which 2.4 Gbytes of Internet Relay Chat data was logged. IRC is one of the main communication channels of cybercriminals who participate in credit card fraud, identity theft, spamming, and phishing.
The researchers saw more than 87,000 credit card numbers traded during this time; they estimate that the total wealth generated from credit card fraud over IRC exceeded $37 million.
"I was surprised by the sophistication of the market and the size of the market and the level of activity," said Franklin. "It's basically a public market, despite the fact that we call it 'underground.' "
While the bulk of the paper is devoted to assessing the scope and value of the miscreant market economy, it also explores ways to disrupt the illicit information trade.
Citing the ineffectiveness of traditional law enforcement approaches -- locating and disabling hosting infrastructure, which can easily be replaced, and identifying and arresting market participants, who are often outside the law's reach in foreign countries -- the paper contemplates low-cost ways to undermine the black market that are not unlike the steps taken by the music industry to poison peer-to-peer file trading networks with fake files.
Ironically, the buyers and sellers of stolen personal information deal depend on trust, just like legitimate merchants. As the paper explains, "The participants of the market operate in an environment of dishonesty and mutual distrust. Buyers and sellers must protect themselves from dishonest participants (a.k.a., 'rippers') who purposely fail to uphold their end of a transaction. Such ripping behavior is common in other online markets and has led to the establishment of reputation systems such as those found on eBay or Amazon Marketplace."
While the reputation systems used by the buyers and sellers of stolen credit cards differ from those used by law-abiding vendors, any business built on trust can be destabilized when trust is undermined. The paper proposes two ways to do just that: a Sybil attack and a slander attack.
A Sybil attack, named after the pseudonym of a woman known for her multiple personalities, involves creating multiple online identities as a merchant of stolen data. These identities could be used to undermine confidence in the market by repeatedly failing to deliver data paid for by those seeking to commit credit card fraud.
A slander attack aims to impugn the reputation of established dealers in illicit data to depress prices and drive customers to less-reputable dealers, who may defraud those aiming to commit fraud and further destabilize the black market.
Franklin said that the countermeasures aren't the main focus of the paper and represent more of a suggestion for future research. "It's something along the lines of what you might see the music industry doing, in a little different way," he said. "There are serious issues with the legality of these kinds of measures."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.