Simple Tactics Can Disrupt Internet Underground, Undermine Cybercriminals
Computer researchers suggest several methods that can be used to attack the "reputation systems" used by hackers to conduct business.
To reduce cybercrime, the government may want to consider the tactics employed by the music industry against copyright scofflaws, suggests Jason Franklin, a Ph.D. student in computer science at Carnegie Mellon University.
Franklin has co-authored a paper with Adrian Perrig, associate professor at Carnegie Mellon University; Vern Paxson, associate professor at University of California, Berkeley; and Stefan Savage, assistant professor at the University of California, San Diego, which explores the underground hacker economy.
The paper, "An Inquiry Into The Nature And Causes Of The Wealth Of Internet Miscreants," measures and analyzes the Internet's black market for information. It is based on seven months of observation, from January to August 2006, during which 2.4 Gbytes of Internet Relay Chat data was logged. IRC is one of the main communication channels of cybercriminals who participate in credit card fraud, identity theft, spamming, and phishing.
The researchers saw more than 87,000 credit card numbers traded during this time; they estimate that the total wealth generated from credit card fraud over IRC exceeded $37 million.
"I was surprised by the sophistication of the market and the size of the market and the level of activity," said Franklin. "It's basically a public market, despite the fact that we call it 'underground.' "
While the bulk of the paper is devoted to assessing the scope and value of the miscreant market economy, it also explores ways to disrupt the illicit information trade.
Citing the ineffectiveness of traditional law enforcement approaches -- locating and disabling hosting infrastructure, which can easily be replaced, and identifying and arresting market participants, who are often outside the law's reach in foreign countries -- the paper contemplates low-cost ways to undermine the black market that are not unlike the steps taken by the music industry to poison peer-to-peer file trading networks with fake files.
Ironically, the buyers and sellers of stolen personal information deal depend on trust, just like legitimate merchants. As the paper explains, "The participants of the market operate in an environment of dishonesty and mutual distrust. Buyers and sellers must protect themselves from dishonest participants (a.k.a., 'rippers') who purposely fail to uphold their end of a transaction. Such ripping behavior is common in other online markets and has led to the establishment of reputation systems such as those found on eBay or Amazon Marketplace."
While the reputation systems used by the buyers and sellers of stolen credit cards differ from those used by law-abiding vendors, any business built on trust can be destabilized when trust is undermined. The paper proposes two ways to do just that: a Sybil attack and a slander attack.
A Sybil attack, named after the pseudonym of a woman known for her multiple personalities, involves creating multiple online identities as a merchant of stolen data. These identities could be used to undermine confidence in the market by repeatedly failing to deliver data paid for by those seeking to commit credit card fraud.
A slander attack aims to impugn the reputation of established dealers in illicit data to depress prices and drive customers to less-reputable dealers, who may defraud those aiming to commit fraud and further destabilize the black market.
Franklin said that the countermeasures aren't the main focus of the paper and represent more of a suggestion for future research. "It's something along the lines of what you might see the music industry doing, in a little different way," he said. "There are serious issues with the legality of these kinds of measures."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.