Abstract: In recent years, the goals and modes of operation of malicious hackers have changed dramatically. As hackers realized the potential monetary gains associated with Internet fraud, there has been a shift from “hacking for fun” to “hacking for profit.” This shift has been leveraged and supported by more traditional crime organizations, which eventually realized the potential of the Internet for their endeavors. The integration of sophisticated computer attacks with well-established fraud mechanisms devised by organized crime has resulted in an underground economy that trades compromised hosts, personal information, and services in a way similar to other legitimate economies. This expanding underground economy makes it possible to significantly increase the scale of the frauds carried out on the Internet and allows criminals to reach millions of potential victims. Also, criminals are taking full advantage of sophisticated mechanisms, such as the service bots used on IRC channels to automatically verify stolen credit card numbers, the use of e-casinos to launder money, and the use of fast-flux networks to create attack-resilient services.
Over the last few years the UCSB Security Group has been developing novel techniques and tools to analyze the underground economy and to obtain a comprehensive picture of the complete criminal process. To do this, we have created models of the underground market, its actors, the processes and interactions between actors, and the underlying infrastructure. The plan is to leverage these models and develop techniques that can help to disrupt parts of the criminal process.
In this talk we discuss one of the projects that we have recently completed: an analysis of the underground economy of fake antivirus software.
For more details on Prof. Kemmerer's research please see his website at http://seclab.cs.ucsb.edu/
Host: Prof. G. Robert Odette