Attacking Criminal Networks On the Internet 109
Hugh Pickens writes "Computer Scientists at Carnegie Mellon University are developing techniques to analyze and disrupt black markets on the internet, where criminals sell viruses, stolen data, and attack services estimated to total more than $37 million for the seven-month period they studied. To stem the flow of stolen credit cards and identity data, researchers have proposed two technical approaches to reducing the number of successful market transactions. One approach to disrupting the network is a slander attack where an attacker eliminates the verified status of a buyer or seller through false defamation. Another approach undercuts the cyber-crooks' network by creating a deceptive sales environment. 'Just like you need to verify that individuals are honest on E-bay, online criminals need to verify that they are dealing with "honest" criminals,' says Jason Franklin, one of the researchers."
...but next year.... (Score:3, Interesting)
I'm not sure I like this idea....
legitimate transactions? (Score:2, Interesting)
Re:How about... (Score:3, Interesting)
What about spam with no contact info? I posted about this once before, and someone responded with (i paraphrase) "spammers are like the rest of us; they forget to include attachments, too. When a spammer forgets, 6 million people find out about it."
I could see this happening sometimes, but the amount of crap I see with no contact info, no website, no product being sold, is amazing. It's like the spam is self aware and breeding. Or the spam churning robot is broken or something. I'd love to know what's behind this. Sometimes it's just the filter workaround "poetry", long lists of current event buzzwords, etc.
It's all about choices. (Score:2, Interesting)
Choice A: Perform lengthy investigation, put in for extradition, wait forever, and then put on trial, all while said bad guy is still controlling and making money off his botnets.
Choice B: screw up bad guy's botnets so badly that he can't sell their services, causing him to spend more resources in the battle, until he gives up and picks an easier crime.
I'll take "B".
Wht can't criminals be "honest"? (Score:5, Interesting)
Supporters of the free market can look to the very successful black market as an example of unregulated trade working well. Often in the black market, as this article eludes to, your reputation is everything. So there is no benefit in ripping someone off.
I've worked with many "honest", good people in my black market transactions.
fight fire with fire? (Score:1, Interesting)
Sort of like baiting 419 scammers into showing up on webcams, except on an industrial scale.
Re:legitimate transactions? (Score:3, Interesting)
From what I've heard, banks often get extorted successfully by Internet-based rings. They pay up, and shut up, because it's cheaper than the huge hit to the trust of their depositors in the institution. Look at what happened to Northern Rock when they stood up and did the right thing to ensure their depositors were safe by going to the Bank of England. The first run on an English bank in a century.
An auction site like eBay doesn't need my trust nearly as much. They don't have my credit card number (unless I use PayPal, but that's not a requirement to use eBay). I don't think I even had to put in an address to set up an eBay account to merely buy stuff. The only trust I need is in the particular seller. Now I'd be the first to admit that your average eBay seller is not toward the high end of the trustworthyness scale, and that the feedback system is abusable, but you're working from a pretty low baseline in any case. And what exactly does eBay have to lose if they broadcast to the world that some dastardly group threatened to make people think that eBay sellers are fraudsters?
Now your black market, that's a lot more like a bank in terms of amount of trust required. A bad deal on a black market doesn't mean you call up PayPal/eBay/bank and tell them that that bastard that promised you 100k of fresh credit card details ripped you, and you want your money back like the victim of a bad deal on a legal marketplace can. Hell, if you're an intelligent person doing business in a place like this, you know damn well that your buyer or seller might be a cop. A wasp doesn't complain too loudly when it gets stung. It's easier, and safer, to find another patch than try to rebuild trust in a compromised location. Not that it's asy, you need to rebuild trust in this new marketplace, which a determined poisoning scheme can probably easily deal with, so you'd theretically be forced into a more personal marketplace, where personal recommendation is required in order to be able to buy. Harder to crack, but WAY harder to use, and it keeps the cost of entry high enough to discourage all but the most determined criminal wannabes.
Re:Idea... (Score:1, Interesting)