Attacking Criminal Networks On the Internet 109
Hugh Pickens writes "Computer Scientists at Carnegie Mellon University are developing techniques to analyze and disrupt black markets on the internet, where criminals sell viruses, stolen data, and attack services estimated to total more than $37 million for the seven-month period they studied. To stem the flow of stolen credit cards and identity data, researchers have proposed two technical approaches to reducing the number of successful market transactions. One approach to disrupting the network is a slander attack where an attacker eliminates the verified status of a buyer or seller through false defamation. Another approach undercuts the cyber-crooks' network by creating a deceptive sales environment. 'Just like you need to verify that individuals are honest on E-bay, online criminals need to verify that they are dealing with "honest" criminals,' says Jason Franklin, one of the researchers."
The World's Largest Crime (Score:4, Funny)
Syndicate [whitehouse.org]
Pax,
Kilgore Trout
Re: (Score:3, Insightful)
Re: (Score:2)
Crime Syndicates (Score:4, Insightful)
http://www.gop.org/ [gop.org]
http://www.democrats.org/ [democrats.org]
of which the other two organizations you mention are wholly owned subsidiaries of these two, as is the other legislative and judicial branch are, along with most of the smaller regional syndicates.
Re: (Score:2)
Marines.com is obviously a mercenary gang (Score:3, Insightful)
Re: (Score:2)
Re: (Score:1)
CRIMINALS ARE RICH (Score:1)
Re:e-crime (Score:5, Insightful)
I wonder if anyone is going to get killed over the rumors spread by this anti e-crime technique?
Re: (Score:1)
We can only hope so.
(sorry but mentioning McGruff made me recall a bunch of Sam & Max quotes...)
Re: (Score:2)
http://slashdot.org/comments.pl?sid=326235&threshold=1&commentsort=0&mode=nested&cid=20952949 [slashdot.org]
TechForensics told us:
"However, there is a principle in law (or Equity) that one cannot do indirectly what he cannot do directly. An interesting question for practicing lawyers (I am a retired one and not up on all of this) would be, is there a way to attribute the Plaintiff's actions to Microsoft, canceling their GPL rights? Would it in fact be too late to do this based on their provable support
Re: (Score:1)
Idea... (Score:5, Funny)
Re: (Score:1, Interesting)
What I want to know is (Score:2, Funny)
Re: (Score:1)
Yeah, right (Score:2)
Re: (Score:2)
Psst buddy, ever heard of a sting? Or an informant?
But seriously, I suspect in order to combat this, the spammers will roll out a web-of-trust network faster than we ever imagined possible. These guys are on the cutting edge of information security, and don't doubt that they have their own theory folks looking at the problem too.
Re: (Score:2)
Sorry, I forgot to include the slashdotty "Oh, wait" line, that might have confused some of the irony impaired.
Sort of like what drug traders did. Buying botnets will be (or
Difference between law enforcement and warfare (Score:2, Insightful)
The techniques referenced in the article are more in the style of warfare, where the objective isn't to arrest a lawbreaker, but defeat an enemy. Different rules apply. For instance, if an anonymous source gives you the key for Botnet A, you don't have to worry about gathering more evidence to be ab
Re: (Score:2)
The thing is, they're not all that different. The difference is that law enforcement asks "please" or gives warnings more often than soldiers/their commanders. They both derive their power" almost exclusively from (the threat of) violence.
Correct me if I'm wrong... (Score:5, Insightful)
It's all about choices. (Score:2, Interesting)
Choice A: Perform lengthy investigation, put in for extradition, wait forever, and then put on trial, all while said bad guy is still controlling and making money off his botnets.
Choice B: screw up bad guy's botnets so badly that he can't sell their services, causing him to spend more resources in the battle, until he gives up
Re: (Score:2)
Giving Phishers Bad Account Info? (Score:2)
Re: (Score:2)
Re: (Score:2)
I love bulletproof hosters, really. So easy to null-route. Dodge this.
Fast-flux DNS, Botnets make null-routing too hard (Score:2)
(Even more fun than null-routing them is using BGP to advertise a better route to their address, so the rest of the world also ca
Re: (Score:2)
Re: (Score:1)
How about... (Score:2)
I have the feeling that the police in general just don't care about online crime. Much of it can't be that hard to track down.
Say the spam in my inbox selling pirated copies of MS office. If you can transfer the money to them then you can find them.
Re: (Score:3, Interesting)
What about spam with no contact info? I posted about this once before, and someone responded with (i paraphrase) "spammers are like the rest of us; they forget to include attachments, too. When a spammer forgets, 6 million people find out about it."
I could see this happening sometimes, but the amount of crap I see with no contact info, no website, no product being sold, is amazing. It's like the spam is self aware and breeding. Or the spam c
Re: (Score:2)
I'm sure some of it is just a mistake but there is more to it then that for most spam I think. Another reason behind it might just be to raise "product awareness". Like if you assault people with enough Viagra ads then eventually they will seek out Viagra or respond to that spam that finally has some contact info.
On top of that wha
Re: (Score:2)
Re: (Score:2, Funny)
What do you mean I'm already "subscribed"?
Re:How about... (Score:4, Insightful)
Re: (Score:1)
Re: (Score:1)
Online crime, agreed - somewhere between don't care and don't understand...
...but next year.... (Score:3, Interesting)
I'm not sure I like this idea....
The bad guys are already phishing on eBay (Score:5, Informative)
One of them has a very low buy-it-now listing, and a gmail address to contact to be a 'qualified' bidder.
Which one of them is fishing for your eBay creds? I see these all of the time; I collect and restore specific models of classic cars, and I see one of these almost every week. If you alert eBay through LiveChat, they'll usually take them down. But if you have report an auction through their mind-numbing 100 questions forms method, you'll never get a fraudulent auction done because you'll explode before you get to the end of forms-- none of which says--> HEY, THIS IS AN OBVIOUS FRAUD!
You can discredit sellers, but sellers have options to restore their dignity if they want to do this-- although it's tough. PayPal can also interecede, as can buyer credit sources. Resources, except in the complaints department, are tilted towards buyers. But that doesn't mean that there are loads of phish attempts. You find them in amusing places, like when I tried to surf for an Apple notebook, and there were a hundred auctions for the same machine-- if you bought the story about getting it shipped from Italy.
Re: (Score:2)
I also remember a few years ago a rather more deceptive auction for some brand new, must-have model of phone. Lots of pictures, lots of description, huge great dense paragraph of
This is pretty frightening (Score:1)
Far too much of the fabric of social networks-- and that includes t
This is pretty encouraging (Score:2)
This is about black markets, which may or may not be used by bad guys. When you talk about black markets, it's more of an us-vs-them situation, not a good-vs-evil situation.
This is merely warfare. There are no good guys or bad guys (well, they exist, but their moralities are are irrelevant for analysis, just as Nazi racism is irrelevant when talking about Blitzkrieg); there's just conflict of interest, and differing tactics meeting one another.
And good comes out of it, too. The "white" market is also u
Re: (Score:1)
In many cases it's just fine. (Score:2)
For instance, if a phisher is impersonating ExampleBank.com's website, it's perfectly fine for ExampleBank to impersonate suckers and go feed the phisher's site a million bogus bank account numbers and passwords that drop the phisher into their honeypot server as well as flooding the phisher's supply of account info from real suckers so it's harder to
Re: (Score:2)
Is it? Is there any concern for the site hosting the phisher's site? It's usually someone else's mismanaged server that's been owned by some worm or another. Isn't it vigilante justice to flood them with a million page
Re: (Score:2)
In addition to the moral issues is the legal question. If you rack up massive bandwidth bills for someone by deliberately flooding their server with bogus data, can you be held liable? What if you manage to crash their server, taking out a bunch of other sites hosted on it (by filling up disc space with the logs, for example)? Can they sue you for damages?
While you can make a pretty strong case that you were just using their publically-accessible server as it was intended, I think there's also a pretty st
Re:Flooding Phishers with bad data (Score:2)
Any half-decently c
legitimate transactions? (Score:2, Interesting)
Re: (Score:2)
Re: (Score:1)
On a smaller scale, this could also be targeted against individual participants of said marketplace, or groups, for example those that sell a certain type of product or service.
Re: (Score:3, Interesting)
From what I've heard, banks often get extorted successfully by Internet-based rings. They pay up, and shut up, because it's cheaper than the huge hit to the trust of their depositors in the institution. Look at what happened to Northern Roc
Slander is a "technical approach"? (Score:3, Insightful)
Re: (Score:2)
Think about it.
"That's right, your honor - the defendant slandered my cred though I was a legit merchant. I can demonstrate proof that I had a full one million stolen credit card accounts in my possession. At $7 each, that entitles me to $7,000,000 plus legal fees to cover the stolen data that I was so rudely prevented from selling by this infidel."
There's a reason that organized criminals are not litigious...
Re: (Score:2)
Re: (Score:2)
Wht can't criminals be "honest"? (Score:5, Interesting)
Supporters of the free market can look to the very successful black market as an example of unregulated trade working well. Often in the black market, as this article eludes to, your reputation is everything. So there is no benefit in ripping someone off.
I've worked with many "honest", good people in my black market transactions.
Re: (Score:2)
"honest" for self preservation (Score:3, Insightful)
Most criminals are only honest within their peer group. Probably because their peer group would likely kill them if they were not honest.
The idea of an honest criminal only applies to victimless crimes such as drugs, prostitution, gambling, etc. (To people that insist that self crime is not victimless crimes: stop touching yourself)
Re: (Score:2)
Re: (Score:1)
fight fire with fire? (Score:1, Interesting)
Prevent Criminals (Score:1)
Flooding... (Score:2)
There are some interesting ideas on this thread. The "flooding" idea is probably both the most legally defensible and cost effective response (hey, it's a real concern). I mean, you get pretty pissed when someone floods your inbox with 100 times as much crap as you get in content, imagine if you had to check each one to see if it was crap or content?
People talk about just arresting the criminals - we have a pretty darned h
If it's going to work, why tell us? (Score:1)
I think the most destructive part about this affair is that, well, it's out in the open. So we may never know if it indeed worked because Slashdot Et Al have spread the word. So complicated yet so blown...as many here have said, nothing's stopping the bad guys from using it on the good ones now.
A workaround, for criminals, to this, I suppose is to make their existing operations a lot more secretive. No more E-Bay style auctioning or other easy and convenient routes of trade... to participate, you'd have
Willing to meet Jimmy Hoffa? (Score:1, Funny)
OK, I know most geeks never slept with a girl, so they have no first-hand experience, but I can tell that you sleeping with fishes is even more dangerou
How? (Score:2)
honest (Score:1)
Credit Card Scams (Score:1)
network criminals are increasing (Score:1)
cyber criminals (Score:1)
Protocol Analysis Module (PAM) (Score:1)
help me (Score:1)
blur (Score:1)
troublesome ... (Score:1)
what to do? (Score:1)
credit card spamming (Score:1)
ARE YOU A SPAMMER (Score:1)
spamming technique (Score:1)
how to become a spammer (Score:1)
e mail spams (Score:1)
who want to be a hacker? (Score:1)
internet theft (Score:1)
attacker was caught (Score:1)
we should not underestiamte the attacker (Score:1)
factor affecting to this (Score:1)
understand the problems (Score:1)