Monthly Archives: November 2007

Wealth of Internet Miscreants: Beyond Law Enforcement to Disrupting the Criminal Economy

figure4.gif How to get rich quick through ecrime:

This paper studies an active underground economy which specializes in the commoditization of activities such as credit card fraud, identity theft, spamming, phishing, online credential theft, and the sale of compromised hosts. Using a seven month trace of logs collected from an active underground market operating on public Internet chat networks, we measure how the shift from "hacking for fun" to "hacking for profit" has given birth to a societal substrate mature enough to steal wealth into the millions of dollars in less than one year.

An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants Jason Franklin, Vern Paxson, Adrian Perrig, and Stefan Savage. Proc. ACM CCS, October 2007.

How to stop it? Law enforcement is good, but insufficient. Ditto traditional technological Internet security methods. We already knew that. What now?

Real progress will be made by disrupting the criminal economy by poisoning trust. Read the paper for the authors’ suggestions of Sybil attacks and slander attacks. Make the criminals’ identities unreliable and poison their reputations.

This is considered the paper of the year by some prominent computer security professionals, and for good reason.

-jsq

Antitrust and Microsoft: Still on the Table?

Taft.jpg More time to determine whether Microsoft has a monopoly?

Microsoft, state prosecutors, and the U.S. Department of Justice on Tuesday said a federal judge needs more time to weigh whether Redmond should be subjected to a lengthier period of antitrust policing.

In a joint filing with U.S. District Judge Colleen Kollar-Kotelly, who has been overseeing Microsoft’s antitrust compliance, they asked for a soon-to-expire oversight period to be temporarily extended until at latest January 31, 2008. That way, the judge will have more time to weigh the merits of last-minute pleas from a number of state prosecutors to add another five years to the oversight regime.

Right now, most of Microsoft’s 2002 consent decree with the Bush administration is set to expire November 12. One small portion, related to a communications protocol licensing program that has encountered numerous delays since its inception, has already been extended through November 2009.

U.S.-Microsoft antitrust deal to get temporary extension, by Anne Broache, C|Net News.com News blog, October 30, 2007 2:24 PM PDT

The story says the judge and Microsoft are expected to agree to the extension. Not surprisingly, there’s an objection from a different quarter:

The Justice Department has already said it doesn’t believe there’s any need to extend the oversight period and that the agreement with Redmond has been working as designed.

It’s state prosecutors from 10 states who are driving this extension.

These days we don’t have Teddy Roosevelt to bust trusts, nor even William Howard Taft, whose Department of Justice started 80 antitrust lawsuits. Maybe the states can do it.

-jsq

Storm Botnet Movie

Cory always has a way with words:
The Storm Worm botnet (thought to be the largest network of compromised machines in the world) has begun to figure out which security researchers are trying to disrupt its command-and-control systems and knock them offline with unmanagable crapfloods from its zillions of zombie machines.

StormWorm botnet lashes out at security researchers, Cory Doctorow, BoingBoing, October 24, 2007 12:35 PM

But Michael Froomkin found a movie illustrating the situation:

Hiding inside while hordes of zombies dance outside and eat away at the doors; yep, that’s pretty much the state of Internet security.

-jsq