Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/25/2015
03:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Google, Others Seek to Make Cybercrime Costlier For Criminals

Most effective long-term strategy is to target the support infrastructure and financial services used by criminals, Google says

Researchers from Google and several academic institutions are devising ways to fight organized cybercrime by targeting the support infrastructure and financial services used by threat actors to conduct illegal activities.

The goal of the effort is to try and discourage fraudulent activity to the extent possible by making it costlier for criminals to operate, Kurt Thomas and Elie Bursztein, two members of Google’s Anti-Fraud and Abuse Research said in a blog post Thursday.

The two researchers pointed to several examples where Google and others have already begun taking such actions to try and disrupt the cyber underground.

By studying and understanding how cybercriminals are abusing the phone verified account system to do bulk registration of fraudulent accounts, Google for instance, has been able to make its accounts 30 to 40 percent costlier to register in the black market, Thomas and Bursztein said.

Similarly, by studying the methods used by a group of 26 underground merchants to register fake Twitter accounts, researchers at the University of California, Berkeley, George Mason University and Twitter were able to develop a method for retroactively detecting the fake accounts.

With Twitter’s help, the researchers were able to use the method to disable 95 percent of all fraudulent accounts registered by the 27 merchants, including those accounts that had already been sold in the underground.

Using similar tactics, researchers from George Mason University and the University of California, San Diego were able to disrupt payment processing for several illegal pharmacies and outlets selling counterfeit software, the two researchers said.

Such measures are needed because conventional client and server-side oriented countermeasures such as personal anti-virus tools, firewalls, network packet scanners, automated software updates, and two-factor authentication only have had a limited effect in stemming cybercrime, Thomas and Bursztein noted in the blog.

Each time security researchers have developed defensive measures cyber criminals have been able to circumvent them. “While these safeguards have significantly improved user security, they create an arms race: criminals adapt or find the subset of systems that remain vulnerable and resume operation.”

The increasing sophistication and commoditization of the cyber underground has made it easy for criminals from everywhere to trade in knowledge, technologies, services, and data for defrauding businesses and users.

The availability of specialized services for buying and selling infected systems, exploit kits, spam hosting, and user records have transformed cybercrime into a massive collaborative operation among criminals, the Google researchers said.

“An alternative strategy in this space is to target resource bottlenecks within the underground,” they said. The goal should be to try and make it costlier for cybercriminals to do business.

Going forward, security researchers need to focus on a more thorough understanding of the ecosystem used by cybercriminals to develop, execute, and profit from fraudulent campaigns, the two researchers said in a technical paper to the topic developed with other researchers.

The study of underground markets has to evolve from an exploratory niche involving mostly anecdotal research to a core-component of security research.  A clear picture of how attackers profit from victims and institutions is vital to developing effective countermeasures and breaking up the “fragile interdependencies” that exist in the cyber underground, the paper said.

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/29/2015 | 9:38:29 PM
Analysis
This piece demonstrates how important thinking like the bad guys is.  The name escapes me, but there is an InfoSec firm in Israel that goes so far as to analyze patterns in malware code to discover the *next* big exploit.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/29/2015 | 12:50:02 PM
Re: Security industry
It is just an assumption, no data to prove, there could not be real profit in security industry. Consumers and Companies bear the expenses but security companies have to spend money on tools and insurance so really not much gain at the end.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/28/2015 | 11:53:35 PM
Re: Security industry
@Dr. T: I'm not sure I understand you.  Are you saying that all InfoSec companies are unprofitable?  Or am I misunderstanding?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/28/2015 | 1:13:07 PM
Cybercrime Criminals
Cybercrime Criminals

This article is very informative, one way of solving security problem is to make people who conduct illegal activities be responsible and accountable for it. If they do not feel like there is a consequence they will not stop with what they are doing.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/28/2015 | 1:08:57 PM
Re: Geekonomics
Good point. I am completely puzzled why anybody would respond an email regarding drugs or pharmacy.  
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/28/2015 | 1:05:59 PM
Re: Geekonomics
Agree. That is why we need to really revamp our thinking and strategy when it comes to security. Catch-fix and deploy does not work.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/28/2015 | 1:04:21 PM
Re: Krebs
Agree. If there was no underground market we would not be talking about security.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/28/2015 | 1:02:36 PM
Security industry
Security is becoming a big industry that nobody generates any profit but a loss. To overcome this always loosing situation one must re-think security in a completely new way and design system based on that.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/27/2015 | 11:03:11 PM
Re: Geekonomics
Spam Nation doesn't deal so much with InfoSec and has more to do with counterfeit pharmacies and other illicit material being trafficked via the Web.

Fair point re: cybersecurity, etc., though
macker490
50%
50%
macker490,
User Rank: Ninja
9/27/2015 | 7:47:14 AM
Geekonomics
what you should be reading is _Geekonomics: The real cost of Insecure Software_ ( David Rice ) .  

where the problem has to be fixed is in two places:

(1) insecure operating software

(2) application software failing to use public key encryption to authenticate dialogs

going after "the bad guys" is a futile game of Whac-a-Mole: a game you cannot win.
Page 1 / 2   >   >>
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...