Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/25/2015
03:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Google, Others Seek to Make Cybercrime Costlier For Criminals

Most effective long-term strategy is to target the support infrastructure and financial services used by criminals, Google says

Researchers from Google and several academic institutions are devising ways to fight organized cybercrime by targeting the support infrastructure and financial services used by threat actors to conduct illegal activities.

The goal of the effort is to try and discourage fraudulent activity to the extent possible by making it costlier for criminals to operate, Kurt Thomas and Elie Bursztein, two members of Google’s Anti-Fraud and Abuse Research said in a blog post Thursday.

The two researchers pointed to several examples where Google and others have already begun taking such actions to try and disrupt the cyber underground.

By studying and understanding how cybercriminals are abusing the phone verified account system to do bulk registration of fraudulent accounts, Google for instance, has been able to make its accounts 30 to 40 percent costlier to register in the black market, Thomas and Bursztein said.

Similarly, by studying the methods used by a group of 26 underground merchants to register fake Twitter accounts, researchers at the University of California, Berkeley, George Mason University and Twitter were able to develop a method for retroactively detecting the fake accounts.

With Twitter’s help, the researchers were able to use the method to disable 95 percent of all fraudulent accounts registered by the 27 merchants, including those accounts that had already been sold in the underground.

Using similar tactics, researchers from George Mason University and the University of California, San Diego were able to disrupt payment processing for several illegal pharmacies and outlets selling counterfeit software, the two researchers said.

Such measures are needed because conventional client and server-side oriented countermeasures such as personal anti-virus tools, firewalls, network packet scanners, automated software updates, and two-factor authentication only have had a limited effect in stemming cybercrime, Thomas and Bursztein noted in the blog.

Each time security researchers have developed defensive measures cyber criminals have been able to circumvent them. “While these safeguards have significantly improved user security, they create an arms race: criminals adapt or find the subset of systems that remain vulnerable and resume operation.”

The increasing sophistication and commoditization of the cyber underground has made it easy for criminals from everywhere to trade in knowledge, technologies, services, and data for defrauding businesses and users.

The availability of specialized services for buying and selling infected systems, exploit kits, spam hosting, and user records have transformed cybercrime into a massive collaborative operation among criminals, the Google researchers said.

“An alternative strategy in this space is to target resource bottlenecks within the underground,” they said. The goal should be to try and make it costlier for cybercriminals to do business.

Going forward, security researchers need to focus on a more thorough understanding of the ecosystem used by cybercriminals to develop, execute, and profit from fraudulent campaigns, the two researchers said in a technical paper to the topic developed with other researchers.

The study of underground markets has to evolve from an exploratory niche involving mostly anecdotal research to a core-component of security research.  A clear picture of how attackers profit from victims and institutions is vital to developing effective countermeasures and breaking up the “fragile interdependencies” that exist in the cyber underground, the paper said.

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/25/2015 | 11:58:03 PM
Krebs
InfoSec journalist Brian Krebs has written a great book on this subject: Spam Nation.  It addresses the interconnectedness of the underground cyber marketplaces -- and their connections to other organized crime.  And, indeed, the ability of a lot of these sites and vendors to process credit card payments is essential for their existence.
macker490
50%
50%
macker490,
User Rank: Ninja
9/27/2015 | 7:47:14 AM
Geekonomics
what you should be reading is _Geekonomics: The real cost of Insecure Software_ ( David Rice ) .  

where the problem has to be fixed is in two places:

(1) insecure operating software

(2) application software failing to use public key encryption to authenticate dialogs

going after "the bad guys" is a futile game of Whac-a-Mole: a game you cannot win.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/27/2015 | 11:03:11 PM
Re: Geekonomics
Spam Nation doesn't deal so much with InfoSec and has more to do with counterfeit pharmacies and other illicit material being trafficked via the Web.

Fair point re: cybersecurity, etc., though
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/28/2015 | 1:02:36 PM
Security industry
Security is becoming a big industry that nobody generates any profit but a loss. To overcome this always loosing situation one must re-think security in a completely new way and design system based on that.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/28/2015 | 1:04:21 PM
Re: Krebs
Agree. If there was no underground market we would not be talking about security.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/28/2015 | 1:05:59 PM
Re: Geekonomics
Agree. That is why we need to really revamp our thinking and strategy when it comes to security. Catch-fix and deploy does not work.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/28/2015 | 1:08:57 PM
Re: Geekonomics
Good point. I am completely puzzled why anybody would respond an email regarding drugs or pharmacy.  
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/28/2015 | 1:13:07 PM
Cybercrime Criminals
Cybercrime Criminals

This article is very informative, one way of solving security problem is to make people who conduct illegal activities be responsible and accountable for it. If they do not feel like there is a consequence they will not stop with what they are doing.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/28/2015 | 11:53:35 PM
Re: Security industry
@Dr. T: I'm not sure I understand you.  Are you saying that all InfoSec companies are unprofitable?  Or am I misunderstanding?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/29/2015 | 12:50:02 PM
Re: Security industry
It is just an assumption, no data to prove, there could not be real profit in security industry. Consumers and Companies bear the expenses but security companies have to spend money on tools and insurance so really not much gain at the end.
Page 1 / 2   >   >>
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.