
39087d8e67738c22e7a2fa35f3da619b.ppt
- Количество слайдов: 93
Spam and Transnational Crime Knuj. On: A new initiative to fight email-borne security threats 1
Who we are Garth Bruen – the Knuj. On Project Northeastern University, Software Engineering Certificate Suffolk University, Masters in Public Administration Northeastern University, B. S. Criminal Justice Dr. Robert Bruen – Coldrain Technologies Harvard University, ALM History of Science Boston College, Ph. D. Higher Education Administration Boston University, M. S. Computer Information Systems Northeastern University, B. A. Philosophy and Religion International HTCIA 8/2007 Knujon LLC 2007© 2
What I Want You To Leave Believing Knuj. On is dedicated to technology fraud prevention However…. . 1. The Spam problem is about more than the email 2. Solutions to spam cannot rely solely on technology 3. Filtering and deleting spam makes the issue worse 4. Spam is not an impossible problem to solve International HTCIA 8/2007 Knujon LLC 2007© 3
Questions as a starting point • What drives spam? • What and Who enables the spammers? • Who profits from it (beyond the spammers)? • How do we all suffer from spammers? • What tools are currently available to prevent spam? • Of those tools, what is working and what isn't? • Where are the failures and breakpoints? • Where can our efforts be maximized? International HTCIA 8/2007 Knujon LLC 2007© 4
What has Knuj. On accomplished so far? • 2 years in Beta testing • 32, 201 site suspensions • Reduction in spam traffic to many of our clients • Processing 20 – 30 thousand emails per day • Weekly status reports to our clients • Changing people’s minds, providing actionable information, raising public awareness International HTCIA 8/2007 Knujon LLC 2007© 5
What We Do • Challenge Beliefs: current assumption that there is too much junk email to process effectively • Collaborate Globally: accept junk email submissions from thousands of official and non-official clients as the starting point for our procedures • Enforce Policies: • use the current policy structures to address the problem • reveal breakpoints and bottlenecks in Internet compliance International HTCIA 8/2007 Knujon LLC 2007© 6
What We Do • Share Our Progress: Provide our clients with feedback and avenues for satisfaction that they are not getting from the Internet community • Generate Big Picture Thinking • • • Explore the complex issues driving spam Illustrate the impact on individual victims as well as the burden on the economy Use spam to create a “map” of transnational crime International HTCIA 8/2007 Knujon LLC 2007© 7
Knuj. On: A better model • No software to download • No live connection needed • No active process or database on the net • Reporting/Processing in different locations • Compact and highly mobile • Do. S of our sites wont stop the process International HTCIA 8/2007 Knujon LLC 2007© 8
9
The criminals are fighting back with technology…. . • Cyber criminals are launching massive Denial of Service attacks against anti-spam services • Worms have been designed to specifically attack antivirus software companies (and specific people) • DDo. S and hacking attacks have been used against law enforcement networks as revenge International HTCIA 8/2007 Knujon LLC 2007© 10
…and beyond technology • Malaysian media pirates have threatened police and customs dogs (bounties have been placed on specific animals) • “Spammer Tries to Hire Hit man to Kill Children of Witness” • Journalists investigating counterfeit product networks in many countries have been murdered • Nigeria’s Rx fraud czar under constant attack • Saad Echouafni (massive 2004 Do. S) remains a fugitive, armed and dangerous, possibly in North Africa International HTCIA 8/2007 Knujon LLC 2007© 11
Problems Behind the Problem • The criminal threat is much more aggressive than ever before • Targeted attempts to intimidate and disrupt enforcement for the purpose of protecting lucrative criminal operations are commonplace. • As the spam money grows, so will the physical threats. • “Cybercops drowning in data” – Jim Christy • Government sponsored simulated cyber attacks on the U. S. were successful in penetrating defenses • Foreign intelligence services are “eating our lunch” – Joel Brenner, National Counterintelligence Executive International HTCIA 8/2007 Knujon LLC 2007© 12
Resources are impacted • Employees in the U. S. spend about 100 hours each year dealing with spam, a daily loss of $130 million to our workforce • Loss of productivity on the company side: $712 Per Employee, $71 billon to all U. S. businesses annually • 210, 000 American manufacturing workers could be added to the economy if parts were made legally • Illicit traffic is a $600 Billion industry • 90% of all email traffic is spam International HTCIA 8/2007 Knujon LLC 2007© 13
Spam Beyond “Email”: Geocities “encrypted” spam sites International HTCIA 8/2007 Knujon LLC 2007© 14
Spam that isn’t email International HTCIA 8/2007 Knujon LLC 2007© 15
Spam that isn’t email International HTCIA 8/2007 Knujon LLC 2007© 16
Spam that isn’t email International HTCIA 8/2007 Knujon LLC 2007© 17
Spam that isn’t email : Search Stacking DISCOVERing deceit at uhuzy. org w 173 instances of the phrase “discover card”. w Over 1000 instances of the word “discover” w first site returned in a Google of “Discover Payment Address” International HTCIA 8/2007 Knujon LLC 2007© 18
Spam that isn’t email : Search Stacking International HTCIA 8/2007 Knujon LLC 2007© 19
Spam that isn’t email : Search Stacking International HTCIA 8/2007 Knujon LLC 2007© 20
Spam that isn’t email : Search Stacking International HTCIA 8/2007 Knujon LLC 2007© 21
Spam that isn’t email w w w Wiki Spam Social Networking sites Blogs Forums News: // i. Tunes? International HTCIA 8/2007 Knujon LLC 2007© 22
Growth of the Internet and Illicit Traffic International HTCIA 8/2007 Knujon LLC 2007© 23
Failure of Filtering In the Press • PEW research study that suggested consumers have been worn down by spam and are now accepting it as a fact of modern life. • Brockman & company survey that suggests anti-spam software "doesn't work. " • Research by the University of California, San Diego validates the contention that there a small number of organized criminals behind most of the junk mail. • People know the spam problem is worse than last year, and that the filter and block strategy has run its course. International HTCIA 8/2007 Knujon LLC 2007© 24
The Economic Idiocy of Spam Filtering • 90% of the bandwidth taken up by spammers • The communications network has been hijacked by fraudulent transmissions • Consumers and taxpayers fund the maintenance on the this global network of cable, DLS, phone lines, optic, radio, etc… In other words…. . • Americans are paying $1. 5 Billion Per Month to ensure transmission of Spam* - $18 Billion per year • If you have a virus scan and filtering software and get no spam in your inbox, you are still paying $27 per month to guarantee that it gets delivered just short of your mailbox *Based on 55, 544, 208 households with net access(2000 census) and $30 average cost of connection with only 10% of that going to support traffic that is wanted. International HTCIA 8/2007 Knujon LLC 2007© 25
Paper Fraud On the Rise • 98% of forgers go free • Only 2% of check frauds are arrested • 62% of bad checks go uncollected • Only one state (Illinois) makes it illegal to order checks in someone else’s name • Booming market in fake labels, packaging, and security holograms • Forgery of FAA Part Approval forms found • Deceptive mortgage and “prizes” mailings continue International HTCIA 8/2007 Knujon LLC 2007© 26
Operational Highlights Outline of a spamming operation Who are the spammers? What is their operational path? How are they enabled? 27
Operation Highlights: Mapping the Distribution & Money International HTCIA 8/2007 Knujon LLC 2007© 28
Operation Highlights: Mapping the Distribution & Money International HTCIA 8/2007 Knujon LLC 2007© 29
Operation Highlights: the Spammers w Mercenary criminals, not really concerned with what is being sold in junk email w Spam, transaction sites, shipping, and supply are all distinct operations n They don’t have warehouses full of pills and handbags n Possible that parties never meet face to face w Skills are easy to pick up and share n Spamming “Kits” are available for sale/download n Discussions and mentoring occur in chat rooms International HTCIA 8/2007 Knujon LLC 2007© 30
Operation Highlights: Illicit Traffic is About Transactions* - not Products or Spam w Attack the transaction, not the advertisement w Blocking the transaction (at the website) keeps the money from entering the cycle w This will not happen if the spam is deleted. If the spam is reported, there is a better possibility the site will be taken down w Once a connection is made to a victim, they are more likely to be victimized again International HTCIA 8/2007 Knujon LLC 2007© 31
What is driving and enabling it? What does it mean to purchase goods sold in spam? Where do the products sold in spam come from? Who profits from merchandise sold in spam? International HTCIA 8/2007 Knujon LLC 2007© 32
The Path of Fake Goods Sold in Spam Manufacture of these goods is often done using forced, prison, child or under compensated labor International HTCIA 8/2007 Knujon LLC 2007© 33
The Path of Fake Goods Sold in Spam The illegal factories are usually not inspected and pose serious health, safety and environmental threats International HTCIA 8/2007 Knujon LLC 2007© 34
The Path of Fake Goods Sold in Spam In order to operate large illegal factories, local government must be bribed or coerced International HTCIA 8/2007 Knujon LLC 2007© 35
The Path of Fake Goods Sold in Spam The products themselves represent copyright, trademark and intellectual property infringements International HTCIA 8/2007 Knujon LLC 2007© 36
The Path of Fake Goods Sold in Spam Fake goods must be smuggled out of source countries International HTCIA 8/2007 Knujon LLC 2007© 37
The Path of Fake Goods Sold in Spam Contraband is often carried by human mules, tying smuggling to human traffic, sexual exploitation, document forgery and other transnational crime International HTCIA 8/2007 Knujon LLC 2007© 38
The Path of Fake Goods Sold in Spam Taxes are unlikely to be paid on smuggled, counterfeit goods International HTCIA 8/2007 Knujon LLC 2007© 39
The Path of Fake Goods Sold in Spam Profits from illicit traffic fund criminal organizations, terror groups and bloody conflicts in developing countries International HTCIA 8/2007 Knujon LLC 2007© 40
The Path of Fake Goods Sold in Spam Substandard counterfeit goods explode, start fires, and poison people International HTCIA 8/2007 Knujon LLC 2007© 41
The Path of Fake Goods Sold in Spam Profits from illicit traffic must be moved by money launderers International HTCIA 8/2007 Knujon LLC 2007© 42
Spammers snag customers! w 650, 000 people purchased at least one item sold in spam in a single month surveyed (Consumer Reports) w If the average spam “unit” is $75, that is $48, 750, 000 per month or $585, 000 per year w While the majority of Internet users block and delete spam, the remainder keeps the spammers employed! International HTCIA 8/2007 Knujon LLC 2007© 43
Knockoffs and Counterfeits as an industry w If the knockoff network was a single company it would be twice the size of Wal-Mart w If counterfeiting, smuggling, and piracy were a single industry it would be the world’s biggest International HTCIA 8/2007 Knujon LLC 2007© 44
Product-Driven: Counterfeiting w German authorities seized $1. 6 billion in pirated goods in 2006, which was a 500% increase from 2005 w U. S. Customs and Border Protection reported an 83% increase in counterfeit good seizures in 2006 w England claimed a 45% increase in fake drug traffic in 2005 w Interpol has noted a steady 10 -year surge in intellectual property crime w The International Anti. Counterfeiting Coalition(iacc. org) claims a ten thousand percent increase in recent decades International HTCIA 8/2007 Knujon LLC 2007© 45
What is being counterfeited? w w w w Cigarettes – with twice the carcinogens Alcohol – with ethanol and other poisons Tea Leaves - dried with truck exhaust Weed Killer – that kills crops too Shampoo – with fecal matter (“shampoop”? ) Break Pads – made from pressed sawdust Surge protectors – that explode International HTCIA 8/2007 Knujon LLC 2007© 46
Scary Warning! “We enforce if you are affiliated with or working for a brand name company mentioned either directly or indirectly, or any other related group, or were formally a worker, you cannot enter this web site, cannot access any of its files and you cannot view any of the HTM(L) files. If you enter this site you are not agreeing to these terms and you are violating code 431. 322. 12 of the Internet Privacy Act signed by Bill Clinton in 1995 and that means that you cannot threaten our ISP(s) or any person(s) or company storing these files, and cannot prosecute any person(s) affiliated with this page which includes family, friends or individuals who run or enter this web site. ” International HTCIA 8/2007 Knujon LLC 2007© 47
Distribution Network International HTCIA 8/2007 Knujon LLC 2007© 48
The Secondary Threat of Software Piracy w w w The “big hack” Use of pirated software 50% worldwide ¼ of Software in U. S. is pirated Some developing countries have near 90% piracy rates Microsoft and Vietnam: compromise or copout? Pirated software can provide an attack platform for a variety of crimes International HTCIA 8/2007 Knujon LLC 2007© 49
Tax Software and Auto. CAD International HTCIA 8/2007 Knujon LLC 2007© 50
Product-Driven: Software Piracy w Countries that are known sources for pirated software also known for spying on the United States w Corrupt government elements or gangs? w Wo Shing Wo, San Yee On, and 14 K are all reportedly involved in media piracy as well as human smuggling w Authorities in China often claim Chinese Americans run the gangs w The international scope is complex and troubling International HTCIA 8/2007 Knujon LLC 2007© 51
Threats from places you’ve never heard of w Transdnester: “Independent” republic within Russia; accused of being little more than a massive criminal enterprise w Ciudad del Este: Economic free zone in Paraguay; haven for smugglers and terrorists w Tuvalu: Tiny island nation that issues. TV domains to phishers and leases its telephone system for sex-lines w Nauru: Set up your bank here without ever going there; hid money for Slobodan Milosevic International HTCIA 8/2007 Knujon LLC 2007© 52
Deposit Scams w Also called “Nigerian/419” or Advance Fee Scams w Present a unique problem for cybercops w Victims of this kind of fraud have been kidnapped or murdered while trying to retrieve their money overseas International HTCIA 8/2007 Knujon LLC 2007© 53
. cd w. CD is emerging as a phisher favorite w Is the domain extension for The Democratic Republic of the Congo w The DRC is not the same as the Republic of the Congo w The DRC, formerly Zaire, has been in a state of political upheaval since the late 1990’s w Troubled countries are magnets for fraud and corruption w The average consumer is not aware of the background that allows spammers to operate International HTCIA 8/2007 Knujon LLC 2007© 54
Sale of sovereignty w Nauru (. nr), Vanuatu (. vu), Cook Islands (. cc) and Western Samoa (. ws) like Tuvalu (. tv) are tiny island nations with few resources w Some use their very sovereignty as a commodity, and when that is sold there is nothing left w Countries can be “owned” by criminal groups – think about Al Qaeda and Afghanistan International HTCIA 8/2007 Knujon LLC 2007© 55
Rx Where The Bad Pills Come From w w w Filler Counterfeit Diverted Product Repackaging Up-Dosing International HTCIA 8/2007 Knujon LLC 2007© 56
Rx Impact of fake drugs and easy access w Deaths from painkiller overdoses have exceeded those from heroin and cocaine in recent years w In 2005 drug poisonings were second only to automobile accidents for unintended deaths w Counterfeit drug investigations by the FDA have increased 10 times since 2000 w More steroids for young athletes International HTCIA 8/2007 Knujon LLC 2007© 57
Rx International HTCIA 8/2007 Knujon LLC 2007© 58
Rx International HTCIA 8/2007 Knujon LLC 2007© 59
Rx International HTCIA 8/2007 Knujon LLC 2007© 60
Rx International HTCIA 8/2007 Knujon LLC 2007© 61
Rx International HTCIA 8/2007 Knujon LLC 2007© 62
Rx International HTCIA 8/2007 Knujon LLC 2007© 63
Rx International HTCIA 8/2007 Knujon LLC 2007© 64
Rx International HTCIA 8/2007 Knujon LLC 2007© 65
Vacations What has happened to folks who use less-than-reputable travel services? w Customers pay for a trip and don't get anything. w The company sends tickets or vouchers but the airline/hotel does not honor them. w Customers are charged extra(and often large) fees when presenting vouchers. w One fare is promised but a different one is charged. w The company agrees to a schedule but the dates are then changed by the company. w Customers are promised a specific airline/hotel but different services appear on the voucher(s). International HTCIA 8/2007 Knujon LLC 2007© 66
Risky Loans w Mortgage fraud is on the increase w 600 cases in 2004 to 21, 971 in 2005 totaling over $1 Billion in losses(FBI) w Hotspots are Michigan and Florida w While the FBI reports that mortgage fraud cases are increasing, convictions, seizures, and recovered funds are declining. International HTCIA 8/2007 Knujon LLC 2007© 67
Risky Loans International HTCIA 8/2007 Knujon LLC 2007© 68
Risky Loans w Some mortgage spams are just phishing/ID Theft attempts, others are “referrals” w Reverse Mortgages, “Teaser” ARMs, and “flipping” schemes are conducted by skilled industry insiders w Targets are often elderly, fixed income w The increase in foreclosures has become a burden on the market generally International HTCIA 8/2007 Knujon LLC 2007© 69
Phishing w Phishing has evolved into multi-prong threats that combine viruses and ID theft w Hackers post exposed accounts for auction w Changes in the banking industry may provide a false sense of security (two-factor guidelines) International HTCIA 8/2007 Knujon LLC 2007© 70
Phishing w Weakest points in any system will always be people w Banks can lock down on-line transactions but deceived customers and employees will still hand money over to crooks w Access is often a target an not simply money w Increase in illicit traffic profits creates demand for more money laundering International HTCIA 8/2007 Knujon LLC 2007© 71
Market Manipulation w Spammers have successfully manipulated stock prices for their gain and other investor’s loss w Studies at Harvard, Oxford and Perdue have confirmed the viability of manipulating penny stocks for big gain w Penny Stocks(Pink sheets, OTCBB) are used because their small value does not require as much oversight or registration w Spammers use software similar to CAPTCHA to create stock touting images International HTCIA 8/2007 Knujon LLC 2007© 72
Market Manipulation International HTCIA 8/2007 Knujon LLC 2007© 73
Market Manipulation Polish Epicenter w Bulk of stock spam examined by Knujon originated on Polish networks w Secondary source: countries bordering Poland w Tertiary source: Countries with large Polish communities w SEC Targeting a Latvian-Russian gang w Points to “organic” nature of malware International HTCIA 8/2007 Knujon LLC 2007© 74
And the list goes on, and on…. Remainders w Degrees w Gambling w Porn w Sex Trade w Political Attacks w Hoaxes International HTCIA 8/2007 Knujon LLC 2007© 75
Delivery Systems: Mal. Ware is often deployed unintentionally by users who: w Download unknown programs w Open attachments from unknown email senders w Share files on peer-to-peer networks or other media Mal. Ware can also forced onto a machine through: w Known, un-patched system exploits w Buffer overflows w Clever web scripting International HTCIA 8/2007 Knujon LLC 2007© 76
Delivery Systems: Mal. Ware International HTCIA 8/2007 Knujon LLC 2007© 77
ISP Response to Sober Worm(2005) adelphia. net alltel. net blueyonder. co. uk btbroadband. com charter. net pacbell. net Pae. Tec rr. com sifycorp. com tds. net International HTCIA 8/2007 F B A BF D A C+ A A Knujon LLC 2007© 78
ISP Response to Sober Worm(2005) Why the failing grades? • No clear reporting instructions • No feedback • Only took complaints from customers • Virus emails kept coming after detailed and repeated reports Demonstrates a lack of consistency and professionalism from the companies that maintain the Internet International HTCIA 8/2007 Knujon LLC 2007© 79
Where industry is failing us • Knujon has a number of “add-on” modules available for Thunderbird, Outlook, Yahoo, Gmail, and Apple. Mail for reporting spam. These were developed by dedicated members, not by big software houses or ISPs • The Internet industry continues to send confusing messages to consumers about security • Defense Cyber Crime Institute called for "the industry to create tools to help us investigate large volumes of data. ” The industry has not responded International HTCIA 8/2007 Knujon LLC 2007© 80
Mystery Alerts General warnings that do not include usable information will be ignored over time International HTCIA 8/2007 Knujon LLC 2007© 81
Piracy Report Rejected by Microsoft International HTCIA 8/2007 Knujon LLC 2007© 82
Spam Courtesy of CNN Most media outlets have “built-in abuse interfaces” International HTCIA 8/2007 Knujon LLC 2007© 83
Credit Cards, Air Miles and Mortgages A confusing mix of transactions is being thrown out faster than consumer can absorb and understand them International HTCIA 8/2007 Knujon LLC 2007© 84
“It’s as easy as firing off a text message” Financial transactions on cell phones? International HTCIA 8/2007 Knujon LLC 2007© 85
Phished by my own Credit Card Questions about this bizarre email have not been addressed by Citibank International HTCIA 8/2007 Knujon LLC 2007© 86
Who else is failing us? w The Media: by continuing to encourage people to ignore and delete spam rather than report it w The Business Community: by not properly protecting their brands on-line w The Government : by not providing feedback to citizens and more processing resources for electronic fraud International HTCIA 8/2007 Knujon LLC 2007© 87
IP Theft & Espionage w Direct email is a favorite starting point for industrial espionage w Spies collect “gray material” on companies and researchers w Carefully crafted emails are used to open communication w Spies pretend to be colleagues and graduate students International HTCIA 8/2007 Knujon LLC 2007© 88
IP Theft & Espionage w Threats can be foreign intelligence, foreign companies, domestic competitors, activists, and people with a grudge w Commonly held beliefs about spam and phishing, that they are purely the province of criminals and hackers, allow foreign intelligence services the opportunity to be “lost in the crowd”. International HTCIA 8/2007 Knujon LLC 2007© 89
The Good News w 30, 000+ shutdowns through Knuj. On happened because people reported junk mail w SEC has suspended trading of touted penny stocks, pursued many cases, frozen assets based on citizen tips w FTC has fined hundreds of companies for unsolicited faxes, one company was fined over $700, 000, because of complaints w Services like APWG and Castle. Cops(PIRT/MIRT) are coordinating antiphishing projects that target botnets in the process International HTCIA 8/2007 Knujon LLC 2007© 90
Recommendations 1. 2. 3. 4. 5. 6. 7. Media needs to stop telling people to delete spam Create more cybercrime schools and professionals LE needs to publicize successes in enforcement Government needs to encourage reporting and expand processing resources Banks need to have a proactive plan to educate customers and fight phishing Researchers need to be educated about the dangers of industrial espionage Private companies need to aggressively protect intellectual property International HTCIA 8/2007 Knujon LLC 2007© 91
Join Knuj. On wants your junk mail (yes, we’re serious) http: //www. knujon. com Phishing and Bot. Nets: http: //www. castlecops. com http: //www. apwg. org http: //www. isotf. org International HTCIA 8/2007 Knujon LLC 2007© 92
Questions… contact@knujon. com International HTCIA 8/2007 Knujon LLC 2007© 93