Northrop Grumman is leveraging a research project on threat behavior modeling originally developed through its Cybersecurity Research Consortium partner Carnegie Mellon University’s (CMU) cybersecurity institute, CyLab.
Distinguished Seminar: Blackmarket-driven Interventions: From Research to Practice
|Date:||October 5, 2015|
|Speaker:||Kurt Thomas, Security & Abuse Researcher, Google|
|Time & Location:||October 5, 2015
DEC, CIC Building, Pittsburgh
|Abstract:||Internet crime has become increasingly dependent on the underground economy: a loose federation of specialists selling capabilities, services, and resources explicitly tailored to the abuse ecosystem. While migration to this marketplace streamlines for-profit scams, it also exposes participants to a range of new countermeasures that disrupt criminal supply chains. In this talk, we discuss how Google is translating blackmarket-driven research into a practical tool for fighting bulk account creation, fake engagement, cloaking, ad fraud, and unwanted software. We demonstrate how underground services yield a wealth of training data on emerging threats as well as serve as a canary for failures in Google's defenses. However, this approach is not without pitfalls: we highlight challenges in interacting with blackmarket segments, sanitizing polluted data, and ultimately measuring the impact of interventions. We argue that researchers and industry can leverage our techniques to make a drastic departure from focusing solely on protecting users and systems (tantamount to a fire fight) and instead disrupt cost-sensitive dependencies that pin up entire abuse verticals.|