[Colloq] Talk by Dick Kemmerer: Cybercrime and the Cyber Underground Economy - March 18, 10:00am, 366 WVH

Northeastern University CCIS bironje at ccs.neu.edu
Mon Mar 17 15:09:46 EDT 2014


Cybercrime and the Cyber Underground Economy

Tuesday March 18th, 2014 10:00am - 11:00am

366 WVH

Dick Kemmerer

In recent years, the goals and modes of operation of malicious hackers have
changed dramatically. As hackers realized the potential monetary gains
associated with Internet fraud, there has been a shift from “hacking for
fun” to “hacking for profit.” This shift has been leveraged
and supported by more traditional crime organizations, which eventually realized
the potential of the Internet for their endeavors. The integration of
sophisticated computer attacks with well-established fraud mechanisms devised by
organized crime has resulted in an underground economy that trades compromised
hosts, personal information, and services in a way similar to other legitimate
economies. This expanding underground economy makes it possible to significantly
increase the scale of the frauds carried out on the Internet and allows
criminals to reach millions of potential victims. Also, criminals are taking
full advantage of sophisticated mechanisms, such as the service bots used on IRC
channels to automatically verify stolen credit card numbers, the use of
e-casinos to launder money, and the use of fast-flux networks to create
attack-resilient services.
Over the last few years the UCSB Security Group has been developing novel
techniques and tools to analyze the underground economy and to obtain a
comprehensive picture of the complete criminal process. To do this, we have
created models of the underground market, its actors, the processes and
interactions between actors, and the underlying infrastructure. The plan is to
leverage these models and develop techniques that can help to disrupt parts of
the criminal process.
In this talk I will discuss one of the projects that we have recently completed,
which is an analysis of the underground economy of fake antivirus software.



Richard A. Kemmerer is the Computer Science Leadership Professor and a past
Department Chair of the Department of Computer Science at the University of
California, Santa Barbara.  Dr. Kemmerer received his Ph.D. degree in Computer
Science from the University of California, Los Angeles, in 1979. His research
interests include formal specification and verification of systems, computer
system security and reliability, programming and specification language design,
and software engineering.  He is the author of the book “Formal
Specification and Verification of an Operating System Security Kernel” and
a co-author of “Computers at Risk: Safe Computing in the Information
Age,” “For the Record: Protecting Electronic Health
Information,” and “Realizing the Potential of C4I: Fundamental
Challenges.”
Dr. Kemmerer has served as a member of the National Academy of Science’s
Committee on Computer Security in the DOE, the System Security Study Committee,
the Committee for Review of the Oversight Mechanisms for Space Shuttle Flight
Software Processes, the Committee on Maintaining Privacy and Security in Health
Care Applications of the National Information Infrastructure, and the Committee
on the Review of Programs for C4I.  He also served as a member of the National
Computer Security Center’s Formal Verification Working Group and was a
member of the NIST’s Computer and Telecommunications Security Council. 
He has served on a review panel for the DOI to evaluate their Natural
Resource’s Damage Assessment Model, and as an expert consultant for the
Nuclear Regulatory Commission’s Advisory Committee on Nuclear Reactor
Safety.
Dr. Kemmerer is a past Chair of the IEEE Technical Committee on Security and
Privacy and a past member of the Advisory Board for the ACM’s Special
Interest Group on Security, Audit, and Control.  He is a Fellow of the IEEE
Computer Society, a Fellow of the Association for Computing Machinery, a past
Editor-in-Chief of the IEEE Transactions on Software Engineering, and a past
Vice President and member of the Board of Governors of the IEEE Computer
Society.  He has also served on the editorial boards of the ACM Computing
Surveys, and the IEEE Security & Privacy magazine. He served on
Microsoft’s Trustworthy Computing Academic Advisory Board (2002-2010) and
on the National Science Foundation’s/CISE Advisory Board (2002-2004).





More information about the Colloq mailing list