CSE 291: Internet Crime


Class blog

Sep 30 Intro
The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond, DHS, SRI and APWG Report, October 2006.

Guillaume Lovet, Dirty Money on the Wires: Business Models of Cyber Criminals, Virus Bulletin Conference, 2006. (See also talk. Let me know if you can get it to work)

Kim Zetter, I was a Cybercrook for the FBI, Wired Magazine, January 2007.

Oct 2
A Pretty Kettle of Phish, ESET Whitepaper, June 2007.

Tyler Moore and Richard Clayton, Examining the Impact of Website Take-down on Phishing, APWG eCrime Researchers Summit, October 2007. (earlier version can be found as: Tyler Moore and Richard Clayton, An Empirical Analysis of the Current State of Phishing Attack and Defence, Workshop on the Economics of Information Security (WEIS), June 2007.

Yue Zhang, Serge Egelman, Lorrie Cranor, and Jason Hong, Phinding Phish: Evaluating Anti-Phishing Tools, Network and Distributed Systems Security Symposium (NDSS), February 2007.

Rhiannon Weaver and M. Patrick Collins, Fishing for Phishes: Applying Capture-Recapture Methods to Estimate Phishing Populations, APWG eCrime Researchers Summit, October 2007.

D. Kevin McGrath and Minaxi Gupta, Behind Phishing: An Examination of Phisher Modi Operandi, Workshop on Large-scale Exploits and Emergent Threats (LEET), April 2008.

John Brozycki, Phish Feeding: An Active Response to Phishing Campaigns, SANS talk, unknown date.

Oct 7
Phishing and Privacy: Human Factors
Rachna Dhamija, Doug Tygar and Marti Hearst, Why Phishing Works, Conference on Human Factors in Computing Systems (CHI), 2006.

Julie S. Downs, Mandy Holbrook and Lorrie Faith Cranor, Behavioral Response to Phishing Risk, APWG eCrime Researchers Summit, October 2007.

Janice Tsai, Serge Egelman, Lorrie Cranor, Alessandro Acquisti, The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study, Workshop on the Economics of Information Security (WEIS), June 2007.

Tom Jagatic, Nathaniel Johnson, Markus Jakobsson, and Filippo Menczer, Social PhishingSocial Phishing, preprint of 2007 CACM article.

Stuart Schecter, Rachna Dhamija, Andy OZment and Ion Fischer, The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies, IEEE Symposium on Security and Privacy, May 2007.

Min Wu, Robert C. Miller, Simson L. Garfinkel, Do Security Toolbars Actually Prevent Phishing Attacks?", Conference on Human Factors in Computing Systems (CHI), 2006.

Julie S. Downs, Mandy Holbrook and Lorrie Faith Cranor, Decision Strategies and Susceptibility to Phishing, Symposium on Usable Privacy and Security (SOUPS), July 2006.

Ponnurangam Kumaraguru, Yong Rhee, Steve Sheng, Sharique Hasan, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, Getting Users to Pay Attention to Anti-Phishing Education: Evaluation of Retention and Transfer, APWG eCrime Researchers Summit, October 2007.

Jens Grossklags and Alesandro Acquisti, When 25 Cents is too much: An Experiment on Willingness-To-Sell and Willingness-To-Protect Personal Information, Workshop on the Economics of Information Security (WEIS), June 2007.

Oct 9
Spyware Infostealers
Alex Moshchuk, Tanya Bragin, Steve Gribble and Hank Levy. A Crawler-based Study of Spyware in the Web, NDSS, Feb 2006.

Mika Stahlberg, The Trojan Money Spinner, Virus Bulletin Conference, September 2007.

Scott Berinato, Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy, CIO Magazine, Oct 2007. Read whole series

Lance James, Phishing Exposed (chapter 1), Only need to read pages 22-24

Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu, The Ghost In The Browser Analysis of Web-based Malware, HotBots, April 2007.

Jeff Williams, I Know What You Did Last Logon -- Monitoring Software, Spyware and Privacy, Virus Bulletin Conference, October 2006.

Secure Science Corporation and Michael Ligh, [Prg]Malware Case Study, Secure Science Whitepaper, November 2006.

Oct 14
Carding and cashout

Please register with the Class blog.

Kimberly Kiefer Peretti, Data Breaches: What the Underground World of Carding Reveals, Santa Clara Computer and High Technology Journal (vol 25), May 2008.

iDefense, Money Mules: Sophisticated Global Cyber Criminal Operations, iDefense White Paper, 2006.

Optional (but you really won't want to miss these they're great!)

TJ Maxx case summarized in blogs (with links to associate indictments which can be fascinating):

Collyer, USA v E-Gold LTD Indictment, April 2007.

Michael Dahn, Where does all the data go? - Hacker Underground, June 2008. (particularly check out the comments from Uncle Bob, reputedly an alias for David Thomas (aka El Mariachi)).

Oct 16
Spam infrastructure (Geoff Voelker guest interlocutor)
Anirudh Ramachandran and Nick Feamster, Understanding the Network Behavior of Spammers, ACM SIGCOMM, Sept 2006.

David S. Anderson, Chris Fleizach, Stefan Savage, Geoffrey M. Voelker, Spamscatter: Characterizing Internet Scam Hosting Infrastructure, USENIX Security, Aug 2007.

Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov, Spamming Botnets: Signatures and Characteristics, ACM SIGCOMM, Aug 2008.


Oct 21
David Aucsmith, Microsoft
What we know, how we know what we know, and what we do with the information
Oct 23
Click and SEO fraud
Grow, Elgin and Herbst, Click Fraud: The dark side of online advertising, Business Week, October, 2006.

Alexander Tuzhilin, The Lane's Gifts v. Google Report, Expert Witness report, Jul 2006.

Wang, Ma, Niu and Chen Spam Double-Funnel: Connecting Web Spammers with Advertisers, WWW 2007.


Google, How Fictitious Clicks Occur in Third-Party Click Fraud Audit Reports, August 2006.

Jansen and Mullen, Sponsored search: an overview of the concept, history, and technology, International Journal of Electronic Business, v6n2, 2008.

Oct 28
Tentatively Cancelled: Stefan at CCS

Start finalizing project ideas. Here are a few (from class slides): Phising site detection via logo matching (taken)
Measuring site "cloaking"
Literature review of MC/Visa transaction security
Human factors experiments on phishing (e.g., relative importance of envelope context vs link info vs site appearance)
Spam domain characterization (mine spam domains via uribl and charaterize whois/ns data, lifetimes, etc)
Overlap between blacklist feeds
Bulid software to "feed" data to form grabber spyware (honeytokens)
Investigate HYIP fraud and report on it
Document and explain "wholesale" traffic delivery business (e.g. www.trafficdeliver.com, mediatraffic.com, etc) and the Pay-to-Click, Pay-to-Read business.
See if you can detect vote fraud in YouTube (ala youtube automator)
Do something interesting to analyze Blogspam
Get a copy of PRStorm and explain how/why it works

Oct 30
Tentatively Cancelled: Stefan at CCS
Nov 4
Takedowns and Deterrence
Moore and Clayton, The Impact of Incentives on Notice and Take-down, Workshop on the Economics of Information Security, 2008.

Moore and Clayton, The Consequence of Non-Cooperation in the Fight Against Phishing, APWG ECrime Researcher Summit, 2008.

Nov 6
Mitch Dembin, Assistant US Attorney and Cybercrime Coordinator
Nov 11
Cancelled: Veterans Day
Nov 13
Cancelled: Stefan at UW
Nov 18
Vulnerability Markets
Sutton and Nagel, Emerging Economic Models for Vulnerability Research, Workshop on the Economics of Information Security, 2006.

Miller, The Legitimate Vulnerability Market: Inside the Secretive World of 0-day Exploit Sales, Workshop on the Economics of Information Security, 2007.

Penenberg, The Black Market Code Industry, Fast Company, 2008.

Endler, Remembering five years of vulnerability markets, ZDNet Blog, 2007.

Nov 20
Auction Fraud
Calkins, Nikitkov and Richardsonl, Mineshafts on Treasure Island: A Relief Map of the eBay Fraud Landscape, Journal of Technology Law and Policy, Fall 2007.

Rubin et al, An Auctioning Reputation System Based on Anomaly Detection, ACM CCS, 2005.

Richling, Effects of Reputation Mechanisms on Fraud Prevention in eBay Auctions, Stanford honors thesis, 2004.

Wahab, E-Commerce and Internet Auction Fraud: The E-Bay Community Model, Computer Crime Research Center article, 2004.

Nov 25
Stock spam
Frieder and Zittrain, Spam Works: Evidence from Stock touts and Corresponding Market Activity, working paper, March 2007.

Hanke and Hauser, On the Effects of Stock Spam E-mails, working paper (later version published in the Journal of Financial Markets, 11(1), February 2008.

Bohme and Holz, The Effect of Stock Spam on Financial Markets, working paper (also published in WEIS 2006), April 2006.

Nov 27
Cancelled: Thanksgiving
Dec 2
Dan Hubbard, Websense
Dec 4
The bad guys
Russian Business Network (skim)

Burrell, Telling Stories of Internet Fraud, working paper, 2008.

Interviews (read at least two, please don't all just read the first two)

Dec 11
1pm in 4217. Project presentations