Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

Digital Architecture as Crime Control

This paper explains how theories of realspace architecture inform the prevention of computer crime. Despite the prevalence of the metaphor, architects in realspace and cyberspace have not talked to one another. There is a dearth of literature about digital architecture and crime altogether, and the realspace architectural literature on crime prevention is often far too soft for many software engineers. This paper will suggest the broad brushstrokes of potential design solutions to cybercrime, and in the course of so doing, will pose severe criticisms of the White House\u27s recent proposals on cybersecurity. The paper begins by introducing four concepts of realspace crime prevention through architecture. Design should: (1) create opportunities for natural surveillance, meaning its visibility and susceptibility to monitoring by residents, neighbors, and bystanders; (2) instill a sense of territoriality so that residents develop proprietary attitudes and outsiders feel deterred from entering a private space; (3) build communities and avoid social isolation; and (4) protect targets of crime. There are digital analogues to each goal. Natural-surveillance principles suggest new virtues of open-source platforms, such as Linux, and territoriality outlines a strong case for moving away from digital anonymity towards psuedonymity. The goal of building communities will similarly expose some new advantages for the original, and now eroding, end-to-end design of the Internet. An understanding of architecture and target prevention will illuminate why firewalls at end points will more effectively guarantee security than will attempts to bundle security into the architecture of the Net. And, in total, these architectural lessons will help us chart an alternative course to the federal government\u27s tepid approach to computer crime. By leaving the bulk of crime prevention to market forces, the government will encourage private barricades to develop - the equivalent of digital gated communities - with terrible consequences for the Net in general and interconnectivity in particular

Pervasively Distributed Copyright Enforcement

In an effort to control flows of unauthorized information, the major copyright industries are pursuing a range of strategies designed to distribute copyright enforcement functions across a wide range of actors and to embed these functions within communications networks, protocols, and devices. Some of these strategies have received considerable academic and public scrutiny, but much less attention has been paid to the ways in which all of them overlap and intersect with one another. This article offers a framework for theorizing this process. The distributed extension of intellectual property enforcement into private spaces and throughout communications networks can be understood as a new, hybrid species of disciplinary regime that locates the justification for its pervasive reach in a permanent state of crisis. This hybrid regime derives its force neither primarily from centralized authority nor primarily from decentralized, internalized norms, but instead from a set of coordinated processes for authorizing flows of information. Although the success of this project is not yet assured, its odds of success are by no means remote as skeptics have suggested. Power to implement crisis management in the decentralized marketplace for digital content arises from a confluence of private and public interests and is amplified by the dynamics of technical standards processes. The emergent regime of pervasively distributed copyright enforcement has profound implications for the production of the networked information society