AdSplit: Separating smartphone advertising from applications

A wide variety of smartphone applications today rely on third-party advertising services, which provide libraries that are linked into the hosting application. This situation is undesirable for both the application author and the advertiser. Advertising libraries require additional permissions, resulting in additional permission requests to users. Likewise, a malicious application could simulate the behavior of the advertising library, forging the user's interaction and effectively stealing money from the advertiser. This paper describes AdSplit, where we extended Android to allow an application and its advertising to run as separate processes, under separate user-ids, eliminating the need for applications to request permissions on behalf of their advertising libraries. We also leverage mechanisms from Quire to allow the remote server to validate the authenticity of client-side behavior. In this paper, we quantify the degree of permission bloat caused by advertising, with a study of thousands of downloaded apps. AdSplit automatically recompiles apps to extract their ad services, and we measure minimal runtime overhead. We also observe that most ad libraries just embed an HTML widget within and describe how AdSplit can be designed with this in mind to avoid any need for ads to have native code

Trademark Vigilance in the Twenty-First Century: An Update

The trademark laws impose a duty upon brand owners to be vigilant in policing their marks, lest they be subject to the defense of laches, a reduced scope of protection, or even death by genericide. Before the millennium, it was relatively manageable for brand owners to police the retail marketplace for infringements and counterfeits. The Internet changed everything. In ways unforeseen, the Internet has unleashed a tremendously damaging cataclysm upon brands—online counterfeiting. It has created a virtual pipeline directly from factories in China to the American consumer shopping from home or work. The very online platforms that make Internet shopping so convenient, and that have enabled brands to expand their sales, have exposed buyers to unwittingly purchasing fake goods which can jeopardize their health and safety as well as brand reputation. This Article updates a 1999 panel discussion titled Trademark Vigilance in the Twenty-First Century, held at Fordham Law School, and explains all the ways in which vigilance has changed since the Internet has become an inescapable feature of everyday life. It provides trademark owners with a road map for monitoring brand abuse online and solutions for taking action against infringers, counterfeiters and others who threaten to undermine brand value

Using Nuisance Telephone Denial of Service to Combat Online Sex Trafficking

Over the past few years, sex trafficking has been linked to online classified ads sites such as Craigslist.com and Backpage.com. However, to date technology-based solutions have not been used to attack classified ad sites or the advertisers. This paper proposes and tests a new approach to combating online sex trafficking promulgated via online classified ad sites - nuisance telephone denial of service (TDoS) attacks on the advertisers. The method of attack is described and implications are discussed

From ZeuS to Zitmo : trends in banking malware

In the crimeware world, financial botnets are a global threat to banking organizations. Such malware purposely performs financial fraud and steals critical information from clients' computers. A common example of banking malware is the ZeuS botnet. Recently, variants of this malware have targeted mobile platforms, as The-ZeuS-in-the-Mobile or Zitmo. With the rise in mobile systems, platform security is becoming a major concern across the mobile world, with rising incidence of compromising Android devices. In similar vein, there have been mobile botnet attacks on iPhones, Blackberry and Symbian devices. In this setting, we report on trends and developments of ZeuS and its variants

The regulation of unsolicited electronic communications (SPAM) in South Africa : a comparative study

The practice of spamming (sending unsolicited electronic communications) has been dubbed “the scourge of the 21st century” affecting different stakeholders. This practice is also credited for not only disrupting electronic communications but also, it overloads electronic systems and creates unnecessary costs for those affected than the ones responsible for sending such communications. In trying to address this issue nations have implemented anti-spam laws to combat the scourge. South Africa not lagging behind, has put in place anti-spam provisions to deal with the scourge. The anti-spam provisions are scattered in pieces of legislation dealing with diverse issues including: consumer protection; direct marketing; credit laws; and electronic transactions and communications. In addition to these provisions, an Amendment Bill to one of these laws and two Bills covering cybercrimes and cyber-security issues have been published. In this thesis, a question is asked on whether the current fragmented anti-spam provisions are adequate in protecting consumers. Whether the overlaps between these pieces of legislation are competent to deal with the ever increasing threats on electronic communications at large. Finally, the question as to whether a multi-faceted approach, which includes a Model Law on spam would be a suitable starting point setting out requirements for the sending of unsolicited electronic communications can be sufficient in protecting consumers. And as spam is not only a national but also a global problem, South Africa needs to look at the option of entering into mutual agreements with other countries and organisations in order to combat spam at a global level.Mercantile LawLL. D

From Revolution of Payments System to Perpetration of Cybercrimes in Nigerian Banks and Against Customers: Is the Nigerian Cybercrimes Act 2015 Relevant?

The evolving nature of the information and communication technology and its effect on the global lives of individuals have consequently revolutionized the manner payments system is currently being undertaken. The difficulties and hardship constituted by the traditional payments system whereby for any cash transaction to be executed, a bank customer was mandated to visit the bank premises and where it has to do with the purchase of goods and services, parties would have to meet physically to transact, partly triggered the payments system in Nigeria from over dependence on cash to adoption of modern electronic alternatives for payments by the Central Bank of Nigeria. Questions have been asked about the legality or otherwise of this transformation from the traditional payments system to the present modern payments system. What nature of challenges has been faced by the introduction of the modern payments system? Unfortunately, these laudable modern payments initiatives in the Nigerian banking industry have been abused by perpetrators of crimes through the instrumentality of the computer and information and communication technology infrastructures. Prevailing crimes like hacking, identity theft, BVN scam, phishing and spamming, card theft, computer related fraud, electronic cards related fraud, email fraud and system interference are presently being perpetrated against the Nigerian banks and their customers. In the light of these, how is the Nigerian Cybercrimes Act 2015 relevant towards the protection of victims of these crimes? Keywords: Cybercrime Law, Payments system, Bank customers, Cybercriminals, Nigerian Cybercrimes Act 2015, Strategies of cybercriminals. DOI: 10.7176/JLPG/88-06 Publication date: August 31st 201

Break on Through: An Analysis of Computer Damage Cases

The following Article is an extensive inquiry into computer damage cases through a comprehensive study of over three hundred computer damage cases. Throughout the study, the authors have performed an empirical categorization of the essential aspects of computer damage cases and analyzed the most relevant issues, interpretations, and arguments available for each computer damage category. These categories include fundamental facets, such as legal elements; motive and intent; results; profile of perpetrators; and means of perpetration, including, if applicable, the software involved. The Article provides a comprehensive analysis and conceptual approach for understanding computer damage cases by discussing the legal elements of computer damage offenses under the CFAA; considering the CFAA’s practical application; discussing the essential features involved in the perpetration of computer damage offenses and profiling the attackers; and summarizing the researchers’ findings

Uncovering Download Fraud Activities in Mobile App Markets

Download fraud is a prevalent threat in mobile App markets, where fraudsters manipulate the number of downloads of Apps via various cheating approaches. Purchased fake downloads can mislead recommendation and search algorithms and further lead to bad user experience in App markets. In this paper, we investigate download fraud problem based on a company's App Market, which is one of the most popular Android App markets. We release a honeypot App on the App Market and purchase fake downloads from fraudster agents to track fraud activities in the wild. Based on our interaction with the fraudsters, we categorize download fraud activities into three types according to their intentions: boosting front end downloads, optimizing App search ranking, and enhancing user acquisition&retention rate. For the download fraud aimed at optimizing App search ranking, we select, evaluate, and validate several features in identifying fake downloads based on billions of download data. To get a comprehensive understanding of download fraud, we further gather stances of App marketers, fraudster agencies, and market operators on download fraud. The followed analysis and suggestions shed light on the ways to mitigate download fraud in App markets and other social platforms. To the best of our knowledge, this is the first work that investigates the download fraud problem in mobile App markets.Comment: Published as a conference paper in IEEE/ACM ASONAM 201

Cybercrime: a theoretical overview of the growing digital threat

This theoretical paper is published by the EUCPN Secretariat in connection with the theme of the Luxembourgian presidency which was cybercrime. Cybercrime is a global definition which characterizes many different criminal forms committed in the virtual world. This means the phenomenon covers a very wide scope of activities. This theoretical paper is written as an overview to help understand the definition of cybercrime and its forms. We concentrate on the variety of consequences as a result of the phenomenon. Moreover, this paper also has attention to the current European law and legislative actions against cybercrime