Scripting the crime commission process in the illicit online prescription drug trade

This paper considers the processes in the illicit online prescription drug trade, namely search-redirection attacks and the operation of unlicensed pharmacies using crime script analysis. Empirical data have been used to describe the salient elements of the online criminal infrastructures and associated monetization paths enabling criminal profitability. This analysis reveals the existence of structural chokepoints: components of online criminal operations being limited in number, and critical for the operations’ profitability. Consequently, interventions targeting such components can reduce the opportunities and incentives to engage in online crime through an increase in criminal operational costs, and in the risk of apprehension.This work was supported by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHSS&T/CSD) Broad Agency Announcement 11.02; the Government of Australia; and SPAWAR Systems Center Pacific [contract number N66001-13-C-0131]. The opinions, findings, and conclusions or recommendations expressed are those of the authors and do not reflect those of the aforementioned agencies.This is the final version of the article. It first appeared from Oxford University Press via http://dx.doi.org/10.1093/cybsec/tyv00

Bridging Information Security and Environmental Criminology Research to Better Mitigate Cybercrime

Cybercrime is a complex phenomenon that spans both technical and human aspects. As such, two disjoint areas have been studying the problem from separate angles: the information security community and the environmental criminology one. Despite the large body of work produced by these communities in the past years, the two research efforts have largely remained disjoint, with researchers on one side not benefitting from the advancements proposed by the other. In this paper, we argue that it would be beneficial for the information security community to look at the theories and systematic frameworks developed in environmental criminology to develop better mitigations against cybercrime. To this end, we provide an overview of the research from environmental criminology and how it has been applied to cybercrime. We then survey some of the research proposed in the information security domain, drawing explicit parallels between the proposed mitigations and environmental criminology theories, and presenting some examples of new mitigations against cybercrime. Finally, we discuss the concept of cyberplaces and propose a framework in order to define them. We discuss this as a potential research direction, taking into account both fields of research, in the hope of broadening interdisciplinary efforts in cybercrime researc

Remedying Security Concerns at an Internet Scale

The state of security across the Internet is poor, and it has been so since the advent of the modern Internet. While the research community has made tremendous progress over the years in learning how to design and build secure computer systems, network protocols, and algorithms, we are far from a world where we can truly trust the security of deployed Internet systems. In reality, we may never reach such a world. Security concerns continue to be identified at scale through-out the software ecosystem, with thousands of vulnerabilities discovered each year. Meanwhile, attacks have become ever more frequent and consequential.As Internet systems will continue to be inevitably affected by newly found security concerns, the research community must develop more effective ways to remedy these issues. To that end, in this dissertation, we conduct extensive empirical measurements to understand how remediation occurs in practice for Internet systems, and explore methods for spurring improved remediation behavior. This dissertation provides a treatment of the complete remediation life cycle, investigating the creation, dissemination, and deployment of remedies. We start by focusing on security patches that address vulnerabilities, and analyze at scale their creation process, characteristics of the resulting fixes, and how these impact vulnerability remediation. We then investigate and systematize how administrators of Internet systems deploy software updates which patch vulnerabilities across the many machines they manage on behalf of organizations. Finally, we conduct the first systematic exploration of Internet-scale outreach efforts to disseminate information about security concerns and their remedies to system administrators, with an aim of driving their remediation decisions. Our results show that such outreach campaigns can effectively galvanize positive reactions.Improving remediation, particularly at scale, is challenging, as the problem space exhibits many dimensions beyond traditional computer technical considerations, including human, social, organizational, economic, and policy facets. To make meaningful progress, this work uses a diversity of empirical methods, from software data mining to user studies to Internet-wide network measurements, to systematically collect and evaluate large-scale datasets. Ultimately, this dissertation establishes broad empirical grounding on security remediation in practice today, as well as new approaches for improved remediation at an Internet scale

Computer Science 2019 APR Self-Study & Documents

UNM Computer Science APR self-study report and review team report for Spring 2019, fulfilling requirements of the Higher Learning Commission

Prévention des attaques par logiciels malveillants: perspectives de la santé publique

L’augmentation de la connectivité et du développement des infrastructures numériques a contribué à multiplier les motivations et les opportunités des attaques informatiques. Bien que plusieurs progrès aient été réalisés au niveau du développement et de l’implémentation de stratégies de protection, la majorité de ces efforts sont dédiés au développement de nouvelles solutions, et non à leur évaluation et leur promotion. Il devient dès lors essentiel pour les gouvernements, les entreprises, et les individus de définir des modèles et des moyens de coopération permettant d’identifier et d’évaluer les stratégies visant à réduire le risque que posent les menaces informatiques. À cet effet, le domaine de la sécurité des systèmes d’information pourrait bénéficier des leçons apprises et des méthodes utilisées dans le domaine de la santé. En particulier, nous croyons que l’adoption d’une perspective axée sur l’approche de la santé publique permettrait de founir un cadre global pour i) identifier les facteurs qui affectent la sécurité des systèmes d’information et en comprendre les causes sous-jacentes, ii) développer et évaluer des stratégies efficaces visant à améliorer la sécurité des systèmes d’information, et iii) implémenter et disséminer auprès de la population les stratégies développées. Dans le cadre de la présente thèse, nous proposons de nous inspirer des méthodes en santé publique pour développer un modèle de prévention applicable au contexte des attaques par logiciels malveillants. Notamment, nous appliquons notre modèle de prévention afin d’identifier les causes et les corrélats reliés aux attaques par logiciels malveillants, et d’évaluer l’efficacité réelle des solutions antivirus à prévenir ces attaques. À partir de données réelles d’attaques par logiciels malveillants, nous avons réalisé cinq études empiriques ; trois visant à identifier des facteurs de risque et des facteurs de protection, et deux visant à évaluer l’efficacité des antivirus dans un environnement réel. Les résultats de nos travaux de recherche ont, entre autres, permis : i) d’identifier de nouveaux facteurs de risque et de protection reliés aux attaques par logiciels malveillants, ii) d’identifier des sous-populations à risque plus élevé, et iii) de mettre en évidence comment l’effet des facteurs identifiés et des solutions antivirus varie selon le contexte (type de menace, environnement, usager, etc.). Qui plus est, la présente thèse a permis de valider la viabilité et le potentiel d’une approche basée sur la santé publique en sécurité des systèmes d’information.----------ABSTRACT: The increased connectivity and development of digital infrastructures has yielded to increased motivation and opportunities for computer threats. Although there has been some progress in the development and implementation of protection strategies, the majority of these efforts are dedicated to the development of new solutions, and not to their evaluation and promotion. It is therefore essential for governments, businesses, and individuals to develop models and means of cooperation in order to identify and evaluate effective strategies aimed at reducing the risk posed by computer threats. To this end, the field of information security could benefit from lessons learned and methods used in health. In particular, we believe that adopting a public health perspective could provide a comprehensive framework for i) identifying and understanding the factors that affect the information systems security and understand their underlying causes, ii) develop and evaluate effective strategies to improve the security of information systems, and iii) implement and disseminate the strategies developed to the population. In this thesis, we propose to use public health methods to develop a prevention model for the context of malware attacks. In particular, we apply our prevention model to identify the causes and correlates of malware attacks, and evaluate the effectiveness of antivirus solutions in preventing computer threats. Using real-world malware attacks data, we conducted five empirical studies ; three to identify risk factors and protective factors, and two to assess the effectiveness of antivirus in a real-world environment. The results of our research allowed us, among others, to : i) identify new risk and protective factors related to malware attacks, ii) identify high-risk sub-populations, and iii) highlight how the effect of the identified factors and antivirus solutions vary by context (type of threat, environment, user, etc.). In addition, this thesis validated the viability and potential of a public health approach to information security

Identifying Risk Factors for Webserver Compromise

Abstract. We describe a case-control study to identify risk factors that are asso-ciated with higher rates of webserver compromise. We inspect a random sample of around 200 000 webservers and automatically identify attributes hypothesized to affect the susceptibility to compromise, notably content management system (CMS) and webserver type. We then cross-list this information with data on web-servers hacked to serve phishing pages or redirect to unlicensed online pharma-cies. We find that webservers running WordPress and Joomla are more likely to be hacked than those not running any CMS, and that servers running Apache and Nginx are more likely to be hacked than those running Microsoft IIS. Further-more, using a series of logistic regressions, we find that a CMS’s market share is positively correlated with website compromise. Finally, we examine the link be-tween webservers running outdated software and being compromised. Contrary to conventional wisdom, we find that servers running outdated versions of Word-Press (the most popular CMS platform) are less likely to be hacked than those running more recent versions. We present evidence that this may be explained by the low install base of outdated software

Replication data for: Identifying Risk Factors for Webserver Compromise

We describe a case-control study to identify risk factors that are associated with higher rates of webserver compromise. We inspect a random sample of around 200,000 webservers and automatically identify attributes hypothesized to affect the susceptibility to compromise, notably content management system (CMS) and webserver type. We then cross-list this information with data on webservers hacked to serve phishing pages or redirect to unlicensed online pharmacies. We find that webservers running WordPress and Joomla are more likely to be hacked than those not running any CMS, and that servers running Apache and Nginx are more likely to be hacked than those running Microsoft IIS. Furthermore, using a series of logistic regressions, we find that a CMS's market share is positively correlated with website compromise. Finally, we examine the link between webservers running outdated software and being compromised. Contrary to conventional wisdom, we find that servers running outdated versions of WordPress (the most popular CMS platform) are less likely to be hacked than those running more recent versions. We present evidence that this may be explained by the low install base of outdated software