Economic Factors of Vulnerability Trade and Exploitation

Cybercrime markets support the development and diffusion of new attack technologies, vulnerability exploits, and malware. Whereas the revenue streams of cyber attackers have been studied multiple times in the literature, no quantitative account currently exists on the economics of attack acquisition and deployment. Yet, this understanding is critical to characterize the production of (traded) exploits, the economy that drives it, and its effects on the overall attack scenario. In this paper we provide an empirical investigation of the economics of vulnerability exploitation, and the effects of market factors on likelihood of exploit. Our data is collected first-handedly from a prominent Russian cybercrime market where the trading of the most active attack tools reported by the security industry happens. Our findings reveal that exploits in the underground are priced similarly or above vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle of exploits is slower than currently often assumed. On the other hand, cybercriminals are becoming faster at introducing selected vulnerabilities, and the market is in clear expansion both in terms of players, traded exploits, and exploit pricing. We then evaluate the effects of these market variables on likelihood of attack realization, and find strong evidence of the correlation between market activity and exploit deployment. We discuss implications on vulnerability metrics, economics, and exploit measurement.Comment: 17 pages, 11 figures, 14 table

Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions

Current threat models typically consider all possible ways an attacker can penetrate a system and assign probabilities to each path according to some metric (e.g. time-to-compromise). In this paper we discuss how this view hinders the realness of both technical (e.g. attack graphs) and strategic (e.g. game theory) approaches of current threat modeling, and propose to steer away by looking more carefully at attack characteristics and attacker environment. We use a toy threat model for ICS attacks to show how a realistic view of attack instances can emerge from a simple analysis of attack phases and attacker limitations.Comment: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defens

Baseline Review of the Status and Management of the Caribbean Spiny Lobster Fisheries in the Caricom Region

This report provides a review of the status and management of the Caribbean Spiny Lobster Fisheries in the CARICOM region. It provides a general overview of the habitat requirements and threats to survival of this lobster, along with the distribution and population in each country with Caribbean Spiny Lobster Fisheries. Each country's domestic use, international trade, and conservation and management measures are also reviewed

Climate Science: Is it currently designed to answer questions?

For a variety of inter-related cultural, organizational, and political reasons, progress in climate science and the actual solution of scientific problems in this field have moved at a much slower rate than would normally be possible. Not all these factors are unique to climate science, but the heavy influence of politics has served to amplify the role of the other factors. Such factors as the change in the scientific paradigm from a dialectic opposition between theory and observation to an emphasis on simulation and observational programs, the inordinate growth of administration in universities and the consequent increase in importance of grant overhead, and the hierarchical nature of formal scientific organizations are cosidered. This paper will deal with the origin of the cultural changes and with specific examples of the operation and interaction of these factors. In particular, we will show how political bodies act to control scientific institutions, how scientists adjust both data and even theory to accommodate politically correct positions, and how opposition to these positions is disposed of.Comment: 36 pages, no figures. v2: footnotes 16, 19, 20 added, footnote 17 changed, typos corrected. v3: description of John Holdren corrected, expanded discussion of I=PAT formula, typos corrected. v4: The reference to Deming (2005) added in v3 stated that a 1995 email in question was from Jonathan Overpeck. In fact, Deming had left the sender of the email unnamed. The revision v4 now omits the identification of Overpeck. However, the revision v4 now includes a more recent and verifiable reference to a 2005 emai

Coastal hunter-gatherers and social evolution: marginal or central?

General accounts of global trends in world prehistory are dominated by narratives of conquest on land: scavenging and hunting of land mammals, migration over land bridges and colonisation of new continents, gathering of plants, domestication, cultivation, and ultimately sustained population growth founded on agricultural surplus. Marine and aquatic resources fit uneasily into this sequence of social and economic development, and societies strongly dependent on them have often been regarded as relatively late in the sequence, geographically marginal or anomalous. We consider the biases and preconceptions of the ethnographic and archaeological records that have contributed to this view of marginality and examine some current issues focusing on the role of marine resources at the Mesolithic-Neolithic transition of northwest Europe. We suggest that pre-existing conventions should be critically re-examined, that coastlines may have played a more significant, widespread and persistent role as zones of attraction for human dispersal, population growth and social interaction than is commonly recognised, and that this has been obscured by hunter-gatherer and farmer stereotypes of prehistoric economies

The Face of Extinction: Are Charismatic Species More Vulnerable To Endangerment?

Conservationists have suggested extinction is non-random; some species are more prone to extinction than others. Multiple traits (e.g., large bodied, long-lived, slow-reproducing, migratory, habitat and/or dietary specialists) have been cited as contributing to the endangerment of species. Due to global anthropogenic demand for wild species (e.g., sport, trade, fashion, medicine, religion, food), I propose charisma as an additional trait of endangerment. This predicts charismatic species are more often targets of direct exploitation than less charismatic species, and that global demand will continue to increase with world population and development. These species represent our most iconic and animated organisms. I quantified charisma through color, ornamentation, and vocalizations in 1609 Old and New World species of passerine and psittaciform birds; this represents approximately 1/6 of all extant avian species worldwide. Color and ornamentation correlate significantly with both exploitation and endangerment, while melodious song, occurring only in passerines, correlates significantly with endangerment only. Mimicry did not appear to have an effect on either exploitation or endangerment. Additionally, an increase in number of variables (e.g., color, ornamentation, mimicry, song), number of colors, and proportion of color increased exploitation and endangerment overall. These charismatic traits, which also represent the exaggerated traits resulting from sexual selection, have been hypothesized as potential contributors to speciation. I propose overexploitation is removing charismatic species from the Earth’s biota as well as negatively influencing speciation rates, thereby accelerating homogenization of global biodiversity. This study might be valuable in identification of species that are potential targets of exploitation, and suggests a need for conservation of charismatic species in the future

Hacker Combat: A Competitive Sport from Programmatic Dueling & Cyberwarfare

The history of humanhood has included competitive activities of many different forms. Sports have offered many benefits beyond that of entertainment. At the time of this article, there exists not a competitive ecosystem for cyber security beyond that of conventional capture the flag competitions, and the like. This paper introduces a competitive framework with a foundation on computer science, and hacking. This proposed competitive landscape encompasses the ideas underlying information security, software engineering, and cyber warfare. We also demonstrate the opportunity to rank, score, & categorize actionable skill levels into tiers of capability. Physiological metrics are analyzed from participants during gameplay. These analyses provide support regarding the intricacies required for competitive play, and analysis of play. We use these intricacies to build a case for an organized competitive ecosystem. Using previous player behavior from gameplay, we also demonstrate the generation of an artificial agent purposed with gameplay at a competitive level