Printed from www.pcpro.co.uk
Researchers investigate "internet black markets"
Posted on 17 Oct 2007 at 15:48
Carnegie Mellon researchers have identified a number of "internet black markets", where attackers sell viruses and stolen data to the highest bidder.
The researchers monitored the underground markets for more than seven months, and developed automated techniques to catalogue the activities of criminals who profit from spam, viruses and identity theft.
"These troublesome entrepreneurs even offer tech support and free updates for their malicious creations that run the gamut from denial of service attacks designed to overwhelm websites and servers to data stealing Trojan viruses," says Adrian Perrig, an associate professor of electrical and computer engineering at Carnegie Mellon University.
According to the team, a buyer will typically contact the black market vendor privately using email, or private instant message. Money then generally changes hands through non-bank payment services such as e-gold, making the criminals difficult to track.
In total the team says that 80,000 credit card numbers were offered for sale online in the seven month experiment, and estimates that the total value of illegal materials on offer in that same period was more than $37 million.
Intriguingly, the team suggest that the best way to deal with these black markets might be to undermine the seller's reputation, making buyers unsure of who to trust.
"Just like you need to verify that individuals are honest on Ebay, online criminals need to verify that they are dealing with 'honest' criminals," says Jason Franklin, a Carnegie Mellon researcher.
"By eliminating the verified status of the honest individuals, an attacker establishes a lemon market where buyers are unable to distinguish the quality of the goods or services."
One technique for doing this suggested by the team involves posing as a seller, but then not providing the service once payment has been made. By doing this, the researchers believe that the reputation of the market as a whole can be undermined.
"Such behaviour is known as 'ripping.' And it is the goal of all black market site's verification systems to minimise such behaviour," says Franklin.
Author: Matthew Sparkes
advertisement
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Microsoft Office 2010 screenshots: Recover unsaved items
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- AVG Internet Security 8
- BullGuard Internet Security 8.5
- SMC ADSL2 Barricade-N Pro
advertisement
