For more than a decade our group has undertaken an "evidence-based" approach to measure, analyze, and undermine various kinds of abuse and cybercrime on the Internet. In this talk I will describe our evidence-based approach and present recent work on two projects looking at site and account compromise from very different perspectives. The first is a broad technique for inferring site compromise from a third-party perspective using honey accounts, and a measurement study that detected 19 site compromises over a year (including an Alexa top-500 site) and our experiences disclosing our findings to these sites. The second is a focused measurement study exploring the retail email account "hack-for-hire" market. Working with Google and posing as buyers, we interacted with 27 blackmarket services, five of which succeeded in attacking synthetic (though realistic) identities we controlled. I will describe the methodologies that attackers used to gain access to victim accounts, estimates of how many victims such services target, and how our results can improve email security. I will end briefly summarizing where our group is headed going forward.
The lead students were Joe DeBlasio and Ariana Mirian, and was joint work with Stefan Savage, Alex Snoeren, and Kurt Thomas.
Geoffrey M. Voelker is a professor at the University of California at San Diego. His research interests include operating systems, computer networking, wireless, and security. He received a B.S. degree in Electrical Engineering and Computer Science from the University of California at Berkeley in 1992, and the M.S. and Ph.D. degrees in Computer Science and Engineering from the University of Washington in 1995 and 2000, respectively.