Today, the large-scale compromise of Internet hosts serves as a platform for supporting a range of criminal activity in the so-called Internet underground economy. In this talk I will quickly survey work that our group has performed over the past decade on the problems posed by these threats, and then highlight two recent projects.
First I will describe a methodology for measuring the conversion rate of spam. Spam has become the de facto delivery mechanism for a range of criminal endeavors, including phishing, securities manipulation, identity theft, and malware distribution. The "conversion rate" of spam -- the probability that it will ultimately elicit a "sale" --underlies the entire spam value proposition. Using a parasitic infiltration of an existing botnet, we analyzed two spam campaigns: one propagating a malware Trojan, the other marketing online pharmaceuticals. For over 240 million spam e-mails we identify the number that are successfully delivered, the number that pass through popular anti-spam filters, the number that elicit user visits to the advertised site, and the number of "sales" produced.
Second I will describe an in-depth study of the behavior and dynamics of CAPTCHA-solving service providers, their price performance, and the underlying labor markets driving this economy. CAPTCHAs have become an ubiquitous defense used to protect open Web resources from being exploited at scale. An effective CAPTCHA resists existing mechanistic software solving, yet can be solved with high probability by a human being. In response, a robust solving ecosystem has emerged, much of which uses human labor to sidestep the underlying assumptions of this defense. Thus, the effectiveness of CAPTCHAs can increasingly be understood and evaluated in purely economic terms: the market price of a solution vs. the value of the asset being protected.
This work is in collaboration with Brandon Enright, Chris Kanich, Christian Kreibich (ICSI), Kirill Levchenko, Damon McCoy, Marti Motoyama, Vern Paxson (ICSI/Berkeley), and Stefan Savage. It is part of a larger effort within the Collaborative Center for Internet Epidemiology and Defenses (CCIED), a joint NSF Cybertrust Center with UCSD and ICSI (http://www.ccied.org) and ONR MURI collaboration (http://www.sysnet.ucsd.edu/botnets/).
Pizza will be served at this talk.
Geoffrey M. Voelker is a Professor at the University of California at San Diego. His research interests include operating systems, distributed systems, and computer networks. He received a B.S. degree in Electrical Engineering and Computer Science from the University of California at Berkeley in 1992, and the M.S. and Ph.D. degrees in Computer Science and Engineering from the University of Washington in 1995 and 2000, respectively.