Social engineering: The good guys strike back

Undermining the underground by introducing doubt

If you can't beat them, scam them back...or slander them into quitting. That's the approach some researchers at Carnegie Mellon University are suggesting for making it harder for individuals to trade in malware and stolen financial and identity data in the Internet black market.

A lot of the illegal activity that is happening on the Internet these days is readily accessible to absolute newbies as well as to experienced professionals, said Jason Franklin, a doctoral student at CMU's computer science department.

"What used to be a true underground market has emerged more publicly," Franklin said. "It's very easy for anyone to identify forums, chat rooms and other locations where people are trading illicit goods and services of all sorts."

One way to disrupt this booming economy is to make it more unreliable and costly to participate in such transactions, he said, especially for newcomers. The idea is to use slander attacks and other techniques aimed at undermining the verification and reputation system used by cybercrooks, he said.

The suggestion is based on a seven-month study of one underground site by Franklin and three other researchers -- one from CMU, one from the University of California, and another from the International Computer Science Institute. The purpose of the study was to measure and quantify the scope of the illegal activity that was happening on such sites.

During that period, the researchers counted more than 80,000 stolen credit cards and illicit goods worth an estimated US$37 million offered up for sale on the site.

Honor among thieves, sort of

Buyers interested in purchasing such items typically contacted the seller using e-mail or private instant messages, and transactions were paid for using non-bank payment services such as e-Gold. "These markets have a system for assessing how reliable a buyer or a seller is," Franklin said, explaining that trusted third parties that provide a "verified" identity status to buyers or sellers who have established a track record for keeping their end of the bargain in an underground transaction.

In a transaction between a verified seller and an unverified buyer, the buyer pays upfront for the item being transacted before actually receiving it. "It's just a convention," says Franklin. Conversely, he said, "the unverified seller will give you the credit card numbers before you provide payment because there's risk involved."

Typically, buyers and sellers are conferred 'verified' status by the operators of the IRC channel in which they are doing business and are identified by little voice administrator flags against their names. To earn the status, a brand new seller may sometimes distribute stolen card numbers for free to others on the IRC channel to demonstrate his access to such information, Franklin said.

One way to disrupt this setup is to create a deceptive sales environment using a so-called Sybil attack, Franklin said.

A Sybil attack is a way of subverting a reputation system by overwhelming it with numerous forged identities or Sybils. "Since these markets have emerged from the underground, they are allowing anyone" to participate in them, he said. "It is basically trivial to connect multiple times and create multiple IDs," said Franklin, whose team also developed a technique to establish fake verified-status identities that are difficult to distinguish from other verified-status sellers.

The goal is to make it hard for buyers to identify the real verified-status sellers from the fake ones. Using the technique, it is conceivable for someone -- from law enforcement, for instance -- to engage in a transaction as a verified buyer or seller and then not fulfill his side of the deal. Doing this often enough could undermine the credibility of all verified-status identities, especially for newcomers, Franklin said. "This won't disrupt already established relationships, but it will make it harder for newcomers" to establish trust relationships, he said, adding that there may be legal implications that need to be explored before such an attack can be implemented.

Another approach suggested by Franklin and his team are slander attacks against those with genuine verified-status identities. This tactic takes advantage of the primitive processes most illegitimate IRC channels use for handling complaints of false transactions, allowing slanderers to wrongly defame someone. Such defamation could easily be accomplished using Sybils with verified-status identities.

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?