DOCSLIB.ORG

Battling the Internet Water Army: Detection of Hidden Paid Posters

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Battling the Internet Water Army: Detection of Hidden Paid Posters Cheng Chen Kui Wu Venkatesh Srinivasan Xudong Zhang Dept. of Computer Science Dept. of Computer Science Dept. of Computer Science Dept. of Computer Science University of Victoria University of Victoria University of Victoria Peking University Victoria, BC, Canada Victoria, BC, Canada Victoria, BC, Canada Beijing, China Abstract—We initiate a systematic study to help distinguish on different online communities and websites. Companies are a special group of online users, called hidden paid posters, or always interested in effective strategies to attract public atten- termed “Internet water army” in China, from the legitimate tion towards their products. The idea of online paid posters ones. On the Internet, the paid posters represent a new type of online job opportunity. They get paid for posting comments is similar to word-of-mouth advertisement. If a company hires and new threads or articles on different online communities enough online users, it would be able to create hot and trending and websites for some hidden purposes, e.g., to influence the topics designed to gain popularity. Furthermore, the articles opinion of other people towards certain social events or business or comments from a group of paid posters are also likely markets. Though an interesting strategy in business marketing, to capture the attention of common users and influence their paid posters may create a significant negative effect on the online communities, since the information from paid posters is usually decision. In this way, online paid posters present a powerful not trustworthy. When two competitive companies hire paid and efficient strategy for companies. To give one example, posters to post fake news or negative comments about each other, before a new TV show is broadcast, the host company might normal online users may feel overwhelmed and find it difficult to hire paid posters to initiate many discussions on the actors or put any trust in the information they acquire from the Internet. actresses of the show. The content could be either positive or In this paper, we thoroughly investigate the behavioral pattern of online paid posters based on real-world trace data. We design negative, since the main goal is to attract attention and trigger and validate a new detection mechanism, using both non-semantic curiosity. analysis and semantic analysis, to identify potential online paid We would like to remark here that the use of paid posters posters. Our test results with real-world datasets show a very extends well beyond China. According to a recent news promising performance. report in the Guardian [9], the US military and a private Index Terms—Online Paid Posters, Behavioral Patterns, De- tection corporation are developing a specific software that can be used to post information on social media websites using fake online identifications. The objective is to speed up the distribution of I. INTRODUCTION pro-American propaganda. We believe that it would encourage According to China Internet Network Information Center other companies and organizations to take the same strategy to (CNNIC) [6], there are currently around 457 million Internet disseminate information on the Internet, leading to a serious users in China, which is approximately 35% of its total problem of spamming. population. In addition, the number of active websites in China However, the consequences of using online paid posters are is over 1:91 million. The unprecedented development of the yet to be seriously investigated. While online paid posters Internet in China has encouraged people and companies to can be used as an efficient business strategy in marketing, arXiv:1111.4297v1 [cs.SI] 18 Nov 2011 take advantage of the unique opportunities it offers. One core they can also act in some malicious ways. Since the laws issue is how to make use of the huge online human resource to and supervision mechanisms for Internet marketing are still make the information diffusion process more efficient. Among not mature in many countries, it is possible to spread wrong, the many approaches to e-marketing [4], we focus on online negative information about competitors without any penalties. paid posters used extensively in practice. For example, two competitive companies or campaigning Working as an online paid poster is a rapidly growing job parties might hire paid posters to post fake, negative news or opportunity for many online users, mainly college students information about each other. Obviously, ordinary online users and the unemployed people. These paid posters are referred may be misled, and it is painful for the website administrators to as the “Internet water army” in China because of the to differentiate paid posters from the legitimate ones. Hence, large number of people who are well organized to “flood” it is necessary to design schemes to help normal users, the Internet with purposeful comments and articles. This new administrators, or even law enforcers quickly identify potential type of occupation originates from Internet marketing, and it paid posters. has become popular with the fast expansion of the Internet. Despite the broad use of paid posters and the damage they Often hired by public relationship (PR) companies, online have already caused, it is unfortunate that there is currently no paid posters earn money by posting comments and articles systematic study to solve the problem. This is largely because 2 online paid posters mostly work “underground” and no public Example 2: On July 17, 2009, a Chinese IT company Qihu data is available to study their behavior. Our paper is the first 360, also known as 360 for short, released a free anti-virus work that tackles the challenges of detecting potential paid software and claimed that they would provide permanent anti- posters. We make the following contributions. virus service for free. This immediately made 360 a super 1) By working as a paid poster and following the in- star in anti-virus software market in China. Nevertheless, on structions given from the hiring company, we identify July 29 an article titled “Confessions from a retired employee and confirm the organizational structure of online paid of 360” appeared in different websites. This article revealed posters similar to what has been disclosed before [17]. some inside information about 360 and claimed that this 2) We collect real-world data from popular websites regard- company was secretly collecting users’ private data. The links ing a famous social event, in which we believe there are to this post on different websites quickly attracted hundreds of potentially many hidden online paid posters. thousands of views and replies. Though 360 claimed that this 3) We statistically analyze the behavioral patterns of poten- article was fabricated by its competitors, it was sufficient to tial online paid posters and identify several key features raise serious concerns about the privacy of normal users. Even that are useful in their detection. worse, in late October, similar articles became popular again 4) We integrate semantic analysis with the behavioral pat- in several online communities. 360 wondered how the articles terns of potential online paid posters to further improve could be spread so quickly to hundreds of online forums in a the accuracy of our detection. few days. It was also incredible that all these articles attracted The rest of the paper is organized as follows. We present a huge amount of replies in such a short time period. more background information and identify the organizational In 2010, 360 and Tencent, two main IT companies in China, structure of online paid posters in Section II. Section III were involved in a bigger conflict. On September 27, 360 presents our data collection method. In Section IV, we sta- claimed that Tencent secretly scans user’s hard disk when its tistically analyze non-semantic behavioral features of online instant message client, QQ, is used. It thus released a user paid posters. In Section V, we introduce a simple method privacy protector that could be used to detect hidden operations for semantic analysis that can greatly help the detection of of other software installed on the computer, especially QQ. In online paid posters. In Section VI, we introduce our detection response, Tencent decided that users could no longer use their method and evaluation results. Related work is discussed in service if the computer had 360’s software installed. This event Section VII. We conclude the paper in Section VIII. led to great controversy among the hundreds of thousands of the Internet users. They posted their comments on all kinds II. HOW DO ONLINE PAID POSTERS WORK? of online communities and news websites. Although both 360 and Tencent claimed that they did not hire online paid posters, A. Typical Cases we now have strong evidence suggesting the opposite. Some To better understand the behavior and the social impact special patterns are definitely unusual, e.g., many negative of online paid posters, we investigated several social events, comments or replies came from newly registered user IDs which are likely to be boosted by online paid posters. We but these user IDs were seldom used afterwards. This clearly introduce two typical cases to illustrate how online paid posters indicates the use of online paid posters. could be an effective marketing strategy, in either a positive Since a large amount of comments/articles regarding this or a negative manner. conflict is still available in different popular websites, we in Example 1: On July 16, 2009, someone posted a thread this paper focus on this event as the case study. with blank content and a title of “Junpeng Jia, your mother asked you to go back home for dinner!” on a Baidu Post Com- B. Organizational Structure of Online Paid Posters munity of World of Warcraft, a Chinese online community 1) Basic Overview: These days, some websites, such as for a computer game [14].
Recommended publications
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used

    Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used

    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
  • Freedom on the Net 2016

    Freedom on the Net 2016

    FREEDOM ON THE NET 2016 China 2015 2016 Population: 1.371 billion Not Not Internet Freedom Status Internet Penetration 2015 (ITU): 50 percent Free Free Social Media/ICT Apps Blocked: Yes Obstacles to Access (0-25) 18 18 Political/Social Content Blocked: Yes Limits on Content (0-35) 30 30 Bloggers/ICT Users Arrested: Yes Violations of User Rights (0-40) 40 40 TOTAL* (0-100) 88 88 Press Freedom 2016 Status: Not Free * 0=most free, 100=least free Key Developments: June 2015 – May 2016 • A draft cybersecurity law could step up requirements for internet companies to store data in China, censor information, and shut down services for security reasons, under the aus- pices of the Cyberspace Administration of China (see Legal Environment). • An antiterrorism law passed in December 2015 requires technology companies to cooperate with authorities to decrypt data, and introduced content restrictions that could suppress legitimate speech (see Content Removal and Surveillance, Privacy, and Anonymity). • A criminal law amendment effective since November 2015 introduced penalties of up to seven years in prison for posting misinformation on social media (see Legal Environment). • Real-name registration requirements were tightened for internet users, with unregistered mobile phone accounts closed in September 2015, and app providers instructed to regis- ter and store user data in 2016 (see Surveillance, Privacy, and Anonymity). • Websites operated by the South China Morning Post, The Economist and Time magazine were among those newly blocked for reporting perceived as critical of President Xi Jin- ping (see Blocking and Filtering). www.freedomonthenet.org FREEDOM CHINA ON THE NET 2016 Introduction China was the world’s worst abuser of internet freedom in the 2016 Freedom on the Net survey for the second consecutive year.
  • Adversarial Web Search by Carlos Castillo and Brian D

    Adversarial Web Search by Carlos Castillo and Brian D

    Foundations and TrendsR in Information Retrieval Vol. 4, No. 5 (2010) 377–486 c 2011 C. Castillo and B. D. Davison DOI: 10.1561/1500000021 Adversarial Web Search By Carlos Castillo and Brian D. Davison Contents 1 Introduction 379 1.1 Search Engine Spam 380 1.2 Activists, Marketers, Optimizers, and Spammers 381 1.3 The Battleground for Search Engine Rankings 383 1.4 Previous Surveys and Taxonomies 384 1.5 This Survey 385 2 Overview of Search Engine Spam Detection 387 2.1 Editorial Assessment of Spam 387 2.2 Feature Extraction 390 2.3 Learning Schemes 394 2.4 Evaluation 397 2.5 Conclusions 400 3 Dealing with Content Spam and Plagiarized Content 401 3.1 Background 402 3.2 Types of Content Spamming 405 3.3 Content Spam Detection Methods 405 3.4 Malicious Mirroring and Near-Duplicates 408 3.5 Cloaking and Redirection 409 3.6 E-mail Spam Detection 413 3.7 Conclusions 413 4 Curbing Nepotistic Linking 415 4.1 Link-Based Ranking 416 4.2 Link Bombs 418 4.3 Link Farms 419 4.4 Link Farm Detection 421 4.5 Beyond Detection 424 4.6 Combining Links and Text 426 4.7 Conclusions 429 5 Propagating Trust and Distrust 430 5.1 Trust as a Directed Graph 430 5.2 Positive and Negative Trust 432 5.3 Propagating Trust: TrustRank and Variants 433 5.4 Propagating Distrust: BadRank and Variants 434 5.5 Considering In-Links as well as Out-Links 436 5.6 Considering Authorship as well as Contents 436 5.7 Propagating Trust in Other Settings 437 5.8 Utilizing Trust 438 5.9 Conclusions 438 6 Detecting Spam in Usage Data 439 6.1 Usage Analysis for Ranking 440 6.2 Spamming Usage Signals 441 6.3 Usage Analysis to Detect Spam 444 6.4 Conclusions 446 7 Fighting Spam in User-Generated Content 447 7.1 User-Generated Content Platforms 448 7.2 Splogs 449 7.3 Publicly-Writable Pages 451 7.4 Social Networks and Social Media Sites 455 7.5 Conclusions 459 8 Discussion 460 8.1 The (Ongoing) Struggle Between Search Engines and Spammers 460 8.2 Outlook 463 8.3 Research Resources 464 8.4 Conclusions 467 Acknowledgments 468 References 469 Foundations and TrendsR in Information Retrieval Vol.
  • The History of Digital Spam

    The History of Digital Spam

    The History of Digital Spam Emilio Ferrara University of Southern California Information Sciences Institute Marina Del Rey, CA [email protected] ACM Reference Format: This broad definition will allow me to track, in an inclusive Emilio Ferrara. 2019. The History of Digital Spam. In Communications of manner, the evolution of digital spam across its most popular appli- the ACM, August 2019, Vol. 62 No. 8, Pages 82-91. ACM, New York, NY, USA, cations, starting from spam emails to modern-days spam. For each 9 pages. https://doi.org/10.1145/3299768 highlighted application domain, I will dive deep to understand the nuances of different digital spam strategies, including their intents Spam!: that’s what Lorrie Faith Cranor and Brian LaMacchia ex- and catalysts and, from a technical standpoint, how they are carried claimed in the title of a popular call-to-action article that appeared out and how they can be detected. twenty years ago on Communications of the ACM [10]. And yet, Wikipedia provides an extensive list of domains of application: despite the tremendous efforts of the research community over the last two decades to mitigate this problem, the sense of urgency ``While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media: instant remains unchanged, as emerging technologies have brought new messaging spam, Usenet newsgroup spam, Web search engine spam, dangerous forms of digital spam under the spotlight. Furthermore, spam in blogs, wiki spam, online classified ads spam, mobile when spam is carried out with the intent to deceive or influence phone messaging spam, Internet forum spam, junk fax at scale, it can alter the very fabric of society and our behavior.
  • Image Spam Detection: Problem and Existing Solution

    Image Spam Detection: Problem and Existing Solution

    International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 02 | Feb 2019 www.irjet.net p-ISSN: 2395-0072 Image Spam Detection: Problem and Existing Solution Anis Ismail1, Shadi Khawandi2, Firas Abdallah3 1,2,3Faculty of Technology, Lebanese University, Lebanon ----------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - Today very important means of communication messaging spam, Internet forum spam, junk fax is the e-mail that allows people all over the world to transmissions, and file sharing network spam [1]. People communicate, share data, and perform business. Yet there is who create electronic spam are called spammers [2]. nothing worse than an inbox full of spam; i.e., information The generally accepted version for source of spam is that it crafted to be delivered to a large number of recipients against their wishes. In this paper, we present a numerous anti-spam comes from the Monty Python song, "Spam spam spam spam, methods and solutions that have been proposed and deployed, spam spam spam spam, lovely spam, wonderful spam…" Like but they are not effective because most mail servers rely on the song, spam is an endless repetition of worthless text. blacklists and rules engine leaving a big part on the user to Another thought maintains that it comes from the computer identify the spam, while others rely on filters that might carry group lab at the University of Southern California who gave high false positive rate. it the name because it has many of the same characteristics as the lunchmeat Spam that is nobody wants it or ever asks Key Words: E-mail, Spam, anti-spam, mail server, filter.
  • Understanding the Business Ofonline Pharmaceutical Affiliate Programs

    Understanding the Business Ofonline Pharmaceutical Affiliate Programs

    PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs Damon McCoy Andreas Pitsillidis∗ Grant Jordan∗ Nicholas Weaver∗† Christian Kreibich∗† Brian Krebs‡ Geoffrey M. Voelker∗ Stefan Savage∗ Kirill Levchenko∗ Department of Computer Science ∗Department of Computer Science and Engineering George Mason University University of California, San Diego †International Computer Science Institute ‡KrebsOnSecurity.com Berkeley, CA Abstract driven by competition between criminal organizations), a broad corpus of ground truth data has become avail- Online sales of counterfeit or unauthorized products able. In particular, in this paper we analyze the content drive a robust underground advertising industry that in- and implications of low-level databases and transactional cludes email spam, “black hat” search engine optimiza- metadata describing years of activity at the GlavMed, tion, forum abuse and so on. Virtually everyone has en- SpamIt and RX-Promotion pharmaceutical affiliate pro- countered enticements to purchase drugs, prescription- grams. By examining hundreds of thousands of orders, free, from an online “Canadian Pharmacy.” However, comprising a settled revenue totaling over US$170M, even though such sites are clearly economically moti- we are able to provide comprehensive documentation on vated, the shape of the underlying business enterprise three key aspects of underground advertising activity: is not well understood precisely because it is “under- Customers. We provide detailed analysis on the con- ground.” In this paper we exploit a rare opportunity to sumer demand for Internet-advertised counterfeit phar- view three such organizations—the GlavMed, SpamIt maceuticals, covering customer demographics, product and RX-Promotion pharmaceutical affiliate programs— selection (including an examination of drug abuse as a from the inside.
  • Internet Security

    Internet Security

    In the News Articles in the news from the past month • “Security shockers: 75% of US bank websites Internet Security have flaws” • “Blank robbers swipe 3,000 ‘fraud-proof’ UK passports” • “Korean load sharks feed on hacked data” • “Worms spread via spam on Facebook and Nan Niu ([email protected]) MySpace” CSC309 -- Fall 2008 • “Beloved websites riddled with crimeware” • “Google gives GMail always-on encryption” http://www.theregister.co.uk 2 New Targets of 2007 Scenario 1 • Cyber criminals and cyber spies have • The Chief Information Security Officer shifted their focus again of a medium sized, but sensitive, federal – Facing real improvements in system and agency learned that his computer was network security sending data to computers in China. • The attackers now have two new targets • He had been the victim of a new type of spear phishing attack highlighted in this – users who are easily misled year’s Top 20. – custom-built applications • Once they got inside, the attackers had • Next, 4 exploits scenarios… freedom of action to use his personal • Reported by SANS (SysAdmin, Audit, Network, computer as a tunnel into his agency’s Security), http://www.sans.org systems. 3 4 Scenario 2 Scenario 3 • Hundreds of senior federal officials and business • A hospital’s website was compromised executives visited a political think-tank website that had been infected and caused their computers to because a Web developer made a become zombies. programming error. • Keystroke loggers, placed on their computers by the • Sensitive patient records were taken. criminals (or nation-state), captured their user names and passwords when their stock trading accounts and • When the criminals proved they had the their employers computers, and sent the data to data, the hospital had to choose between computers in different countries.
  • Administrator's Guide for Synology Mailplus Server

    Administrator's Guide for Synology Mailplus Server

    Administrator's Guide for Synology MailPlus Server Based on Synology MailPlus Server 2.2 1 Table of Contents Introduction 01 Chapter 1: Deployment Guidelines 02 Select a Synology NAS Estimate RAM and Storage Requirements Running Multiple I/O Intensive Packages on the Same NAS Chapter 2: Getting Started with MailPlus Server 06 Connect Synology NAS to the Internet Set up DNS Set up MailPlus Server Set up MailPlus Client Run MailPlus Third-Party Email Clients Troubleshoot Chapter 3: Mail Migration 19 Create a Mail Migration Task in MailPlus Server Import System Configurations from Microsoft Exchange to MailPlus Server Chapter 4: User Licenses 27 Purchase Licenses Install Licenses Use Licenses Chapter 5: Account Settings 31 Account System Activate Accounts Manage Privileges Chapter 6: Protocol Settings 46 SMTPI MAP/POP3 Network Interface Chapter 7: SMTP Settings 50 Service Settings SMTP Secure Connection Mail Relay Chapter 8: Domain Settings 66 Domain Domain Management Chapter 9: Security Settings 83 Spam Antivirus Scan Authentication Content Protection Chapter 10: Monitor Settings 107 Monitor Server Status Monitor Mail Queue Monitor Mail Log Chapter 11: Disaster Recovery 127 High-Availability Cluster Back up and Restore Email Chapter 12: MailPlus Navigation 140 Basic Operations Advanced Settings Introduction Introduction The Synology MailPlus suite provides advanced and secure mail service with high usability. This suite consists of two packages: MailPlus Server and MailPlus. MailPlus Server is an administration console that offers diverse settings, while MailPlus is an email platform for client users. This administrator's guide will guide you through the MailPlus Server setup and give detailed configuration instructions including DNS settings, mail service migration, and other security adjustments.
  • An Empirical Assessment of the CAN SPAM Act

    An Empirical Assessment of the CAN SPAM Act

    Portland State University PDXScholar Dissertations and Theses Dissertations and Theses 1-1-2010 An Empirical Assessment of the CAN SPAM Act Alex Conrad Kigerl Portland State University Follow this and additional works at: https://pdxscholar.library.pdx.edu/open_access_etds Let us know how access to this document benefits ou.y Recommended Citation Kigerl, Alex Conrad, "An Empirical Assessment of the CAN SPAM Act" (2010). Dissertations and Theses. Paper 704. https://doi.org/10.15760/etd.704 This Thesis is brought to you for free and open access. It has been accepted for inclusion in Dissertations and Theses by an authorized administrator of PDXScholar. Please contact us if we can make this document more accessible: [email protected]. An Empirical Assessment of the CAN SPAM Act by Alex Conrad Kigerl A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Criminology and Criminal Justice Thesis Committee: Scott Cunningham, Chair Warren Harrison Danielle McGurrin Portland State University ©2010 i Abstract In January 2004, the United States Congress passed and put into effect the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN SPAM). The Act was set forth to regulate bulk commercial email (spam) and set the limits for what was acceptable. Various sources have since investigated and speculated on the efficacy of the CAN SPAM Act, few of which report a desirable outcome for users of electronic mail. Despite the apparent consensus of anti-spam firms and the community of email users that the Act was less than effective, there is little to no research on the efficacy of the Act that utilizes any significant statistical rigor or accepted scientific practices.
  • Producers of Disinformation – Version

    Producers of Disinformation – Version

    Live research from the digital edges of democracy YOU ARE VIEWING AN OLDER VERSION OF THIS LIVE RESEARCH REVIEW. Switch to the latest version. Live Research Review Producers of Disinformation - Version 1.2 By Samuel Spies · January 22, 2020 Version 1.0 Table of Contents Introduction Disinformation in the internet age Who produces disinformation, and why? Commercial motivations Political motivations Conclusion Avenues for future study Spies, Samuel. 2020. "Producers of Disinformation" V1.0. Social Science Research Council, MediaWell. January 22, 2020. https://mediawell.ssrc.org/literature-reviews/producers-of-disinformat ion/versions/1-0/ Introduction One of the promises of the internet has been that anyone with a device and a data connection can find an audience. Until relatively recently, many social scientists and activists joined technologists in their optimism that social media and digital publishing would connect the world, give a voice to marginalized communities, bridge social and cultural divides, and topple authoritarian regimes. Reality has proven to be far more complicated. Despite that theoretical access to audience, enormous asymmetries and disparities persist in the way information is produced. Elites, authoritarian regimes, and corporations still have greater influence and access to communicative power. Those elites have retained their ability to inject favorable narratives into the massive media conglomerates that still dominate mediascapes in much of the world. At the same time, we have observed the darker side of the internet’s democratic promise of audience. In a variety of global contexts, we see political extremists, hate groups, and misguided health activists recruiting members, vilifying minorities, and spreading misinformation. These online activities can have very real life-or-death consequences offline, including mass shootings, ethnic strife, disease outbreaks, and social upheaval.
  • Criminal Abuse of Domain Names Bulk Registration and Contact Information Access

    Criminal Abuse of Domain Names Bulk Registration and Contact Information Access

    Criminal Abuse of Domain Names Bulk Registration and Contact Information Access Prepared by Dave Piscitello and Dr. Colin Strutt Interisle Consulting Group, LLC 17 October 2019 © 2019 Interisle Consulting Group 2 Executive Summary Domain names that can be rapidly acquired, used in an attack, and abandoned before they can be traced are a critical resource for cybercriminals. Some attacks, including spam and ransomware campaigns and criminal infrastructure operation (e.g., “botnets”), benefit particularly from the ability to rapidly and cheaply acquire very large numbers of domain names—a tactic known as bulk registration. When cybercriminals can register hundreds or thousands of domain names in a matter of minutes, an attack can be widely distributed to make detection, blocking, and dismantling more difficult and prolonged. Cybercrime investigation is always a race against the clock—the longer it takes to identify an attacker and block the attack, the more damage can be inflicted on more victims. Before the adoption by ICANN of a Temporary Specification (“Temp Spec”) for handling domain name registration data in compliance with the European General Data Protection Regulation (GDPR), investigators had ready access to the contact information provided by domain name registrants (“Whois data”). This information, even when incomplete or inaccurate, facilitated rapid attack response both directly (when it correctly identified the attacker) and indirectly (by enabling “connect the dots” methods such as search-and-pivot). The immediate effect of the Temp Spec since the GDPR took full effect on 25 May 2018 has been to severely limit access to domain name registrant contact information, most of which is now redacted by registries and registrars when they respond to Whois data queries.
  • Anti-Spam Methods

    Anti-Spam Methods

    INTRODUCTION Spamming is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi- legal services. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender. There are two main types of spam, and they have different effects on Internet users. Cancellable Usenet spam is a single message sent to 20 or more Usenet newsgroups. (Through long experience, Usenet users have found that any message posted to so many newsgroups is often not relevant to most or all of them.) Usenet spam is aimed at "lurkers", people who read newsgroups but rarely or never post and give their address away. Usenet spam robs users of the utility of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts. Furthermore, Usenet spam subverts the ability of system administrators and owners to manage the topics they accept on their systems. Email spam targets individual users with direct mail messages. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. Email spams typically cost users money out-of-pocket to receive. Many people - anyone with measured phone service - read or receive their mail while the meter is running, so to speak. Spam costs them additional money. On top of that, it costs money for ISPs and online services to transmit spam, and these costs are transmitted directly to subscribers.