DOCSLIB.ORG

Anti-War and the Cyber Triangle Strategic Implications of Cyber Operations and Cyber Security for the State

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Anti-War and the Cyber Triangle Strategic Implications of Cyber Operations and Cyber Security for the State Anti-War and the Cyber Triangle Strategic Implications of Cyber Operations and Cyber Security for the State Sven Herpig ACKNOWLEDGEMENT I would like to thank my loving wife – source of inspiration, firmest believer and harshest critic. For without her, this research would have never progressed beyond the first few paragraphs. I am deeply grateful for having an amazing family. Their tireless encouragement and support allowed me to pursue my dreams. During the years of research, I was not able to spend as much time with them as I would have wanted, and only a tiny fraction of what they would have deserved. I would also like to acknowledge Doctor David Lonsdale, brilliant academic and amazing supervisor, without whom this work would have remained a body without soul. Last but not least, I want to give a shout-out to all the infosec people, cyber libertarians, strategists, hackers, academics and practitioners who helped me with their immense knowledge and vast networks over the last couple of years. Sven Herpig, January 2016 ____________________________ PhD Thesis, University of Hull Research: May 2011–March 2015 Approval: August 2015 Editing: January 2016 1 TABLE OF CONTENTS LIST OF ABBREVIATIONS .....................................................................................7 LIST OF FIGURES ................................................................................................... 10 LIST OF TABLES ..................................................................................................... 11 INTRODUCTION ..................................................................................................... 13 1. Introduction ............................................................................................................ 13 1.1 Introduction of the Subject ................................................................................ 13 1.2 Review of the Related Literature ....................................................................... 16 1.2.1 Development of the Literature ................................................................... 16 1.2.2 Schools of Thought .................................................................................... 19 1.2.3 Contribution ............................................................................................... 23 1.3 Methodological Approach ................................................................................. 25 1.4 Structure of the Chapters ................................................................................... 27 CHAPTER I ............................................................................................................... 30 2. Cyber Domain ........................................................................................................ 30 2.1 The State ............................................................................................................ 30 2.2 The Internet ....................................................................................................... 30 2.2.1 The Interconnected Network ...................................................................... 33 2.2.2 Internet, Cyberspace and Cyber Domain .................................................... 35 2.2.3 Critical National Information Infrastructure .............................................. 37 CHAPTER II .............................................................................................................. 43 3. Cyber Operations ................................................................................................... 43 3.1 Defining Cyber Operations ................................................................................ 43 3.2 Levelling the Cyber Playing Field ..................................................................... 50 3.3 Cyber Armoury .................................................................................................. 56 3.3.1 Remarks ..................................................................................................... 56 3.3.2 Cyber Weapons .......................................................................................... 57 3.3.3 Cyber Attack Vectors ................................................................................. 60 3.3.4 Cyber Armours ........................................................................................... 63 3.4 Facets of Operations .......................................................................................... 66 2 3.4.1 Framework ................................................................................................. 66 3.4.2 Deception Operations ................................................................................. 68 3.4.3 Denial Operations ....................................................................................... 69 3.4.4 Extraction Operations ................................................................................. 69 3.4.5 Disruption Operations ................................................................................ 70 3.4.6 Degradation Operations .............................................................................. 71 3.5 History of Cyber Operations .............................................................................. 72 3.5.1 Timeline of Events ..................................................................................... 72 3.5.2 Early Developments of Cyber Operations .................................................. 73 3.5.3 Evolution of Cyber Operations ................................................................... 76 4. Information Operations ......................................................................................... 78 4.1 Framework ......................................................................................................... 78 4.2 Nature of Information Operations ..................................................................... 78 4.3 Under the Umbrella of Information Operations................................................. 80 4.4 Cyber, Electronic and Network Warfare ........................................................... 81 4.5 Demarcation Lines ............................................................................................. 83 CHAPTER III ............................................................................................................ 86 5. Cyber Security ........................................................................................................ 86 5.1 National Security ............................................................................................... 86 5.2 National Cyber Security .................................................................................... 91 5.3 The Pillars of National Cyber Security .............................................................. 93 5.4 Cyber Security Approaches ............................................................................... 95 5.5 Cyber Security Behaviour ............................................................................... 102 5.6 Conclusion ....................................................................................................... 106 6. Case Study: China's National Cyber Security ................................................... 108 6.1 Introduction ..................................................................................................... 108 6.2 Mapping China's Cyber Security Pillars .......................................................... 109 6.3 Identifying China's Cyber Security Approaches .............................................. 115 6.4 China's Cyber Security Behaviour ................................................................... 119 CHAPTER IV .......................................................................................................... 122 3 7. A Conceptual Framework for Cyber Strategy .................................................. 122 7.1 What is Strategy .............................................................................................. 122 7.1.1 Framework and Strategy .......................................................................... 122 7.1.2 The Strategic-, Political-, Operational- and Tactical Level ...................... 123 7.1.3 Dimensions and Complexity of Strategy .................................................. 125 7.1.4 Definition of Strategy ............................................................................... 129 7.2 Adaptation to Cyber Strategy .......................................................................... 130 7.2.1 The Cyber Political Level ........................................................................ 130 7.2.2 The Cyber Strategy Level ........................................................................ 132 7.2.3 The Cyber Strategic Dimensions .............................................................. 133 7.2.4 The Cyber Operational Level ................................................................... 148 7.2.5 The Cyber Tactical Level ......................................................................... 151 7.2.6 The Cyber Complexity ............................................................................. 153 7.3 Cyber Operations – Strategy in the Fifth Dimension ....................................... 155 7.4 Cyber Strategies and Implications ................................................................... 158 7.4.1 State-of-the-Art and Framework
Load more

Recommended publications
  • Xbt.Doc.248.2.Pdf
    MAY 25, 2018 United States District Court Southern District of Florida Miami Division CASE NO. 1:17-CV-60426-UU ALEKSEJ GUBAREV, XBT HOLDING S.A., AND WEBZILLA, INC., PLAINTIFFS, VS BUZZFEED, INC. AND BEN SMITH, DEFENDANTS Expert report of Anthony J. Ferrante FTI Consulting, Inc. 4827-3935-4214v.1 0100812-000009 Table of Contents Table of Contents .............................................................................................................................................. 1 Qualifications ..................................................................................................................................................... 2 Scope of Assignment ......................................................................................................................................... 3 Glossary of Important Terms ............................................................................................................................. 4 Executive Summary ........................................................................................................................................... 7 Methodology ..................................................................................................................................................... 8 Technical Investigation ................................................................................................................................ 8 Investigative Findings .......................................................................................................................................
    [Show full text]
  • Attribution and Response to Cybercrime/Terrorism/Warfare Susan W
    Journal of Criminal Law and Criminology Volume 97 Article 2 Issue 2 Winter Winter 2007 At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare Susan W. Brenner Follow this and additional works at: https://scholarlycommons.law.northwestern.edu/jclc Part of the Criminal Law Commons, Criminology Commons, and the Criminology and Criminal Justice Commons Recommended Citation Susan W. Brenner, At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare, 97 J. Crim. L. & Criminology 379 (2006-2007) This Symposium is brought to you for free and open access by Northwestern University School of Law Scholarly Commons. It has been accepted for inclusion in Journal of Criminal Law and Criminology by an authorized editor of Northwestern University School of Law Scholarly Commons. 0091-4169/07/9702-0379 THE JOURNALOF CRIMINAL LAW & CRIMINOLOGY Vol. 97. No. 2 Copyright 0 2007 by NorthwesternUniversity. Schoolof Low Printedin U.S.A. "AT LIGHT SPEED": ATTRIBUTION AND RESPONSE TO CYBERCRIME/TERRORISM/WARFARE SUSAN W. BRENNER* This Article explains why and how computer technology complicates the related processes of identifying internal (crime and terrorism) and external (war) threats to social order of respondingto those threats. First, it divides the process-attribution-intotwo categories: what-attribution (what kind of attack is this?) and who-attribution (who is responsiblefor this attack?). Then, it analyzes, in detail, how and why our adversaries' use of computer technology blurs the distinctions between what is now cybercrime, cyberterrorism, and cyberwarfare. The Article goes on to analyze how and why computer technology and the blurring of these distinctions erode our ability to mount an effective response to threats of either type.
    [Show full text]
  • Recent Developments in Cybersecurity Melanie J
    American University Business Law Review Volume 2 | Issue 2 Article 1 2013 Fiddling on the Roof: Recent Developments in Cybersecurity Melanie J. Teplinsky Follow this and additional works at: http://digitalcommons.wcl.american.edu/aublr Part of the Law Commons Recommended Citation Teplinsky, Melanie J. "Fiddling on the Roof: Recent Developments in Cybersecurity." American University Business Law Review 2, no. 2 (2013): 225-322. This Article is brought to you for free and open access by the Washington College of Law Journals & Law Reviews at Digital Commons @ American University Washington College of Law. It has been accepted for inclusion in American University Business Law Review by an authorized administrator of Digital Commons @ American University Washington College of Law. For more information, please contact [email protected]. ARTICLES FIDDLING ON THE ROOF: RECENT DEVELOPMENTS IN CYBERSECURITY MELANIE J. TEPLINSKY* TABLE OF CONTENTS Introduction .......................................... ..... 227 I. The Promise and Peril of Cyberspace .............. ........ 227 II. Self-Regulation and the Challenge of Critical Infrastructure ......... 232 III. The Changing Face of Cybersecurity: Technology Trends ............ 233 A. Mobile Technology ......................... 233 B. Cloud Computing ........................... ...... 237 C. Social Networking ................................. 241 IV. The Changing Face of Cybersecurity: Cyberthreat Trends ............ 244 A. Cybercrime ................................. ..... 249 1. Costs of Cybercrime
    [Show full text]
  • 2020 Sonicwall Cyber Threat Report
    2020 SONICWALL CYBER THREAT REPORT sonicwall.com I @sonicwall TABLE OF CONTENTS 3 A NOTE FROM BILL 4 CYBERCRIMINAL INC. 11 2019 GLOBAL CYBERATTACK TRENDS 12 INSIDE THE SONICWALL CAPTURE LABS THREAT NETWORK 13 KEY FINDINGS FROM 2019 13 SECURITY ADVANCES 14 CRIMINAL ADVANCES 15 FASTER IDENTIFICATION OF ‘NEVER-BEFORE-SEEN’ MALWARE 16 TOP 10 CVES EXPLOITED IN 2019 19 ADVANCEMENTS IN DEEP MEMORY INSPECTION 23 MOMENTUM OF PERIMETER-LESS SECURITY 24 PHISHING DOWN FOR THIRD STRAIGHT YEAR 25 CRYPTOJACKING CRUMBLES 27 RANSOMWARE TARGETS STATE, PROVINCIAL & LOCAL GOVERNMENTS 31 FILELESS MALWARE SPIKES IN Q3 32 ENCRYPTED THREATS GROWING CONSISTENTLY 34 IOT ATTACK VOLUME RISING 35 WEB APP ATTACKS DOUBLE IN 2019 37 PREPARING FOR WHAT’S NEXT 38 ABOUT SONICWALL 2 A NOTE FROM BILL The boundaries of your digital empire are In response, SonicWall and our Capture Labs limitless. What was once a finite and threat research team work tirelessly to arm defendable space is now a boundless organizations, enterprises, governments and territory — a vast, sprawling footprint of businesses with actionable threat devices, apps, appliances, servers, intelligence to stay ahead in the global cyber networks, clouds and users. arms race. For the cybercriminals, it’s more lawless And part of that dedication starts now with than ever. Despite the best intentions of the 2020 SonicWall Cyber Threat Report, government agencies, law enforcement and which provides critical threat intelligence to oversight groups, the current cyber threat help you better understand how landscape is more agile than ever before. cybercriminals think — and be fully prepared for what they’ll do next.
    [Show full text]
  • Internet Security Threat Report Volume 24 | February 2019
    ISTRInternet Security Threat Report Volume 24 | February 2019 THE DOCUMENT IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENT. THE INFORMATION CONTAINED IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. INFORMATION OBTAINED FROM THIRD PARTY SOURCES IS BELIEVED TO BE RELIABLE, BUT IS IN NO WAY GUARANTEED. SECURITY PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT (“CONTROLLED ITEMS”) ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER FOR YOU TO EXPORT, RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT SUCH CONTROLLED ITEMS. TABLE OF CONTENTS 1 2 3 BIG NUMBERS YEAR-IN-REVIEW FACTS AND FIGURES METHODOLOGY Formjacking Messaging Cryptojacking Malware Ransomware Mobile Living off the land Web attacks and supply chain attacks Targeted attacks Targeted attacks IoT Cloud Underground economy IoT Election interference MALICIOUS
    [Show full text]
  • Systematization of Vulnerability Discovery Knowledge: Review
    Systematization of Vulnerability Discovery Knowledge Review Protocol Nuthan Munaiah and Andrew Meneely Department of Software Engineering Rochester Institute of Technology Rochester, NY 14623 {nm6061,axmvse}@rit.edu February 12, 2019 1 Introduction As more aspects of our daily lives depend on technology, the software that supports this technology must be secure. We, as users, almost subconsciously assume the software we use to always be available to serve our requests while preserving the confidentiality and integrity of our information. Unfortunately, incidents involving catastrophic software vulnerabilities such as Heartbleed (in OpenSSL), Stagefright (in Android), and EternalBlue (in Windows) have made abundantly clear that software, like other engineered creations, is prone to mistakes. Over the years, Software Engineering, as a discipline, has recognized the potential for engineers to make mistakes and has incorporated processes to prevent such mistakes from becoming exploitable vulnerabilities. Developers leverage a plethora of processes, techniques, and tools such as threat modeling, static and dynamic analyses, unit/integration/fuzz/penetration testing, and code reviews to engineer secure software. These practices, while effective at identifying vulnerabilities in software, are limited in their ability to describe the engineering failures that may have led to the introduction of vulnerabilities. Fortunately, as researchers propose empirically-validated metrics to characterize historical vulnerabilities, the factors that may have led to the introduction of vulnerabilities emerge. Developers must be made aware of these factors to help them proactively consider security implications of the code that they contribute. In other words, we want developers to think like an attacker (i.e. inculcate an attacker mindset) to proactively discover vulnerabilities.
    [Show full text]
  • Attacking from Inside
    WIPER MALWARE: ATTACKING FROM INSIDE Why some attackers are choosing to get in, delete files, and get out, rather than try to reap financial benefit from their malware. AUTHORED BY VITOR VENTURA WITH CONTRIBUTIONS FROM MARTIN LEE EXECUTIVE SUMMARY from system impact. Some wipers will destroy systems, but not necessarily the data. On the In a digital era when everything and everyone other hand, there are wipers that will destroy is connected, malicious actors have the perfect data, but will not affect the systems. One cannot space to perform their activities. During the past determine which kind has the biggest impact, few years, organizations have suffered several because those impacts are specific to each kinds of attacks that arrived in many shapes organization and the specific context in which and forms. But none have been more impactful the attack occurs. However, an attacker with the than wiper attacks. Attackers who deploy wiper capability to perform one could perform the other. malware have a singular purpose of destroying or disrupting systems and/or data. The defense against these attacks often falls back to the basics. By having certain Unlike malware that holds data for ransom protections in place — a tested cyber security (ransomware), when a malicious actor decides incident response plan, a risk-based patch to use a wiper in their activities, there is no management program, a tested and cyber direct financial motivation. For businesses, this security-aware business continuity plan, often is the worst kind of attack, since there is and network and user segmentation on top no expectation of data recovery.
    [Show full text]
  • PARK JIN HYOK, Also Known As ("Aka") "Jin Hyok Park," Aka "Pak Jin Hek," Case Fl·J 18 - 1 4 79
    AO 91 (Rev. 11/11) Criminal Complaint UNITED STATES DISTRICT COURT for the RLED Central District of California CLERK U.S. DIS RICT United States ofAmerica JUN - 8 ?018 [ --- .. ~- ·~".... ~-~,..,. v. CENT\:y'\ l i\:,: ffl1G1 OF__ CAUFORN! BY .·-. ....-~- - ____D=E--..... PARK JIN HYOK, also known as ("aka") "Jin Hyok Park," aka "Pak Jin Hek," Case fl·J 18 - 1 4 79 Defendant. CRIMINAL COMPLAINT I, the complainant in this case, state that the following is true to the best ofmy knowledge and belief. Beginning no later than September 2, 2014 and continuing through at least August 3, 2017, in the county ofLos Angeles in the Central District of California, the defendant violated: Code Section Offense Description 18 U.S.C. § 371 Conspiracy 18 u.s.c. § 1349 Conspiracy to Commit Wire Fraud This criminal complaint is based on these facts: Please see attached affidavit. IBJ Continued on the attached sheet. Isl Complainant's signature Nathan P. Shields, Special Agent, FBI Printed name and title Sworn to before ~e and signed in my presence. Date: ROZELLA A OLIVER Judge's signature City and state: Los Angeles, California Hon. Rozella A. Oliver, U.S. Magistrate Judge Printed name and title -:"'~~ ,4G'L--- A-SA AUSAs: Stephanie S. Christensen, x3756; Anthony J. Lewis, x1786; & Anil J. Antony, x6579 REC: Detention Contents I. INTRODUCTION .....................................................................................1 II. PURPOSE OF AFFIDAVIT ......................................................................1 III. SUMMARY................................................................................................3
    [Show full text]
  • Why We Should Consider the Plurality of Hacker and Maker Cultures 2017
    Repositorium für die Medienwissenschaft Sebastian Kubitschko; Annika Richterich; Karin Wenz „There Simply Is No Unified Hacker Movement.“ Why We Should Consider the Plurality of Hacker and Maker Cultures 2017 https://doi.org/10.25969/mediarep/1115 Veröffentlichungsversion / published version Zeitschriftenartikel / journal article Empfohlene Zitierung / Suggested Citation: Kubitschko, Sebastian; Richterich, Annika; Wenz, Karin: „There Simply Is No Unified Hacker Movement.“ Why We Should Consider the Plurality of Hacker and Maker Cultures. In: Digital Culture & Society, Jg. 3 (2017), Nr. 1, S. 185– 195. DOI: https://doi.org/10.25969/mediarep/1115. Erstmalig hier erschienen / Initial publication here: https://doi.org/10.14361/dcs-2017-0112 Nutzungsbedingungen: Terms of use: Dieser Text wird unter einer Creative Commons - This document is made available under a creative commons - Namensnennung - Nicht kommerziell - Keine Bearbeitungen 4.0 Attribution - Non Commercial - No Derivatives 4.0 License. For Lizenz zur Verfügung gestellt. Nähere Auskünfte zu dieser Lizenz more information see: finden Sie hier: https://creativecommons.org/licenses/by-nc-nd/4.0 https://creativecommons.org/licenses/by-nc-nd/4.0 “There Simply Is No Unified Hacker Movement.” Why We Should Consider the Plurality of Hacker and Maker Cultures Sebastian Kubitschko in Conversation with Annika Richterich and Karin Wenz Sebastian Kubitschko is a postdoctoral researcher at the Centre for Media, Communication and Information Research (ZeMKI) at the University of Bremen in Germany. His main research fields are political communication, social movements and civil society organisations. In order to address the relevance of new forms of techno-political civic engagement, he has conducted qualitative, empirical research on one of the world’s oldest and largest hacker organisations, the Chaos Computer Club (CCC).
    [Show full text]
  • The Middle East Under Malware Attack Dissecting Cyber Weapons
    The Middle East under Malware Attack Dissecting Cyber Weapons Sami Zhioua Information and Computer Science Department King Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia [email protected] Abstract—The Middle East is currently the target of an un- have been designed by the same unknown entity 1. The next precedented campaign of cyber attacks carried out by unknown malware of this lineage was Flame [7] which was discovered parties. The energy industry is praticularly targeted. The in May 2012 by Kaspersky Lab while investigating another attacks are carried out by deploying extremely sophisticated malware. The campaign opened by the Stuxnet malware in piece of malware called Wiper [8]. Flame features very 2010 and then continued through Duqu, Flame, Gauss, and unusual characteristics such as large size, large number of Shamoon malware. This paper is a technical survey of the modules, self adapting, etc. As Duqu, Flame’s objective is attacking vectors utilized by the three most famous malware, data collection and espionnage. Gauss [9] is another data namely, Stuxnet, Flame, and Shamoon. We describe their main stealing malware discovered in June 2012 by Kaspersky Lab modules, their sophisticated spreading capabilities, and we discuss what it sets them apart from typical malware. The focusing on banking information. Flame and Gauss exhibit main purpose of the paper is to point out the recent trends striking similarities and several technical evidences indicate infused by this new breed of malware into cyber attacks. that they come from the same “factories” that produced Stuxnet and Duqu [9]. The latest malware-based attack Keywords-Malwares; Information Security; Targeted At- tacks; Stuxnet; Duqu; Flame; Gauss; Shamoon targeting the middle east was the Shamoon attack on Saudi Aramco [10].
    [Show full text]
  • Investigating Web Defacement Campaigns at Large
    Session 11: Malware and Web ASIACCS’18, June 4–8, 2018, Incheon, Republic of Korea Investigating Web Defacement Campaigns at Large Federico Maggi, Marco Balduzzi, Ryan Flores, Lion Gu, Vincenzo Ciancaglini Forward-Looking Threat Research Team - Trend Micro, Inc. ABSTRACT the attack, team affiliation of the defacer(s), or nicknames ofthe Website defacement is the practice of altering the web pages of a supporting actors. Over the years, defacers have abandoned their website after its compromise. The altered pages, called deface pages, interested in defacing for the mere purpose of advertising the com- can negatively affect the reputation and business of the victim site. promise, pursuing defacement more as a mean to broadcast strong Previous research has focused primarily on detection, rather than messages “to the World”—by compromising popular websites. exploring the defacement phenomenon in depth. While investigat- Despite several actors are still driven by the desire of promot- ing several defacements, we observed that the artifacts left by the ing their own reputation, an increasing number of defacers strive defacers allow an expert analyst to investigate the actors’ modus instead to promote their ideologies, religious orientation, political operandi and social structure, and expand from the single deface views, or other forms of activism, often closely following real-world page to a group of related defacements (i.e., a campaign). However, events (e.g., war, elections, crisis, terrorist attacks). We refer to this manually performing such analysis on millions of incidents is te- phenomenon as dark propaganda, to highlight that legitimate re- dious, and poses scalability challenges. From these observations, we sources are abused for pushing the actors’ viewpoints.
    [Show full text]
  • A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics
    UNIVERSIDAD POLITECNICA´ DE MADRID ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics PH.D THESIS Platon Pantelis Kotzias Copyright c 2019 by Platon Pantelis Kotzias iv DEPARTAMENTAMENTO DE LENGUAJES Y SISTEMAS INFORMATICOS´ E INGENIERIA DE SOFTWARE ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF: Doctor of Philosophy in Software, Systems and Computing Author: Platon Pantelis Kotzias Advisor: Dr. Juan Caballero April 2019 Chair/Presidente: Marc Dasier, Professor and Department Head, EURECOM, France Secretary/Secretario: Dario Fiore, Assistant Research Professor, IMDEA Software Institute, Spain Member/Vocal: Narseo Vallina-Rodriguez, Assistant Research Professor, IMDEA Networks Institute, Spain Member/Vocal: Juan Tapiador, Associate Professor, Universidad Carlos III, Spain Member/Vocal: Igor Santos, Associate Research Professor, Universidad de Deusto, Spain Abstract of the Dissertation Potentially unwanted programs (PUP) are a category of undesirable software that, while not outright malicious, can pose significant risks to users’ security and privacy. There exist indications that PUP prominence has quickly increased over the last years, but the prevalence of PUP on both consumer and enterprise hosts remains unknown. Moreover, many important aspects of PUP such as distribution vectors, code signing abuse, and economics also remain unknown. In this thesis, we empirically and sys- tematically analyze in both breadth and depth PUP abuse, prevalence, distribution, and economics. We make the following four contributions. First, we perform a systematic study on the abuse of Windows Authenticode code signing by PUP and malware.
    [Show full text]