Pax Technica

Total Page:16

File Type:pdf, Size:1020Kb

Pax Technica pax technica YY6658.indb6658.indb i 22/2/15/2/15 11:15:1811:15:18 AAMM YY6658.indb6658.indb iiii 22/2/15/2/15 11:15:1811:15:18 AAMM philip n. howard pax technica how the internet of things may set us free or lock us up new haven & london YY6658.indb6658.indb iiiiii 22/2/15/2/15 11:15:1811:15:18 AAMM Published with assistance from the Mary Cady Tew Memorial Fund. Copyright © 2015 by Philip N. Howard. All rights reserved. This book may not be reproduced, in whole or in part, including illustrations, in any form (beyond that copying permitted by Sections 107 and 108 of the U.S. Copyright Law and except by reviewers for the public press), without written permission from the publishers. An online version of the work is made available under a Creative Commons license for use that is noncommercial and not derivative. The terms of the license are set forth at http://creativecommons.org/licenses/by-nc-nd/4.0/. For more information about a digital copy of the work, please see the author’s website: http://philhoward.org/. Yale University Press books may be purchased in quantity for educational, business, or promotional use. For information, please e-mail sales.press@yale .edu (U.S. offi ce) or [email protected] (U.K. offi ce). Set in Joanna type by Newgen North America, Austin, Texas. Printed in the United States of America. ISBN 978-0-300-19947-5 (cloth : alk. paper) Catalogue records for this book are available from the Library of Congress and the British Library. This paper meets the requirements of ansi/niso z39.48-1992 (Permanence of Paper). 10 9 8 7 6 5 4 3 2 1 YY6658.indb6658.indb iivv 22/2/15/2/15 11:15:1911:15:19 AAMM For Gina Neff, who makes things possible and worthwhile. YY6658.indb6658.indb v 22/2/15/2/15 11:15:1911:15:19 AAMM This page intentionally left blank contents Preface xi Introduction xix 1. Empire of Connected Things 1 Carna Surveils the Realm, 2 What’s in a Pax? 4 The Demographics of Diffusion, 8 Information Technology and the New World Order, 11 Pax Romana, Britannica, Americana, 14 The Balaceras of Monterrey, 17 The Internet Is Also a Surveillance State, 22 The Wars Only Bots Will Fight, 27 The Political Empire of Connected Things, 33 2. Internet Interregnum 37 Discovering the UglyGorilla, 38 Devices of Hope, 42 The Demographics of Diffusion, 44 The Zapatistas Reboot History, 47 From Gold to Bits, 53 States Don’t Own It, Though They Fight Hard to Control It, 56 vii YY6658.indb6658.indb vviiii 22/2/15/2/15 11:15:1911:15:19 AAMM contents A New Kind of New Order, 59 But It’s Not a Westphalian— or Feudal—World, 62 3. New Maps for the New World 67 Mapping Hispaniola, 68 Dictators and Dirty Networks, 71 Mubarak’s Choice, 73 We Are All Laila, 75 Governments, Bad and Fake, 79 The Dictator’s Digital Dilemma, 84 Finding Kibera, 88 Dirty Networks, Collapsing, 91 The Democracy of Devices, 99 4. Five Premises for the Pax Technica 107 Learning from the Internet Interregnum, 108 First Premise: The Internet of Things Is Being Weaponized, 112 Second Premise: People Use Devices to Govern, 119 Third Premise: Digital Networks Weaken Ideologies, 123 Fourth Premise: Social Media Solve Collective Action Problems, 136 Fifth Premise: Big Data Backs Human Security, 139 Defi ning the Pax Technica, 145 5. Five Consequences of the Pax Technica 148 Empire of Bits—A Scenario, 149 First Consequence: Networked Devices and the Stability of Cyberdeterrence, 153 Second Consequence: Governance Through the Internet of Things, 157 Third Consequence: From a Clash of Civilizations to a Competition Between Device Networks, 162 viii YY6658.indb6658.indb vviiiiii 22/2/15/2/15 11:15:1911:15:19 AAMM contents Fourth Consequence: Connective Action and Crypto Clans, 168 Fifth Consequence: Connective Security and Quality of Life, 175 The Downside of Connective Security, 179 6. Network Competition and the Challenges Ahead 183 My Girlfriend Went Shopping . in China, 184 Authoritarian, but Social, 196 Bots and Simulations, 202 DRM for the Material World? 211 Other Challenges (That Are Lesser Challenges), 214 The Downside of Up, 218 Rival Devices on Competing Networks, 220 7. Building a Democracy of Our Own Devices 224 Your Coffee Betrays You, 225 Internet Succession: Computers, Mobiles, Things, 229 The World Ahead, 232 The Hope and Instability of Hackers and Whistle Blowers, 235 Firing the Social Scientists—and Training New Ones, 240 Putting the Civic into the Internet of Things, Domestically, 242 Device Networks and Foreign Affairs, 249 How Can You Thrive in the Pax Technica? 254 The Promise of the Pax, 255 Notes 259 Glossary 295 Acknowledgments 299 Index 303 ix YY6658.indb6658.indb iixx 22/2/15/2/15 11:15:1911:15:19 AAMM This page intentionally left blank preface In the next few years we will be immersed in a world of con- nected devices. This book is about the political impact of hav- ing everyone and everything connected through digital net- works. The “internet of things” consists of human-made objects with small power supplies, embedded sensors, and addresses on the internet. Most of these networked devices are everyday items that are sending and receiving data about their conditions and our behavior. Unlike mobile phones and computers, devices on these networks are not designed for deliberate social inter- action, content creation, or cultural consumption. The bulk of these networked devices simply communicate with other de- vices: coffeemakers, car parts, clothes, and a plethora of other products. This will not be an internet you experience through a browser. Indeed, as the technology develops, many of us will be barely aware that so many objects around us have power, are sensing, and are sending and receiving data. One industry analyst estimates that the internet of things will have an installed base of twenty-six billion devices by 2020, only a billion of which will be personal computers, tablets, and smartphones. An industry consulting fi rm estimates thirty billion connected devices. One of the main manufacturers of xi YY6658.indb6658.indb xxii 22/2/15/2/15 11:15:1911:15:19 AAMM preface networking equipment estimates fi fty billion devices and ob- jects. In the next fi ve years more than a thousand networked “nanosats”—relatively small satellites that operate in formation and have low transition power—will be launched into space. Drone production, whether for the military or hobbyists, is dif- fi cult to track. But government security services have them, and activists and humanitarian organizations have them, too. A re- port from the OECD on the internet of things estimates that a family of four will go from having an average of ten devices con- nected to the internet now to twenty-fi ve in 2017 and fi fty by 2022. Every one of those will have sensors and a radio that can broadcast information about the time, the device’s location, its status, and how it has been used.1 Industry estimates like this are often bullish. But it is safe to say that by 2020 there will be around eight billion people on the planet, and three or four times as many connected devices. En- gineers expect so many of these connected devices that they have reconfi gured the addressing system to allow for 2 to the 128th power addresses–enough for each atom on the face of the earth to have 100 internet addresses.2 The internet of things is devel- oping now because we’ve fi gured out how to give everything we produce an address, we have enough bandwidth to allow device- to-device communications, and we have the capacity to store all the data those exchanges create. But why write a book, now, about the politics of the next internet? Many of us are not happy with the internet we have now and are eager to fi nd more ways of protecting individual privacy, sharing data, and bringing access to everyone. The internet of things, with embedded sensors and extensive device networks, xii YY6658.indb6658.indb xxiiii 22/2/15/2/15 11:15:1911:15:19 AAMM preface will solve some problems but exacerbate others. Many of the de- sign choices for this next internet are being made now, and our experience over the past twenty-fi ve years is that it is almost im- possible to use public policy to guide technology development after the technology has rolled out to consumers. And there are clues—there is evidence—about how the political internet has de- veloped that can help us anticipate the problems and think pro- actively about how to steer the massive engineering project that is the internet of things. For example, the latest smartphones, watches, and wearable technologies reveal how immersive and pervasive the internet of things will be. Cell phones have the ability to take one location point per second, but don’t do so because their power supply is limited. If you give an application on your phone permission to use location information, it will send information to a server at the rate the developer chooses. If you use a crowd-sourcing ap- plication for traffi c data, your phone is sending data about your commute. If you use an application to keep track of your jog- ging, your phone is generating geotagged data about your move- ments relative to other people. Every time you take a picture, check in with your favorite social networking application, or track your health, data is sent from your phone to a cell phone tower or router and over a vast network of digital switches.
Recommended publications
  • Analysis of Malware and Domain Name System Traffic
    Analysis of Malware and Domain Name System Traffic Hamad Mohammed Binsalleeh A Thesis in The Department of Computer Science and Software Engineering Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy at Concordia University Montréal, Québec, Canada July 2014 c Hamad Mohammed Binsalleeh, 2014 CONCORDIA UNIVERSITY Division of Graduate Studies This is to certify that the thesis prepared By: Hamad Mohammed Binsalleeh Entitled: Analysis of Malware and Domain Name System Traffic and submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy complies with the regulations of this University and meets the accepted standards with respect to originality and quality. Signed by the final examining committee: Chair Dr. Christian Moreau External Examiner Dr. Nadia Tawbi Examiner to Program Dr. Lingyu Wang Examiner Dr. Peter Grogono Examiner Dr. Olga Ormandjieva Thesis Co-Supervisor Dr. Mourad Debbabi Thesis Co-Supervisor Dr. Amr Youssef Approved by Chair of the CSE Department 2014 Dean of Engineering ABSTRACT Analysis of Malware and Domain Name System Traffic Hamad Mohammed Binsalleeh Concordia University, 2014 Malicious domains host Command and Control servers that are used to instruct in- fected machines to perpetuate malicious activities such as sending spam, stealing creden- tials, and launching denial of service attacks. Both static and dynamic analysis of malware as well as monitoring Domain Name System (DNS) traffic provide valuable insight into such malicious activities and help security experts detect and protect against many cyber attacks. Advanced crimeware toolkits were responsible for many recent cyber attacks. In order to understand the inner workings of such toolkits, we present a detailed reverse en- gineering analysis of the Zeus crimeware toolkit to unveil its underlying architecture and enable its mitigation.
    [Show full text]
  • An Analysis of the Asprox Botnet
    An Analysis of the Asprox Botnet Ravishankar Borgaonkar Technical University of Berlin Email: [email protected] Abstract—The presence of large pools of compromised com- motives. Exploitable vulnerabilities may exist in the Internet puters, also known as botnets, or zombie armies, represents a infrastructure, in the clients and servers, in the people, and in very serious threat to Internet security. This paper describes the way money is controlled and transferred from the Internet the architecture of a contemporary advanced bot commonly known as Asprox. Asprox is a type of malware that combines into traditional cash. Many security firms and researchers are the two threat vectors of forming a botnet and of generating working on developing new methods to fight botnets and to SQL injection attacks. The main features of the Asprox botnet mitigate against threats from botnets [7], [8], [9]. are the use of centralized command and control structure, HTTP based communication, use of advanced double fast-flux service Unfortunately, there are still many questions that need to networks, use of SQL injection attacks for recruiting new bots be addressed to find effective ways of protecting against the and social engineering tricks to spread malware binaries. The threats from botnets. In order to fight against botnets in future, objective of this paper is to contribute to a deeper understanding of Asprox in particular and a better understanding of modern it is not enough to study the botnets of past. Botnets are botnet designs in general. This knowledge can be used to develop constantly evolving, and we need to understand the design more effective methods for detecting botnets, and stopping the and structure of the emerging advanced botnets.
    [Show full text]
  • Detecting Botnets Using File System Indicators
    Detecting botnets using file system indicators Master's thesis University of Twente Author: Committee members: Peter Wagenaar Prof. Dr. Pieter H. Hartel Dr. Damiano Bolzoni Frank Bernaards LLM (NHTCU) December 12, 2012 Abstract Botnets, large groups of networked zombie computers under centralised control, are recognised as one of the major threats on the internet. There is a lot of research towards ways of detecting botnets, in particular towards detecting Command and Control servers. Most of the research is focused on trying to detect the commands that these servers send to the bots over the network. For this research, we have looked at botnets from a botmaster's perspective. First, we characterise several botnet enhancing techniques using three aspects: resilience, stealth and churn. We see that these enhancements are usually employed in the network communications between the C&C and the bots. This leads us to our second contribution: we propose a new botnet detection method based on the way C&C's are present on the file system. We define a set of file system based indicators and use them to search for C&C's in images of hard disks. We investigate how the aspects resilience, stealth and churn apply to each of the indicators and discuss countermeasures botmasters could take to evade detection. We validate our method by applying it to a test dataset of 94 disk images, 16 of which contain C&C installations, and show that low false positive and false negative ratio's can be achieved. Approaching the botnet detection problem from this angle is novel, which provides a basis for further research.
    [Show full text]
  • Digital Silk Road in Central Asia: Present and Future
    Digital Silk Road in Central Asia: Present and Future NARGIS KASSENOVA & BRENDAN DUPREY, EDITORS JUNE 2021 Digital Silk Road in Central Asia: Present and Future Nargis Kassenova & Brendan Duprey, Editors JUNE 2021 Digital Silk Road in Central Asia: Present and Future is a project of the Davis Center for Russian and Eurasian Studies at Harvard University, and the Sustainable Kazakhstan Research Institute, Narxoz University, supported by a grant from Friedrich Ebert Foundation in Kazakhstan. © 2021 Davis Center for Russian and Eurasian Studies Cataloging-in-Publication data ISBN: 978-0-578-93435-8 Please direct inquiries to: Nargis Kassenova Kathryn W. and Shelby Cullom Davis Center for Russian and Eurasian Studies Harvard University 1730 Cambridge Street, Suite S301 Cambridge, MA 02138 Phone: 617.496.5684 Fax: 617.495.8319 [email protected] The full text of this report can be accessed at https://daviscenter.fas.harvard.edu/digital-silk-road. Limited print copies are also available. ii Digital Silk Road in Central Asia: Present and Future Contents iv Acknowledgements v Introduction Nargis Kassenova and Brendan Duprey vii Executive Summary 1 The Puzzle of the Digital Silk Road Elisa Oreglia, Hongyi Ren, and Chia-Chi Liao 9 Sino-Russian Advocacy for “Internet Sovereignty” and State-Led Internet Governance Miranda Lupion 17 Digital Silk Road and Surveillance Technology in Central Asia Cian Stryker 55 The Sino-Russian Digital Cooperation and Its Implications for Central Asia Miranda Lupion 77 Beyond the GovTech: The Pitfalls of Kazakhstan’s Digitalization Agenda Anna Gussarova 85 Turkmenistan’s Digitalization Strategy: Old Practices, New Façade? Rustam Muhamedov 93 The Role of Big Earth Data for the Implementation of the Sustainable Development Goals in Central Asia Brendan Duprey and Akmal Akramkhanov 118 About the Authors Contents iii Acknowledgements We would like to thank the Friedrich Ebert Foundation in Kazakhstan for providing moral and financial support to the project.
    [Show full text]
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
    [Show full text]
  • Ethical Hacking
    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.
    [Show full text]
  • Defending Against Cybercrime: Advances in the Detection of Malicious Servers and the Analysis of Client-Side Vulnerabilities
    UNIVERSIDAD POLITECNICA´ DE MADRID ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ Defending Against Cybercrime: Advances in the Detection of Malicious Servers and the Analysis of Client-Side Vulnerabilities PH.D THESIS Antonio Nappa Copyright c February 2016 by Antonio Nappa DEPARTAMENTAMENTO DE LENGUAJES Y SISTEMAS INFORMATICOS´ E INGENIERIA DE SOFTWARE ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ Defending Against Cybercrime: Advances in the Detection of Malicious Servers and the Analysis of Client-Side Vulnerabilities SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF: Doctor en Inform´atica Author: Antonio Nappa Advisor Dr. Juan Caballero February 2016 Jury: Somesh Jha, Professor of Computer Sciences - University of Wisconsin-Madison Lorenzo Cavallaro, Senior Lecturer of Computer Sciences - Royal Holloway University of London Juan Manuel Est´evez Tapiador, Profesor Titular de Universidad - Universi- dad Carlos III de Madrid Victor A. Villagr´a, Profesor Titular de Universidad - Universidad Polit´ecnica de Madrid Boris K¨opf, Assistant Research Professor - IMDEA Software Institute Carmela Troncoso, Researcher - IMDEA Software Institute Manuel Carro, Profesor Titular de Universidad - Universidad Polit´ecnica de Madrid Resumen de la tesis Esta tesis se centra en el an´alisisde dos aspectos complementarios de la ciberdelin- cuencia (es decir, el crimen perpetrado a trav´esde la red para ganar dinero). Estos dos aspectos son las m´aquinasinfectadas utilizadas para obtener beneficios econ´omicosde la delincuencia a trav´esde diferentes acciones (como por ejemplo, clickfraud, DDoS, correo no deseado) y la infraestructura de servidores utiliza- dos para gestionar estas m´aquinas(por ejemplo, C & C, servidores explotadores, servidores de monetizaci´on,redirectores). En la primera parte se investiga la exposici´ona las amenazas de los orde- nadores victimas.
    [Show full text]
  • SUSTAINABILITY INDEPENDENT MEDIA in the Middle East INDEX and North Africa 2009 MEDIA SUSTAINABILITY INDEX 2009
    algeria egypt iraq jordan bahrain kuwait lebanon morocco libya oman palestine united arab emirates saudi arabia syria iraq-kurdistan tunisia iran qatar yemen DEVELOPMENT MEDIA OF SUSTAINABLE SUSTAINABILITY INDEPENDENT MEDIA IN THE MIDDLE EAST INDEX AND NORTH AFRICA 2009 MEDIA SUSTAINABILITY INDEX 2009 The Development of Sustainable Independent Media in the Middle East and North Africa MEDIA SUSTAINABILITY INDEX 2009 The Development of Sustainable Independent Media in the Middle East and North Africa www.irex.org/msi Copyright © 2011 by IREX IREX 2121 K Street, NW, Suite 700 Washington, DC 20037 E-mail: [email protected] Phone: (202) 628-8188 Fax: (202) 628-8189 www.irex.org Project manager: Leon Morse Assistant editor: Dayna Kerecman Myers Copyeditors: Carolyn Feola de Rugamas, Carolyn.Ink; Kelly Kramer, WORDtoWORD Editorial Services; OmniStudio Design and layout: OmniStudio Printer: Westland Enterprises, Inc. Notice of Rights: Permission is granted to display, copy, and distribute the MSI in whole or in part, provided that: (a) the materials are used with the acknowledgement “The Media Sustainability Index (MSI) is a product of IREX with funding from USAID.”; (b) the MSI is used solely for personal, noncommercial, or informational use; and (c) no modifications of the MSI are made. Acknowledgment: This publication was made possible through support provided by the United States Agency for International Development (USAID) under Cooperative Agreement No. #DFD-A-00-05-00243 (MSI-MENA) via a Task Order by the Academy for Educational Development. Disclaimer: The opinions expressed herein are those of the panelists and other project researchers and do not necessarily reflect the views of USAID or IREX.
    [Show full text]
  • Survey and Taxonomy of Botnet Research Through Life-Cycle
    Survey and Taxonomy of Botnet Research through Life-Cycle RAFAEL A. RODR´IGUEZ-GOMEZ,´ GABRIEL MACIA-FERN´ ANDEZ´ and PEDRO GARC´IA-TEODORO, University of Granada Of all current threats to cybersecurity, botnets are at the top of the list. In consequence, interest in this problem is increasing rapidly among the research community and the number of publications on the question has grown exponentially in recent years. This article proposes a taxonomy of botnet research and presents a survey of the field to provide a comprehensive overview of all these contributions. Furthermore, we hope to provide researchers with a clear perspective of the gaps that remain to be filled in our defenses against botnets. The taxonomy is based upon the botnet’s life-cycle, defined as the sequence of stages a botnet needs to pass through in order to reach its goal. This approach allows us to consider the problem of botnets from a global perspective, which constitutes a key difference from other taxonomies that have been proposed. Under this novel taxonomy, we conclude that all attempts to defeat botnets should be focused on one or more stages of this life-cycle. In fact, the sustained hindering of any of the stages makes it possible to thwart a botnet’s progress and thus render it useless. We test the potential capabilities of our taxonomy by means of a survey of current botnet research, and find it genuinely useful in understanding the focus of the different contributions in this field. Categories and Subject Descriptors: K.6.5 [Security and Protection]: Invasive Software; K.4.2 [Social Issues]: Abuse and Crime Involving Computers General Terms: Security Additional Key Words and Phrases: Attack, botnet, defense, detection, survey, taxonomy 45 ACM Reference Format: Rodr´ıguez-Gomez,´ R.
    [Show full text]
  • Detecting DGA Bots in a Single Network
    BotDigger: Detecting DGA Bots in a Single Network Han Zhang Manaf Gharaibeh Spiros Thanasoulas Christos Papadopoulos Department of Computer Science Colorado State University Fort Collins, Colorado, USA 80521 Email: zhang, gharaibe, spiros.thanasoulas, [email protected] Abstract—To improve the resiliency of communication be- compared to legitimate hosts. For example, DGA bots send tween bots and C&C servers, bot masters began utilizing Domain more DNS queries than legitimate hosts. Last, if we can detect Generation Algorithms (DGA) in recent years. Many systems have bots only using DNS traffic when they look for C&C domains, been introduced to detect DGA-based botnets. However, they we can stop the attacks even before they happen. suffer from several limitations, such as requiring DNS traffic collected across many networks, the presence of multiple bots Many previous works have been introduced to detect DGA- from the same botnet, and so forth. These limitations make it very based botnets and malicious domains (e.g., C&C domains, hard to detect individual bots when using traffic collected from a single network. In this paper, we introduce BotDigger, a system phishing domains) using DNS traffic [8], [20], [9], [6], [22], that detects DGA-based bots using DNS traffic without a priori [23], [17]. They share some common assumptions, such as knowledge of the domain generation algorithm. BotDigger utilizes DGA domains generated by the same algorithm have similar a chain of evidence, including quantity, temporal and linguistic linguistic attributes, DGA domains’ attributes are different evidence to detect an individual bot by only monitoring traffic from legitimate ones, and so forth.
    [Show full text]
  • Domain Generation Algorithm (DGA) Detection
    Domain Generation Algorithm (DGA) Detection by Shubhangi Upadhyay Bachelors of Computer Science, UPTU, 2016 A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF Masters of Computer Science In the Graduate Academic Unit of Faculty of Computer Science Supervisor(s): Ali Ghorbani, Ph.D, Faculty of Computer Science Examining Board: Suprio Ray, Ph.D, Faculty of Computer Science, Chair Arash Habibi, Ph.D, Faculty of Computer Science, Chair Donglei Du, PhD, Faculty of Management, UNB This thesis is accepted by the Dean of Graduate Studies THE UNIVERSITY OF NEW BRUNSWICK May, 2020 © Shubhangi Upadhyay, 2020 Abstract Domain name plays a crucial role today, as it is designed for humans to refer the access point they need and there are certain characteristics that every domain name has which justifies their existence. A technique was developed to algorithmically generate domain names with the idea to solve the problem of designing domain names manually. DGAs are immune to static prevention methods like blacklisting and sinkholing. Attackers deploy highly sophisticated tactics to compromise end- user systems to gain control as a target for malware to spread. There have been multiple attempts made using lexical feature analysis, domain query responses by blacklist or sinkholing, and some of these techniques have been really efficient as well. In this research the idea to design a framework to detect DGAs even in real network traffic, using features studied from legitimate domain names in static and real traffic, by considering feature extraction as the key of the framework we propose. The detection process consists of detection, prediction and classification attaining a maximum accuracy of 99% even without using neural networks or deep learning techniques.
    [Show full text]
  • DEFENDING CYBERSPACE Table of Contents Features
    per VOLUME 5, ISSUE 2, 2014 ConcordiamJournal of European Security and Defense Issues n COMBINED ENDEAVOR n CENTRAL ASIA ONLINE Exercise builds interoperability Balancing freedom and security n REGIONAL ROUNDUP PLUS Eastern Europe’s cyber readiness Containing Afghan heroin n NATO SCHOOL Free movement of labor Training to thwart attacks EU Eastern Partnership DEFENDING CYBERSPACE Table of Contents features ON THE COVER PER CONCORDIAM ILLUSTRATION The defense of cyberspace is a task that transcends individual nations. Nefarious actors use the Internet not just to steal money and information but to desta- bilize countries and disrupt commerce. To thwart this growing problem, multinational coordination of cyber security policy is critical. 36 40 10 Striving for Cyber Excellence 20 Combined Endeavor By Liis Vihul, NATO Cooperative Cyber Defence By Robert L. Watson, chief of the Combined Interoperability Centre of Excellence Branch, U.S. European Command A NATO Centre of Excellence in Tallinn, A NATO exercise in Germany promotes military Estonia, issues guidelines for handling preparedness in the cyber realm. Internet-based attacks. 24 Regional Cyber Security 14 The Complexities of Central By Police Lt. Giorgi Tielidze, Daniel Bagge, Natalia Spinu Asian Cyber Security and Zvonimir Ivanović Georgia, the Czech Republic, Moldova By Nuria Kutnaeva, independent researcher, Kyrgyz Republic and Serbia embrace plans to protect vital Protecting Internet users doesn’t require infrastructure. sacrificing democratic principles. departments COOPERATION 52 Free to Work Labor mobility is vital to building prosperity among nations of the European Union. SECURITY 56 Taking on Narcotrafficking A strategy to stop Afghan heroin must include border security and demand reduction.
    [Show full text]