E-Commerce Security and Fraud Issues and Protections 10

Total Page:16

File Type:pdf, Size:1020Kb

E-Commerce Security and Fraud Issues and Protections 10 E-Commerce Security and Fraud Issues and Protections 10 C o n t e n t s Learning Objectives Opening Case: How State University of New York College at Old Westbury Upon completion of this chapter, you will be Controls Its Internet Use ...................................... 458 able to: 10.1 The Information Security Problem .......... 459 1. Understand the importance and scope of security of information systems for EC. 10.2 Basic E-Commerce Security Issues and Landscape ........................................... 465 2. Describe the major concepts and terminol- ogy of EC security. 10.3 Technical Malware Attack Methods: From Viruses to Denial of Service ............ 471 3. Understand about the major EC security threats, vulnerabilities, and technical attacks. 10.4 Nontechnical Methods: From Phishing to Spam and Fraud .................... 476 4. Understand Internet fraud, phishing, and spam. 10.5 The Information Assurance Model 5. Describe the information assurance security and Defense Strategy ................................. 484 principles. 10.6 The Defense I: Access Control, 6. Identify and assess major technologies Encryption, and PKI ................................. 488 and methods for securing EC access and 10.7 The Defense II: Securing communications. E-Commerce Networks ............................. 494 7. Describe the major technologies for protec- 10.8 The Defense III: General Controls, tion of EC networks. Spam, Pop Ups, Fraud, and Social 8. Describe various types of controls and special Engineering Controls................................. 497 defense mechanisms. 10.9 Implementing Enterprisewide 9. Describe consumer and seller protection from E-Commerce Security ............................... 500 fraud. Managerial Issues.................................................. 504 10. Discuss enterprisewide implementation issues Closing Case: How One Bank Stopped Scams, for EC security. Spams, and Cybercriminals ................................. 509 11. Understand why it is so diffi cult to stop computer crimes. Electronic supplementary material The online version of this chapter (doi: 10.1007/978-3-319-10091-3_10 ) contains supplementary material, which is available to authorized users E. Turban et al., Electronic Commerce: A Managerial and Social Networks Perspective, 457 Springer Texts in Business and Economics, DOI 10.1007/978-3-319-10091-3_10, © Springer International Publishing Switzerland 2015 458 10 E-Commerce Security and Fraud Issues and Protections educational related activities sometimes inter- OPENING CASE: HOW STATE fered with classroom or research needs. UNIVERSITY OF NEW YORK COLLEGE AT OLD WESTBURY CONTROLS ITS INTERNET USE The Solution The State University of New York (SUNY) All students, faculty, and staff received a user ID College at Old Westbury ( oldwestbury.edu ) is a for computer utilization. Next, a new usage pol- relatively small U.S. university located in Long icy was implemented. This policy was communi- Island, New York. The college has 3,300 students cated to all users and was enforced by monitoring and 122 full-time faculty. Internet access is the usage for each ID, watching network traffi c, essential for both faculty and students. and performing behavioral analysis. The policy covered all users, all devices, and all types of usage, including mobile devices and The Problem the Internet. According to SUNY College at Old Westbury ( 2014 ), the policy states that users The College does not regulate the types of should not expect full privacy when it comes to devices people use in its network, such as lap- their e-mail messages or other online private tops, tablets, and smartphones, nor the purposes information, including Internet usage records for which the devices are used. Thus, students, and sets forth what information is collected by faculty, and networks are vulnerable to a variety the university. Given that the IDs identify the of security issues, many of which originate from type of users (e.g., student or faculty), manage- social media websites such as Facebook and ment was able to set priorities in allocating YouTube. The College encourages the use of bandwidth. social media as a collaborative, sharing, and Old Westbury is not alone in utilizing a policy learning environment. to control Internet usage. Social Media Governance Social media is also a leading target for mal- ( socialmediagovernance.com ) is a website that ware writers. With the large number of down- provides tools and instructions regarding the con- loads, social media has become an ideal place for trol of computing resources where social media is cybercriminals to insert viruses and hack into concerned. systems. Phishers use social engineering tech- niques to deceive users into clicking on, or down- loading, malware. The Results Because of the various devices used by the students and faculty, the College’s attempts to The new system monitors performance and auto- manage network security were unsuccessful. matically sends alerts to management when devi- Specifi cally, the attempt to use intelligent agents ations from the policy occur (e.g., excessive (which some students objected to having on their usage). Also, it conducts behavioral analysis and computers) as guards failed. reports behavioral changes of users. The College had computer-use policies in The users are contacted via e-mail and alerted place, but these were established in the past for to the problem. The system may even block the older computing environments. Since the old user’s access. In such an event, the user can go to policies were not effective, the university decided the student computer lab for problem resolution. to transform its old usage policy to meet the Bandwidth is controlled only when classes are needs of current technology. in session. Bandwidth usage was a problem due to the Sources : Based on Goodchild ( 2011 ), SUNY extensive downloading of videos by faculty ( 2014 ), and oldwestbury.edu (accessed May and students. The high level usage for non 2014). 10.1 The Information Security Problem 459 information systems. It is a very broad fi eld due to LESSONS LEARNED FROM THE CASE the many methods of attack as well as the many This case demonstrates two problems: pos- modes of defense. The attacks on and defenses for sible malware attacks and insuffi cient computers can affect individuals, organizations, bandwidth. Both problems can reduce the countries, or the entire Web. Computer security effectiveness of SUNY’s computerized aims to prevent, or at least minimize, the attacks. system, interfering with students’ learning We classify computer security into two catego- and faculty teaching and research. The ries: generic topics , relating to any information solution, in which the university can moni- system (e.g., encryption), and EC-related issues , tor when users are on the university net- such as buyers’ protection. Attacks on EC work, look for any unusual activity, and websites, identify theft of both individuals and take appropriate action if needed, demon- organizations, and a large variety of fraud strates one of the defense mechanisms used schemes, such as phishing, are described in this by an organization. The new polices con- chapter. fl ict with student privacy – a typical situa- Information security has been ranked consis- tion in security systems: the tighter the tently as one of the top management concerns in security, the less privacy and fl exibility the United States and many other countries. people have. In this chapter, we introduce Figure 10.1 illustrates the major topics cited in the broad battlefi eld between attacks on various studies as being the most important in information systems and the defense of information security. those systems. We also present the issues of fraud in e-commerce and strategies and policies available to organizations for The Status of Computer Security deploying security measures. in the United States Several private and government organizations try to assess the status of computer security in the United States annually. Notable is the annual CSI 10.1 THE INFORMATION report, which is described next. SECURITY PROBLEM No one really knows the true impact of online security breaches because, according to the Information security refers to a variety of activ- Computer Security Institute (CSI; gocsi.com ), ities and methods that protect information sys- 2010/2011 Computer Crime and Security Survey, tems, data, and procedures from any action only 27.5% of businesses report computer designed to destroy, modify, or degrade the sys- intrusions to legal authorities. The survey is avail- tems and their operations. In this chapter, we pro- able at scadahacker.com/library/Documents/ vide an overview of the generic information Insider_Threats/CSI%20-%202010-2011%20 security problems and solutions as they relate to Computer%20Crime%20and%20Security% EC and IT. In this section, we look at the nature 20Survey.pdf . Comprehensive annual security of the security problems, the magnitude of the surveys are published periodically by IBM, problems, and introduce some essential terminol- Symantec, and other organizations. ogy of information security. In addition to organizational security issues, there is also the issue of personal security. What Is EC Security? Personal Security Fraud on the Web is aimed mostly at individuals. Computer security in general refers to the protec- In addition, loose security may mean danger of tion of data, networks, computer programs, com- personal safety due to sex offenders who fi nd puter
Recommended publications
  • Cyber Security Practices and Challenges at Selected Critical Infrastructures in Ethiopia: Towards Tailoring Cyber Security Framework
    ADDIS ABABA UNIVERSITY COLLEGE OF NATURAL AND COMPUTATIONAL SCIENCES SCHOOL OF INFORMATION SCIENCE CYBER SECURITY PRACTICES AND CHALLENGES AT SELECTED CRITICAL INFRASTRUCTURES IN ETHIOPIA: TOWARDS TAILORING CYBER SECURITY FRAMEWORK By TEWODROS GETANEH JUNE, 2018 ADDIS ABABA, ETHIOPIA ADDIS ABABA UNIVERSITY COLLEGE OF NATURAL AND COMPUTATIONAL SCIENCES SCHOOL OF INFORMATION SCIENCE CYBER SECURITY PRACTICES AND CHALLENGES AT SELECTED CRITICAL INFRASTRUCTURES IN ETHIOPIA: TOWARDS TAILORING CYBER SECURITY FRAMEWORK A Thesis Submitted to School of Graduate Studies of Addis Ababa University in Partial Fulfillment of the Requirements for the Degree of Master of Science in Information Science By: TEWODROS GETANEH Advisor: Tebebe Beshah (PhD) JUNE, 2018 Addis Ababa, Ethiopia ADDIS ABABA UNIVERSITY COLLEGE OF NATURAL AND COMPUTATIONAL SCIENCE SCHOOL OF INFORMATION SCIENCE CYBER SECURITY PRACTICES AND CHALLENGES AT SELECTED CRITICAL INFRASTRUCTURES IN ETHIOPIA: TOWARDS TAILORING CYBER SECURITY FRAMEWORK By: Tewodros Getaneh Name and signature of Members of the Examining Board Tebebe Beshah (PhD) __________ _________ Advisor Signature Date Lemma Lenssa (PhD) ___________ __________ Examiner Signature Date Dereje Teferi (PhD) __________ _________ Examiner Signature Date Declaration This thesis has not previously been accepted for any degree and is not being concurrently submitted in candidature for any degree in any university. I declare that the thesis is a result of my own investigation, except where otherwise stated. I have undertaken the study independently with the guidance and support of my research advisor. Other sources are acknowledged by citations giving explicit references. A list of references is appended. Signature: ________________________ Tewodros Getaneh This thesis has been submitted for examination with my approval as university advisor. Advisor’s Signature: ________________________ Tebebe Beshah (PhD) i | P a g e Dedication This work is dedicated to my beloved sister Eleni Getaneh.
    [Show full text]
  • Schwab's Fraud Encyclopedia
    Fraud Encyclopedia Updated June 2018 Contents Introduction . 3 Scams . 26 How to use this Fraud Encyclopedia . 3 1 . Properties . 28 2. Romance/marriage/sweetheart/catfishing . 28 Email account takeover . 4 3 . Investments/goods/services . .. 29 1 . Emotion . 7 4 . Prizes/lotteries . 29 2 . Unavailability . 7 5 . IRS . 30 3 . Fee inquiries . 8 6 . Payments . 30 4 . Attachments . 9 Other cybercrime techniques . 31 5 . International wires . 10 1 . Malware . 33 6 . Language cues . 10 2 . Wi-Fi connection interception . 34 7 . Business email compromise . 11 3 . Data breaches . 35 Client impersonation and identity theft . 12 4 . Credential replay incident (CRI) . 37 1 . Social engineering . 14 5 . Account online compromise/takeover . 37 2. Shoulder surfing . 14 6 . Distributed denial of service (DDoS) attack . 38 3. Spoofing . 15 Your fraud checklist . 39 4 . Call forwarding and porting . 16 Email scrutiny . 39 5 . New account fraud . 16 Verbally confirming client requests . 40 Identical or first-party disbursements . 17 Safe cyber practices . 41 1 . MoneyLink fraud . 19 What to do if fraud is suspected . 42 2 . Wire fraud . .. 19 Schwab Advisor Center® alerts . 43 3 . Check fraud . 20 4 . Transfer of account (TOA) fraud . 20 Phishing . 21 1 . Spear phishing . 23 2 . Whaling . .. 24 3 . Clone phishing . 24 4 . Social media phishing . 25 CONTENTS | 2 Introduction With advances in technology, we are more interconnected than ever . But we’re also more vulnerable . Criminals can exploit the connectivity of our world and use it to their advantage—acting anonymously How to use this to perpetrate fraud in a variety of ways . Fraud Encyclopedia Knowledge and awareness can help you protect your firm and clients and guard against cybercrime.
    [Show full text]
  • A Fast Unsupervised Social Spam Detection Method for Trending Topics
    Information Quality in Online Social Networks: A Fast Unsupervised Social Spam Detection Method for Trending Topics Mahdi Washha1, Dania Shilleh2, Yara Ghawadrah2, Reem Jazi2 and Florence Sedes1 1IRIT Laboratory, University of Toulouse, Toulouse, France 2Department of Electrical and Computer Engineering, Birzeit University, Ramallah, Palestine Keywords: Twitter, Social Networks, Spam. Abstract: Online social networks (OSNs) provide data valuable for a tremendous range of applications such as search engines and recommendation systems. However, the easy-to-use interactive interfaces and the low barriers of publications have exposed various information quality (IQ) problems, decreasing the quality of user-generated content (UGC) in such networks. The existence of a particular kind of ill-intentioned users, so-called social spammers, imposes challenges to maintain an acceptable level of information quality. Social spammers sim- ply misuse all services provided by social networks to post spam contents in an automated way. As a natural reaction, various detection methods have been designed, which inspect individual posts or accounts for the existence of spam. These methods have a major limitation in exploiting the supervised learning approach in which ground truth datasets are required at building model time. Moreover, the account-based detection met- hods are not practical for processing ”crawled” large collections of social posts, requiring months to process such collections. Post-level detection methods also have another drawback in adapting the dynamic behavior of spammers robustly, because of the weakness of the features of this level in discriminating among spam and non-spam tweets. Hence, in this paper, we introduce a design of an unsupervised learning approach dedicated for detecting spam accounts (or users) existing in large collections of Twitter trending topics.
    [Show full text]
  • Analysis and Detection of Low Quality Information in Social Networks
    ANALYSIS AND DETECTION OF LOW QUALITY INFORMATION IN SOCIAL NETWORKS A Thesis Presented to The Academic Faculty by De Wang In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the School of Computer Science at the College of Computing Georgia Institute of Technology August 2014 Copyright c 2014 by De Wang ANALYSIS AND DETECTION OF LOW QUALITY INFORMATION IN SOCIAL NETWORKS Approved by: Professor Dr. Calton Pu, Advisor Professor Dr. Edward R. Omiecinski School of Computer Science School of Computer Science at the College of Computing at the College of Computing Georgia Institute of Technology Georgia Institute of Technology Professor Dr. Ling Liu Professor Dr. Kang Li School of Computer Science Department of Computer Science at the College of Computing University of Georgia Georgia Institute of Technology Professor Dr. Shamkant B. Navathe Date Approved: April, 21 2014 School of Computer Science at the College of Computing Georgia Institute of Technology To my family and all those who have supported me. iii ACKNOWLEDGEMENTS When I was a little boy, my parents always told me to study hard and learn more in school. But I never thought that I would study abroad and earn a Ph.D. degree at United States at that time. The journey to obtain a Ph.D. is quite long and full of peaks and valleys. Fortunately, I have received great helps and guidances from many people through the journey, which is also the source of motivation for me to move forward. First and foremost I should give thanks to my advisor, Prof. Calton Pu.
    [Show full text]
  • Towards Mitigating Unwanted Calls in Voice Over IP
    FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Towards Mitigating Unwanted Calls in Voice Over IP Muhammad Ajmal Azad Programa Doutoral em Engenharia Electrotécnica e de Computadores Supervisor: Ricardo Santos Morla June 2016 c Muhammad Ajmal Azad, 2016 Towards Mitigating Unwanted Calls in Voice Over IP Muhammad Ajmal Azad Programa Doutoral em Engenharia Electrotécnica e de Computadores June 2016 I Dedicate This Thesis To My Parents and Wife For their endless love, support and encouragement. i Acknowledgments First and foremost, I would like to express my special gratitude and thanks to my advisor, Professor Dr. Ricardo Santos Morla for his continuous support, supervision and time. His suggestions, advice and criticism on my work have helped me a lot from finding a problem, design a solution and analyzing the solution. I am forever grateful to Dr. Morla for mentoring and helping me throughout the course of my doctoral research.. I would like to thanks my friends Dr. Arif Ur Rahman and Dr. Farhan Riaz for helping in understanding various aspects of research at the start of my Ph.D, Asif Mohammad for helping me in coding with Java, and Bilal Hussain for constructive debate other than academic research and continuous encouragements in the last three years. Of course acknowledgments are incomplete without thanking my parents, family members and loved ones. I am very thankful to my parents for spending on my education despite limited resources. They taught me about hard work, make me to study whenever I run away, encourage me to achieve the goals, self-respect and always encourage me for doing what i want.
    [Show full text]
  • Towards Detecting Compromised Accounts on Social Networks
    Towards Detecting Compromised Accounts on Social Networks Manuel Egeley, Gianluca Stringhinix, Christopher Kruegelz, and Giovanni Vignaz yBoston University xUniversity College London zUC Santa Barbara [email protected], [email protected], fchris,[email protected] Abstract Compromising social network accounts has become a profitable course of action for cybercriminals. By hijacking control of a popular media or business account, attackers can distribute their malicious messages or disseminate fake information to a large user base. The impacts of these incidents range from a tarnished reputation to multi-billion dollar monetary losses on financial markets. In our previous work, we demonstrated how we can detect large-scale compromises (i.e., so-called campaigns) of regular online social network users. In this work, we show how we can use similar techniques to identify compromises of individual high-profile accounts. High-profile accounts frequently have one characteristic that makes this detection reliable – they show consistent behavior over time. We show that our system, were it deployed, would have been able to detect and prevent three real-world attacks against popular companies and news agencies. Furthermore, our system, in contrast to popular media, would not have fallen for a staged compromise instigated by a US restaurant chain for publicity reasons. 1 Introduction phishing web sites [2]. Such traditional attacks are best carried out through a large population of compromised accounts Online social networks, such as Facebook and Twitter, have belonging to regular social network account users. Recent become one of the main media to stay in touch with the rest incidents, however, demonstrate that attackers can cause havoc of the world.
    [Show full text]
  • Adversarial Web Search by Carlos Castillo and Brian D
    Foundations and TrendsR in Information Retrieval Vol. 4, No. 5 (2010) 377–486 c 2011 C. Castillo and B. D. Davison DOI: 10.1561/1500000021 Adversarial Web Search By Carlos Castillo and Brian D. Davison Contents 1 Introduction 379 1.1 Search Engine Spam 380 1.2 Activists, Marketers, Optimizers, and Spammers 381 1.3 The Battleground for Search Engine Rankings 383 1.4 Previous Surveys and Taxonomies 384 1.5 This Survey 385 2 Overview of Search Engine Spam Detection 387 2.1 Editorial Assessment of Spam 387 2.2 Feature Extraction 390 2.3 Learning Schemes 394 2.4 Evaluation 397 2.5 Conclusions 400 3 Dealing with Content Spam and Plagiarized Content 401 3.1 Background 402 3.2 Types of Content Spamming 405 3.3 Content Spam Detection Methods 405 3.4 Malicious Mirroring and Near-Duplicates 408 3.5 Cloaking and Redirection 409 3.6 E-mail Spam Detection 413 3.7 Conclusions 413 4 Curbing Nepotistic Linking 415 4.1 Link-Based Ranking 416 4.2 Link Bombs 418 4.3 Link Farms 419 4.4 Link Farm Detection 421 4.5 Beyond Detection 424 4.6 Combining Links and Text 426 4.7 Conclusions 429 5 Propagating Trust and Distrust 430 5.1 Trust as a Directed Graph 430 5.2 Positive and Negative Trust 432 5.3 Propagating Trust: TrustRank and Variants 433 5.4 Propagating Distrust: BadRank and Variants 434 5.5 Considering In-Links as well as Out-Links 436 5.6 Considering Authorship as well as Contents 436 5.7 Propagating Trust in Other Settings 437 5.8 Utilizing Trust 438 5.9 Conclusions 438 6 Detecting Spam in Usage Data 439 6.1 Usage Analysis for Ranking 440 6.2 Spamming Usage Signals 441 6.3 Usage Analysis to Detect Spam 444 6.4 Conclusions 446 7 Fighting Spam in User-Generated Content 447 7.1 User-Generated Content Platforms 448 7.2 Splogs 449 7.3 Publicly-Writable Pages 451 7.4 Social Networks and Social Media Sites 455 7.5 Conclusions 459 8 Discussion 460 8.1 The (Ongoing) Struggle Between Search Engines and Spammers 460 8.2 Outlook 463 8.3 Research Resources 464 8.4 Conclusions 467 Acknowledgments 468 References 469 Foundations and TrendsR in Information Retrieval Vol.
    [Show full text]
  • Detecting Social Spam Campaigns on Twitter
    Detecting Social Spam Campaigns on Twitter Zi Chu1, Indra Widjaja2, and Haining Wang1 1 Department of Computer Science, The College of William and Mary, Williamsburg, VA 23187, USA {zichu,hnw}@cs.wm.edu 2 Bell Laboratories, Alcatel-Lucent, Murray Hill, NJ 07974, USA [email protected] Abstract. The popularity of Twitter greatly depends on the quality and integrity of contents contributed by users. Unfortunately, Twitter has at- tracted spammers to post spam content which pollutes the community. Social spamming is more successful than traditional methods such as email spamming by using social relationship between users. Detecting spam is the first and very critical step in the battle of fighting spam. Conventional detection methods check individual messages or accounts for the existence of spam. Our work takes the collective perspective, and focuses on detecting spam campaigns that manipulate multiple accounts to spread spam on Twitter. Complementary to conventional detection methods, our work brings efficiency and robustness. More specifically, we design an automatic classification system based on machine learning, and apply multiple features for classifying spam campaigns. Our experi- mental evaluation demonstrates the efficacy of the proposed classification system. Keywords: Spam Detection, Anomaly Detection, Machine Learning, Twitter 1 Introduction With the tremendous popularity of online social networks (OSNs), spammers have exploited them for spreading spam messages. Social spamming is more successful than traditional methods such as email spamming by taking advantage of social relationship between users. One important reason is that OSNs help build intrinsic trust relationship between cyber friends even though they may not know each other in reality.
    [Show full text]
  • Climate Change Adaptation in the Arab States Best Practices and Lessons Learned
    Climate Change Adaptation in the Arab States Best practices and lessons learned United Nations Development Programme 2018 | 1 UNDP partners with people at all levels of society to help build nations that can withstand crisis, and drive and sustain the kind of growth that improves the quality of life for everyone. On the ground in nearly 170 countries and territories, we offer global perspective and local insight to help empower lives and build resilient nations. www.undp.org The Global Environment Facility (GEF) was established on the eve of the 1992 Rio Earth Summit to help tackle our planet’s most pressing environmental problems. Since then, the GEF has provided over $17 billion in grants and mobilized an additional $88 billion in financing for more than 4000 projects in 170 countries. Today, the GEF is an international partnership of 183 countries, international institutions, civil society organizations and the private sector that addresses global environmental issues. www.thegef.org United Nations Development Programme July 2018 Copyright © UNDP 2018 Manufactured in Bangkok Bangkok Regional Hub (BRH) United Nations Development Programme 3rd Floor United Nations Service Building Rajdamnern Nok Avenue, Bangkok, 10200, Thailand www.adaptation-undp.org Authors: The report preparation was led by Tom Twining-Ward in close collaboration with Kishan Khoday, with Cara Tobin as lead author and Fadhel Baccar, Janine Twyman Mills, Walid Ali and Zubair Murshed as contributing authors. The publication was professionally reviewed by fellow UNDP colleagues, Amal Aldababseh, Greg Benchwick, Hanan Mutwaki, Mohamed Bayoumi, and Walid Ali. Valuable external expert review, comments, and suggestions were provided by Hussein El-Atfy (Arab Water Council), Ibrahim Abdel Gelil (Arabian Gulf University), and William Dougherty (Climate Change Research Group).
    [Show full text]
  • Towards Online Spam Filtering in Social Networks
    Towards Online Spam Filtering in Social Networks Hongyu Gao Yan Chen Kathy Lee† Northwestern University Northwestern University Northwestern University Evanston, IL, USA Evanston, IL, USA Evanston, IL, USA [email protected] [email protected] [email protected] Diana Palsetia† Alok Choudhary† Northwestern University Northwestern University Evanston, IL, USA Evanston, IL, USA [email protected] [email protected] Abstract idence shows that they can also be effective mechanisms for spreading attacks. Popular OSNs are increasingly be- Online social networks (OSNs) are extremely popular coming the target of phishing attacks launched from large among Internet users. Unfortunately, in the wrong hands, botnets [1, 3]. Two recent studies [9, 10] have confirmed they are also effective tools for executing spam campaigns. the existence of large-scale spam campaigns in Twitter and In this paper, we present an online spam filtering system that Facebook, respectively. Furthermore, the clickthrough rate can be deployed as a component of the OSN platform to in- of OSN spam is orders of magnitude higher than its email spect messages generated by users in real-time. We propose counterpart [10], indicating that users are more prone to to reconstruct spam messages into campaigns for classifica- trust spam messages from their friends in OSNs. tion rather than examine them individually. Although cam- The OSN spam problem has already received atten- paign identification has been used for offline spam analysis, tion from researchers. Meanwhile, email spam, a seem- we apply this technique to aid the online spam detection ingly very similar problem, has been extensively studied for problem with sufficiently low overhead.
    [Show full text]
  • Significant Cyber Incidents Since 2006 This List Is a Work in Progress That We Update As New Incidents Come to Light. If You H
    Significant Cyber Incidents Since 2006 This list is a work in progress that we update as new incidents come to light. If you have suggestions for additions, send them to [email protected]. Significance is in the eye of the beholder, but we focus on successful attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars. 1. May 2006. The Department of State’s networks were hacked, and unknown foreign intruders downloaded terabytes of information. If Chinese or Russian spies backed a truck up to the State Department, smashed the glass doors, tied up the guards and spend the night carting off file cabinets it would be an act of war, but when it happens in cyberspace we barely notice. 2. August 2006. A senior Air Force Officer stated publicly that, “China has downloaded 10 to 20 terabytes of data from the NIPRNet (the unclassified military network).” 3. November 2006. Hackers attempted to penetrate U.S. military War College networks, resulting in a two week shutdown at one institution while infected machines are restored. 4. December 2006. NASA was forced to block emails with attachments before shuttle launches out of fear they would be hacked. Business Week reported that the plans for the latest U.S. space launch vehicles were obtained by unknown foreign intruders. 5. 2006. Chinese hackers were thought to be responsible for shutting down the House of Commons computer system. 6. April 2007. The Department of Commerce had to take the Bureau of Industrial Security’s networks offline for several months because its networks were hacked by unknown foreign intruders.
    [Show full text]
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
    [Show full text]