understanding botnets how massive internet break ins fuel an underground economy n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Understanding Botnets: How Massive Internet Break-Ins Fuel an Underground Economy PowerPoint Presentation
Download Presentation
Understanding Botnets: How Massive Internet Break-Ins Fuel an Underground Economy

Loading in 2 Seconds...

  share
play fullscreen
1 / 13
cara-hayes

Understanding Botnets: How Massive Internet Break-Ins Fuel an Underground Economy - PowerPoint PPT Presentation

4 Views
Download Presentation
Understanding Botnets: How Massive Internet Break-Ins Fuel an Underground Economy
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Understanding Botnets: How Massive Internet Break-Ins Fuel an Underground Economy Jason Franklin and Vern Paxson

  2. Abstract • We study how the creation of massive networks of compromised machines fuel an underground economy. • The underground market being studied is a central point for miscreant activity including identity theft, phishing, sale of compromised machines, and credit card fraud. • Through extensive passive monitoring and analysis of this underground marketplace, we hope to establish connections between various facets of illegal online activities.

  3. S erver Key C lient M onitor Measurement Methodology M • Passive monitoring and archival of Internet Relay Chat (IRC) channels • 50+ monitored servers • Over 7 months of data • Over 12 million individual messages from as many as 50k individuals • Limitations and Complexities • No private IRC messages • Complex underground dialect (slang) • Difficult to establish reputation S IRC S C S C C C

  4. B B Attacks Commands U Attacker B ot B Attacks Commands U B Botnet Definition • A botnet is a network of compromised machines (bots) remotely controlled by an attacker. Key U ncompromised Host

  5. Underground Market Breakdown

  6. Botnets Phishing & Identity Theft Credit Card Fraud Underground Currency Exploits Spam Hacked Databases Credit Cards Scam Websites Compromised E-Merchants Identities Observed Relationships and Causality Stolen Credit cards

  7. Market at a Glance Percentage of Monitored Messages Number of Days Monitored

  8. Market at a Glance Percentage of Monitored Messages Number of Days Monitored

  9. Vulnerability Alerts, Exploits, and Potential Bots • Vertical lines represent releases of major vulnerability alert. Percentage of Monitored Messages Number of Days Monitored

  10. Vulnerability Alerts, Exploits, and Potential Bots • Vertical lines represent releases of major vulnerability alert. Percentage of Monitored Messages Number of Days Monitored

  11. Market Buyers Sellers Traders “Carders” Crackers Identity Thieves Insiders Complex Social Network • Future work includes leveraging social network analysis techniques to map connections between players.

  12. Conclusion • Preliminary results show that underground markets aggregate information which is otherwise difficult to observe. • Monitoring underground markets may be useful as a predictor of future widespread malicious activities on the Internet. We may be able to use the market as an oracle. • Future analysis of the complex relationships between market players is required.

  13. Acknowledgements • We would like to thank Rob Thomas of team Cymru for providing access to the IRC logs. • We would also like to thank Stefan Savage, Robin Sommers, and Nick Weaver for their comments and suggestions. • This research was performed while on appointment as a U.S. Department of Homeland Security (DHS) Fellow under the DHS Scholarship and Fellowship Program, a program administered by the Oak Ridge Institute for Science and education (ORISE) for DHS through an interagency agreement with the U.S Department of Energy (DOE). ORISE is managed by Oak Ridge Associated Universities under DOE contract number DE-AC05-00OR22750. All opinions expressed in this paper are the author's and do not necessarily reflect the policies and views of DHS, DOE, or ORISE. • The research described here was performed at the Lawrence Berkeley National Laboratory and supported by the Director, Office of Science, Office of Workforce Development for Teachers and Scientists, of the U.S. Department of Energy under Contract No. DE-AC02-05CH11231.