1 / 23

Traps, Pitfalls, Swindles, Lies, Doubts and Suspicions:

Traps, Pitfalls, Swindles, Lies, Doubts and Suspicions: A Counter-Case for the Study of Good Etiquette Jack L. Edwards & Greg Scott A I Management & Development Corp. Sharon McFadden & Keith C. Hendy Defence Research & Development Toronto. Defence R & D Canada - Toronto. Etiquette.

koen
Download Presentation

Traps, Pitfalls, Swindles, Lies, Doubts and Suspicions:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Traps, Pitfalls, Swindles, Lies, Doubts and Suspicions: A Counter-Case for the Study of Good Etiquette Jack L. Edwards & Greg Scott A I Management & Development Corp. Sharon McFadden & Keith C. Hendy Defence Research & Development Toronto Defence R & D Canada - Toronto

  2. Etiquette • A Nice Image • Context: Human & System Etiquette • Benevolence Assumption

  3. Some General Rules of Etiquette • Be helpful • Be respectful • Be relevant • Be prompt • Be brief • Be protective (of privacy) • Be pleasant • Be adaptable

  4. Foundational Rule • Foundational Rule of Etiquette • Assumption of Honesty (“Be honest”) • Benevolence Assumption • High Correlation With Some Overlap in Meaning

  5. The Internet: Ubiquitous and Evolving • Work & Leisure Time Extends Beyond Local Processing • Increasing Involvement of Technology in Person-To-Person Exchanges • E.g., email;chat-rooms; video conferencing • Modern Agents Increasingly Software and Internet-Based • Traps, Pitfalls, Swindles Generalize Easily to the Internet

  6. Violations of the Foundational Rule:Traps, Pitfalls, Swindles, Lies... • Nigerian Fee Scam • On-line Credit Card Fraud in 2001 • (5% of online consumers)* • Merchant’s lost $700M in 2001* • Lies & Hoaxes (Bush’s IQ) * Gartner Group

  7. Thorough Understanding of Etiquette Is Not Possible Without An Active Study of the Abuse of Good Etiquette • Focusing Only on Good Etiquette Prejudices Us Toward Assumptions of Benevolence • Actively Assume Mantle of Hacker, Vandal, Scam Artist, Thief or Terrorist • Explore how to enlist rules of etiquette in deception & fraud • Active Contemplation Will Engage the Mind in a Creative Pursuit of a Deeper Understanding of Etiquette • Norman & Rumelhart Example

  8. Applying Etiquette Rules in the Service of Scams & Frauds • Be helpful • Be respectful • Be relevant • Be prompt • Be brief • Protect privacy • Be pleasant • Provide options • Give the Appearance of Honesty • Falsely Establish Credibility • Some Examples of Grfter Etiquette

  9. Fraud, Vandalism, Theft & Terrorism on the Internet • Ubiquitous Computing Is Giving Rise to Ubiquitous “Underworld” Activity • Generalization of Classic Con Games is Underway • Ponzi schemes – Identity Theft • Affinity Fraud – Insider Trading • Badger Game – Twice-fleeced Fraud • Embezzlement – Weights and Measures Frauds • Segmentation & Other Refinement Techniques • Mark (or Victim) Categories

  10. Generalizing Grifter and Other Criminal Agents • Current & Future Software Agents • Roper Agents – Manager Agent • Inside Man Agent – Forger Agent • Shill Agents – Vandal Agents • Humans, Corporations & Other Organizations • The Target, Victim or Mark

  11. Generalizing “Big Con” Grifters to Software • Roper Agents - Automated Solicitations (e.g., Nigerian Fee Scam) • Inside Man - Remotely Controlled & Coordinated Attack Agents • Manager - External Automated Attack Agents on Distributed Machines • Shills - Support Agents in a Society of Grifter Agents

  12. Malicious Software Agents (Zeltser, 2000) • Rapidly Spreading Agents • Viruses and Worms - Explicitly Copy Themselves • e.g. Melissa Virus and Morris Worm • Spying (Espionage) Agents • Transmits Sensitive Information • e.g. Caligula, Marker and Groov Viruses • Remotely Controlled Agents • Complete Control of Victim’s Machine • Client/Server Architecture • Server Communicates with Attacker through Outbound HTTP & FTP Channels • Client directs Agent through Inbound Email and Web Browsing Channels • Programming API Permits Controlling Traffic to be Encrypted with Plug-Ins • Plug-Ins Permit Newly Propagated Versions to Register with Home-Base • e.g. Back Orifice and NetBus

  13. Malicious Software Agents (Zeltser, 2000) (continued…) • Coordinated Attack Agents • Complete Control of Victim’s Machine • Client/Server Architecture • Multiple Clients Operate from Compromised Machines • Difficult to Trace • e.g. Trinoo and TFN • Advanced Malicious Agents • Builds on Strengths of Previously Described Agents • Alleviates Their Weaknesses • e.g. RingZero Trojan

  14. Veracity Agent Network (VAN) - A Society of Protection Agents - • Monitoring Agents - Incoming/Outgoing Traffic & Unusual Local Activity • Filtering Agents - Filters (Blocks) Unwanted Activity • Masking Agents - Masks Identify (Hides or Falsifies) • Tracking Agents - Track & Identify Unknown Sources • Information Agents - Explains Activities to Users • Proactive Agents - Build User Profiles of Attackers; Report Violations; Alter Code of Intrusive Agents; Search & Destroy

  15. VAN Functionality: Ensuring Good “Underworld” Etiquette? • Monitoring, Intercepting & Controlling Cookie Traffic • Monitoring Automatic Version Checkers Sending Personal Info to Company Sites • (e.g. usage statistics correlated with software Serial No.) • Blocking Unwanted Transmission of Personal Info • (e.g. credit card numbers, email address) • Stripping Browser Type, Platform & OS Info Sent With Every Request for Web Page • Blocking Banner Ads; Automatic Closing of Pop-Up Ads

  16. Current Level of Development: Monitoring Agents • Internet Traffic Can Be Intercepted Either: • leaving an application & passing to the OS • leaving the OS & passing to network • Both Require Low-Level Drivers to Intercept Data

  17. Current Level of Development: Monitoring Agents (continued…) • Look Up IP Addresses Automatically Using “whois” • Determine Usage Stats Being Collected, by RealPlayer • Port Number Look-Up (65K+ Ports): Identify Type of Traffic Using Ports & Build a DataBase • Identify Information Sent Out Without Asking User • cookies • software update requests • AOL messenger activity • usage stats

  18. Current Level of Development: Monitoring Agents (continued…) • Outside Attempts to Access System • Personal Info Being Sent Out • e.g. credit card numbers; email addresses; passwords • System Info Sent Out While Web Browsing • e.g. browser type, operating system, type of computer • Monitor Email to... • identify common Internet hoaxes & scams • compile statistics on incoming messages for future use

  19. Support Technology • NetTraffic & WinpCap - Monitors Low-Level Event Traffic on PC • Current Open Source Code from Politecnico di Torino • http://winpcap.polito.it/ • Original UNIX Pcap Developed at Berkeley • Higher-Level Functionality is Needed to Interpret & Use That Information

  20. User Requirements • Protection Only - Don’t Bother Me With Details • Track Activities (At Least in the Beginning) • See Explanations of Activity; ID Sources; Report Intrusions & Misuse of Information • Be Proactive Realtive to Intruders

  21. “User” Models • For Actual User (Encrypted) • For Several Masked Versions of Own User • For “Friends” of Own User • For Tracked (Potentially Malicious) Sources

  22. Possibility of Agent Wars • Disseminate Info Other Agents Created To Block • Misrepresent Themselves For Nefarious Purposes • Hack Other Agents to Prevent Them from Achieving Competing Goals

  23. The Future of “Underworld” Internet Computing • “Underworld” of the Internet - The “Wild West” • Few Rules and Little Explicit “Consideration of Others,” as We Defined as the Source of Good Etiquette • Helplessness of Average User to Protect Themselves From This “Underworld” Activity Will Help Drive Etiquette • Our Goal: Agents to Help Ensure You Are “Taken Into Consideration,” in this New World of Ubiquitous Internet Computing

More Related