Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Detecting spammers on social networks

Abstract: Social networking has become a popular way for users to meet and interact online. Users spend a significant amount of time on popular social network platforms (such as Facebook, MySpace, or Twitter), storing and sharing a wealth of personal information. This information, as well as the possibility of contacting thousands of users, also attracts the interest of cybercriminals. For example, cybercriminals might exploit the implicit trust relationships between users in order to lure victims to malicious websites. As another example, cybercriminals might find personal information valuable for identity theft or to drive targeted spam campaigns.In this paper, we analyze to which extent spam has entered social networks. More precisely, we analyze how spammers who target social networking sites operate. To collect the data about spamming activity, we created a large and diverse set of "honey-profiles" on three large social networking sites, and logged the kind of contacts and messages that they received. We then analyzed the collected data and identified anomalous behavior of users who contacted our profiles. Based on the analysis of this behavior, we developed techniques to detect spammers in social networks, and we aggregated their messages in large spam campaigns. Our results show that it is possible to automatically identify the accounts used by spammers, and our analysis was used for take-down efforts in a real-world social network. More precisely, during this study, we collaborated with Twitter and correctly detected and deleted 15,857 spam profiles.

All your contacts are belong to us: automated identity theft attacks on social networks

Abstract: Social networking sites have been increasingly gaining popularity. Well-known sites such as Facebook have been reporting growth rates as high as 3% per week. Many social networking sites have millions of registered users who use these sites to share photographs, contact long-lost friends, establish new business contacts and to keep in touch. In this paper, we investigate how easy it would be for a potential attacker to launch automated crawling and identity theft attacks against a number of popular social networking sites in order to gain access to a large volume of personal user information. The first attack we present is the automated identity theft of existing user profiles and sending of friend requests to the contacts of the cloned victim. The hope, from the attacker's point of view, is that the contacted users simply trust and accept the friend request. By establishing a friendship relationship with the contacts of a victim, the attacker is able to access the sensitive personal information provided by them. In the second, more advanced attack we present, we show that it is effective and feasible to launch an automated, cross-site profile cloning attack. In this attack, we are able to automatically create a forged profile in a network where the victim is not registered yet and contact the victim's friends who are registered on both networks. Our experimental results with real users show that the automated attacks we present are effective and feasible in practice.

Client-Side Defense Against Web-Based Identity Theft.

Abstract: Web spoofing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information We discuss some aspects of common attacks and propose a framework for client-side defense: a browser plug-in that examines web pages and warns the user when requests for data may be part of a spoof attack While the plugin, SpoofGuard, has been tested using actual sites obtained through government agencies concerned about the problem, we expect that web spoofing and other forms of identity theft will be continuing problems in

A framework for detection and measurement of phishing attacks

Abstract: Phishing is form of identity theft that combines social engineering techniques and sophisticated attack vectors to harvest financial information from unsuspecting consumers Often a phisher tries to lure her victim into clicking a URL pointing to a rogue page In this paper, we focus on studying the structure of URLs employed in various phishing attacks We find that it is often possible to tell whether or not a URL belongs to a phishing attack without requiring any knowledge of the corresponding page data We describe several features that can be used to distinguish a phishing URL from a benign one These features are used to model a logistic regression filter that is efficient and has a high accuracy We use this filter to perform thorough measurements on several million URLs and quantify the prevalence of phishing on the Internet today

Information warfare and security

Abstract: I. INTRODUCTION. 1. Gulf War-Infowar. The Gulf War. Information Warfare. From Chicks to Chips. 2. A Theory of Information Warfare. Information Resources. The Value of Resources. Players. The Offense. The Defense. A Dual Role. Offensive Information Warfare. Increased Availability to Offensive Player. Decreased Availability to Defensive Player. Decreased Integrity. Other Classification Schemes. Defensive Information Warfare. Types of Defense. Information Security and Information Assurance. The CIA Model and Authorization. 3. Playgrounds to Battlegrounds. Play. Motivation. Culture. More than Child's Play. Crime. Intellectual Property Crimes. Fraud. Computer Fraud and Abuse. Fighting Crime. Individual Rights. National Security. Foreign Intelligence. War and Military Conflict. Terrorism. Netwars. Protecting National Infrastructures. II. OFFENSIVE INFORMATION WARFARE. 4. Open Sources. Open Source and Competitive Intelligence. Privacy. Snooping on People Through Open Sources. Web Browsing. Privacy Regulations. Piracy. Copyright Infringement. Trademark Infringement. Dark Sides. 5. Psyops and Perception Management. Lies and Distortions. Distortion. Fabrication. Hoaxes. Social Engineering. Denouncement. Conspiracy Theories. Defamation. Harassment. Advertising. Scams. Spam Wars. Censorship. United States Restrictions. 6. Inside the Fence. Traitors and Moles. State and Military Espionage. Economic Espionage. Corporate Espionage. Privacy Compromises. Business Relationships. Visits and Requests. Fraud and Embezzlement. Bogus Transactions. Data Diddling. Inside Sabotage. Physical Attacks. Software Attacks. Penetrating the Perimeter. Physical Break-ins and Burglaries. Search and Seizure. Dumpster Diving. Bombs. 7. Seizing the Signals. Eavesdropping on Conversations. Cellular Intercepts. Pager Intercepts. Law Enforcement Wiretaps. Foreign Intelligence Intercepts. Deciphering the Messages. Traffic Analysis. Pen Registers and Trap and Trace. Location Tracking. Telecommunications Fraud. Blue Boxes. PBX and Related Fraud. Voice Mail Fraud. Calling Card Fraud. Cloned Phones and Cellular Fraud. Computer Network Monitoring. Packet Sniffers. Keystroke Monitoring. Environment Surveillance. Cameras and Video. Satellites and Imagery. Van Eck Receptors. Miscellaneous Sensors. Shoulder Surfing. Privacy and Accountability. Sabotage. Tampering with Phone Service. Jamming. Radio Frequency Weapons. Physical Attacks. 8. Computer Break-Ins and Hacking. Accounts. Getting Access. Tools and Techniques. A Demonstration. Network Scanners. Packet Sniffers. Password Crackers. Buffer Overpows and Other Exploits. Social Engineering. Covering up Tracks. Information Theft. Gathering Trophies. More than Trophies. Tampering. Web Hacks. Domain Name Service Hacks. Takedown. Remote Shutdown. Extent. 9. Masquerade. Identity Theft. Forged Documents and Messages. E-Mail Forgeries. Forgeries in Spam. E-Mail Floods. IP Spoofing. Counterfeiting. Trojan Horses. Software Trojans. Riding the Web. E-Mail Relays. Chipping. Undercover Operations and Stings. 10. Cyberplagues. Viruses. Program Viruses. Boot Viruses. Macro Viruses. Concealment Techniques. Who Writes Viruses. Prevalence. Virus Hoaxes. Worms. III. DEFENSIVE INFORMATION WARFARE. 11. Secret Codes and Hideaways. Locks and Keys. Cryptography. Digital Ciphers. Code Breaking. Generation and Distribution of Keys. Public-Key Distribution and Diffie-Hellman. Public-Key Cryptography and RSA. Key Storage and Recovery. Applications of Encryption. The Limits of Encryption. Steganography. Anonymity. Sanitization. Trash Disposal. Shielding. 12. How to Tell a Fake. Biometrics. Passwords and Other Secrets. Integrity Checksums. Digital Signatures. Public-Key Management and Certificates. Watermarks. Call Back and Call Home. Location-based Authentication. Badges and Cards. 13. Monitors and Gatekeepers. Access Controls. Authorization Policies. Access Control Monitors. Limitations. Filters. Firewalls. Junk E-Mail Filters. Web Filters. Intrusion and Misuse Detection. Workplace Monitoring. Automated Detection. Computer Intrusion and Misuse Detection. Analogy with the Human Immune System. Detecting and Eradicating Viruses and Malicious Mobile Code. 14. In a Risky World. Vulnerability Monitoring. Finding Computer and Network Security Flaws. Monitoring Security Publications. Building It Secure. The Orange Book. The ITSEC and Common Criteria. Evaluation. Commercial Criteria. ICSA Certification. Accreditation. The Capability Maturity Model. Security Awareness and Training. Avoiding Single Points of Failure. Backups. Risk Management. Risk Assessment and Asset Valuation. Insurance. Benchmarking. Due Care and Liability. Incident Handling. Investigation and Assessment. Containment and Recovery. Improving Security. Notification. In-Kind Response. Legal and Civil Remedies. Economic and Military Response. Emergency Preparedness. Obstacles. 15. Defending the Nation. Generally Accepted System Security Principles. Protecting Critical Infrastructures. President's Commission on Critical Infrastructure Protection. Presidential Decision Directive. Encryption Policy. Code Making. Code Breaking. International Policies. U.S. Policy. Legal Challenges. Legislation. Encryption Policy in Perspective. Bibliography of Books. Endnotes. Index. 0201433036T04062001