Dave Anderson: Crime on the Internet
This actually isn't the name of the presentation, but Anderson offered it up in his opening remarks and I like it.
Problems with email with malicious content and unwanted content. Much worse than spam, which has evolved into a distribution problem. 25% of spam that is being sent is solely for the purpose of infecting you with a virus or adware.
email was originally built with the idea that we would have 100k users. It's a system absent of trust, authentication, and delivery assurance.
Authentication is required but it alone will not solve the security issues. There are 2 approaches to authentication, sender ID (Microsoft) and DKIM (digital signatures). In either case, both use DNS to distribute keys or IPs in a second channel.
Interesting to note that 35% of the email that is being sent today is being sent through a sender ID authentication system (Hotmail among others).
In addition to authentication, we need services like reputation services, cousin detection (like all those paypal billing profile emails that redirect you to a non-paypal site), and reputation recovery.
So who's doing all these phishing attacks? Carderplanet, stealthdivision, darkprofits, and shadowcrew (4,000 members) are all online criminal enterprises with no physical presence. The Russian mob and other criminal enterprises engage in the buying and selling of stolen credit card number and identities. The email gets routed through countries that offer friendly operating environments.
More stats, there are over 13,000 unique phishing emails tracked every month and 3,500 "collection servers".
Crime is evolving. Most email viruses rely on social engineering to deliver fake toolbars, keyloggers, and DNS hijackers.
According to Forrester, 20% of users will not open email from financial institutions, but 26% of people will, and problematic for banks is that 14% of online users stopped using online banking and bill pay.
Today's solutions offer limited relief, Anderson is pushing for authentication and reputation as broad reaching solutions. Sender ID does a reverse DNS lookup to get the IP address of the last hop and checks against a table of known senders. Doesn't work well with forwarders. DKIM does a reverse DNS lookup and picks up a public key and checks a signature. Harder to deploy because additional software is required but survives forwarding. Existing mail filtering solutions will work in coordination with authentication systems.
that's it, after sitting through this presentation I am no longer using email. In fact, I'm going to disconnect my computers and relocate them to a concrete vault that I plan on excavating deep below my house.
Update: Here's an article that points to a study suggesting that spammes are adopting Sender-ID and SPF at a higher rate than non-spammers.
You joke about not using email and embedding your computers in a concrete vault, but here is what we have done in our lab:
The Windows machines that we still have to use are off limits for email and surfing the web. In fact they are living under a counter with no monitors and run behind Macintosh systems with no real connection to the Internet other than through the Macintosh systems. We run them from Macintosh systems remotely.
All other systems for student use etc... are Macintosh systems running OS X that they can surf, email and download software to their hearts content.
This solution has reduced the amount of time I spend administering these systems to almost nothing, whereas previously I was spending upwards of ten hours/week just dealing with Windows security problems. In fact, the cost of replacing almost all of our Windows systems with Macs was substantially cheaper than what it was going to cost us for just one year of dedicated computer support from hiring somebody to manage it.
Posted by: Bryan William Jones | Jul 12, 2005 at 01:34 PM
We totally agree -- that's why we're building out accreditation (Bonded Sender) and reputation (Sender Score) services! We'll have a white paper out on how the three things (authentication, accreditation, and reputation) work together to solve the problem within a week at our web site - www.returnpath.biz.
-Matt
Posted by: Matt Blumberg | Jul 12, 2005 at 03:56 PM
interesting article, tons of info. thanks!
Posted by: criminal records | Nov 07, 2005 at 07:30 PM