Anti-Phishing Working Group (APWG) 2011 eCrime Researchers Summit Highlights
The 2011 Anti-Phishing Working Group (APWG) eCrime Researchers Summit, out of San Diego, California, moved fast with a number of interesting presentations and fascinating people. The APWG is a non-profit global pan-industrial and law enforcement association focused on eliminating the fraud, crime and identity theft that results from phishing, pharming, malware and e-mail spoofing of all types. The eCrime Researchers Summit brings together malware researchers, counter-eCrime developers and responders, and includes the 2011 Fall General Meeting. Here are some highlights from the event.
The “legacy loop” is a problem for computers and software in general. New software is built for older hardware, and newer hardware is built to run older software. If radical changes occur, hardware and software typically fail in the market. This “loop” results in the computer security industry solving the same recurring problems. As the scale of the Internet and the complexity of computer use increase, security failures increase as well.
Several presentations hit the idea that regular computer users need to be trained to avoid installing malware or giving away their identity, best conducted immediately after they have fallen victims to phishing, malware, identity theft or a number of other web threats. One method is to identify and notify users infected with a botnet, accompanied with information on how to clean their system. ISPs can also place infected users into quarantine with limited Internet access. The Japanese and German governments funded and supported similar efforts to get national ISPs to detect and notify their users about malware running in their networks. These campaigns were successful and greatly reduced the number of infected systems running in those two countries.
We heard about the success of “red teams” that run targeted attacks as tests. These simulated attacks achieved 100% success, and used combinations of social engineering, “pretexting” to attain physical access, and other network attack tactics. Alarmingly, none of the tested commercial organizations proved secure.
There was much focus on information sharing and the need to improve the cooperation between academic researchers, corporate security teams (banks and security vendors), ISPs, government resources and law enforcement. Working effectively with law enforcement is difficult because of limited police resources, and due to the levels of misunderstanding between corporate data collection, academic data collection, and the standards of evidence that are needed to run a successful prosecution. In relation, it is important to establish the amount of damage that is happening. Stealing $10 from a few botnet-infected users is not a big enough issue, but stealing $100 million from millions of users is worthy of attention. Prosecutions prove difficult because of a lack of adequate documentation. On the corporate side, investing the resources needed to successfully prosecute criminals is often not worth the amount of money the crime is causing.
A demonstration of how easy it is to run a botnet was also given. It took only 15 minutes to configure and build the infecting EXE program, install it on a virtual machine running Windows, and for it to start reporting to the botnet controller. It has become so easy to do that almost anyone with a computer can become a bot-herder, stealing banking information and selling stolen identities and credit card numbers.
The APWG eCrime Researchers Summit proved an invaluable event, and reminded zveloLABS™ of the recurring challenges information security professionals face every day and the need for a unified, global and multi-faceted approach to effectively combat web threats.