Synopsis 2 Group 3

Christie Barnes 11/29/09

In their article “Cybercrime 2.0: When the Cloud Turns Dark” Niels Provos, Moheeb Abu Rajab and Panayiotis Mavrommatis explain how crime is administered on the web. Their explanation is very important to present and future web users because it brings into light the dangers of internet use. These authors acknowledge the convenience and practicality of the web in today’s world but they stress that along with this phenomenal usefulness of the internet comes dangers of exploitation and crime. Like any aspect of culture, the internet has positive and negative effects and uses. Provos, Rajab and Mavrommatis explain how criminals on the internet attempt to gain control over user’s systems when they state, “Today, adversaries are primarily motivated by economic incentives to not only exploit and seize control of compromised systems for as long as possible but to turn their assets into revenue” (43). The authors explain that crime exists on the internet not just because it is relatively easy to administer but primarily because it can produce large profits. The authors of this article explain the different techniques Web criminals use to gain control over various machines. These include sending the user to malicious Web pages via spam email, injecting malicious content into the computer, drive-by downloads and social engineering attacks. I found social engineering attacks especially frightening because these “trick users into installing and running malware by themselves” (46). The authors present certain examples such as fake security scans and fake updates for your computer that once you install them actually give the adversary control over your machine. Once they have control, criminals use machines around the world to send spam

email or collect passwords and credit card numbers which are all ultimately used to produce profit. Provos, Rajab and Mavrommatis explain why the internet is so susceptible to crime when they state, “Unfortunately, the root cause that allows the Web to be leveraged for malware delivery is an inherent lack of security in its design—neither Web applications nor the Internet infrastructure supporting these applications were designed with a well-thought-out security model” (47). Essentially, though companies like Google have attempted to implement security measures into their systems, the internet itself has no overriding mode of security so it is very easily exploited. In their article “Why Phishing Works”, Rachna Dhamija, J.D. Tygar, and Marti Hearst present another reason why crime is so prevalent on the internet which is the user’s lack of knowledge about safe and dangerous Websites. In this article, Dhamija, Tygar and Hearst administer a study to see why people believe false websites and fall for phishing scams. They asked a variety of people to determine if certain websites were legitimate or not. Phishing schemes are a technique of cyber crime in which criminals send out large amounts of spam email to lure people to illegitimate websites in hopes that Web users will reveal security information such as passwords or credit card numbers. Like the crime explained in the “Cybercrime 2.0: When the Cloud Turns Dark” article, phishing schemes are administered in hopes of making profit. The authors of “Why Phishing Works” suggest that the three main reasons internet users fall for phishing scams are lack of knowledge, visual deception and bounded attention. Lack of knowledge as the authors explain, means that many internet users simply do not understand how the web works or how security indicators work so they are susceptible to being fooled by criminals. Visual

deception makes phishing schemes so successful because they use text, images and windows that look legitimate and extremely real. An example in the reading was the fake website with the URL www.bankofthevvest.com vs. the real website of www.bankofthewest.com. Most of the people that participated in the study identified this phishing site as a legitimate site because they did not realize that instead of a w there were two vs in the URL. Lastly, bounded attention means that internet users are so set on completing their tasks at hand that they seldom read or pay attention to security warnings when they visit a website. All of these factors make internet users susceptible and likely to fall for phishing scams. Consequently, they are likely to unknowingly give their money or private information to criminals. I could really relate to the participants of the Phishing study. Whenever I am on the internet I am so determined to complete my task at hand that I seldom read security warnings or pop up windows and just press accept without thinking. However, when I got the phishing email that Professor Astrachan sent out the other week, I did not press the link because I thought it seemed very suspicious. However, the majority of the class fell for the scam. It is interesting to note what people will do for extra points and how often internet users forget to really think when using the web. I think the convenience of the internet makes us often forget the dangers it can produce. These readings made me realize that I need to use awareness more often when using the Web and how important it is to be cautious on the internet. Like the invention of Captchas that differentiate humans from machines, and consequently prevent the creation of spam emails, Dhamija, Tygar and Hearst explain that they are trying to create an approach to internet security that is easy for people to verify but hard for an attacker to

spoof. This new attempt suggests that to cure cyber crime we must encourage internet users to ultimately think for themselves in order to prevent themselves from becoming victims of the machine.