Transcript Slides

Traps, Pitfalls,
Swindles, Lies, Doubts
and Suspicions:
A Counter-Case for the Study of
Good Etiquette
Jack L. Edwards & Greg Scott
A I Management & Development Corp.
Sharon McFadden & Keith C. Hendy
Defence Research & Development Toronto
AI M
Artificial Intelligence Management and Development Corporation
Defence R & D Canada - Toronto
Etiquette
• A Nice Image
• Context: Human & System Etiquette
• Benevolence Assumption
AI M
Artificial Intelligence Management and Development Corporation
Some General Rules of Etiquette
AI M
• Be helpful
• Be respectful
• Be relevant
• Be prompt
• Be brief
• Be protective (of privacy)
• Be pleasant
• Be adaptable
Artificial Intelligence Management and Development Corporation
Foundational Rule
•
Foundational Rule of Etiquette
– Assumption of Honesty (“Be honest”)
•
Benevolence Assumption
•
High Correlation With Some Overlap in Meaning
AI M
Artificial Intelligence Management and Development Corporation
The Internet: Ubiquitous and Evolving
•
Work & Leisure Time Extends Beyond Local Processing
•
Increasing Involvement of Technology in Person-ToPerson Exchanges
– E.g., email; chat-rooms; video conferencing
•
Modern Agents Increasingly Software and Internet-Based
•
Traps, Pitfalls, Swindles Generalize Easily to the Internet
AI M
Artificial Intelligence Management and Development Corporation
Violations of the Foundational Rule:
Traps, Pitfalls, Swindles, Lies...
• Nigerian Fee Scam
• On-line Credit Card Fraud in 2001
– (5% of online consumers)*
• Merchant’s lost $700M in 2001*
• Lies & Hoaxes (Bush’s IQ)
* Gartner Group
AI M
Artificial Intelligence Management and Development Corporation
Thorough Understanding of Etiquette Is Not
Possible Without An
Active Study of the Abuse of Good Etiquette
•
Focusing Only on Good Etiquette Prejudices Us Toward
Assumptions of Benevolence
•
Actively Assume Mantle of Hacker, Vandal, Scam Artist,
Thief or Terrorist
– Explore how to enlist rules of etiquette in deception & fraud
•
Active Contemplation Will Engage the Mind in a Creative
Pursuit of a Deeper Understanding of Etiquette
– Norman & Rumelhart Example
AI M
Artificial Intelligence Management and Development Corporation
Applying Etiquette Rules in the Service of
Scams & Frauds
• Give the Appearance of Honesty
– Falsely Establish Credibility
•
•
•
•
Be helpful
Be relevant
Be brief
Be pleasant
•
•
•
•
Be respectful
Be prompt
Protect privacy
Provide options
• Some Examples of Grfter Etiquette
AI M
Artificial Intelligence Management and Development Corporation
Fraud, Vandalism, Theft & Terrorism on the Internet
•
Ubiquitous Computing Is Giving Rise to Ubiquitous
“Underworld” Activity
•
Generalization of Classic Con Games is Underway
–
–
–
–
•
Ponzi schemes
Affinity Fraud
Badger Game
Embezzlement
–
–
–
–
Identity Theft
Insider Trading
Twice-fleeced Fraud
Weights and Measures Frauds
Segmentation & Other Refinement Techniques
– Mark (or Victim) Categories
AI M
Artificial Intelligence Management and Development Corporation
Generalizing Grifter and Other Criminal Agents
•
Current & Future Software Agents
– Roper Agents
– Inside Man Agent
– Shill Agents
•
– Manager Agent
– Forger Agent
– Vandal Agents
Humans, Corporations & Other Organizations
– The Target, Victim or Mark
AI M
Artificial Intelligence Management and Development Corporation
Generalizing “Big Con” Grifters to Software
•
Roper Agents - Automated Solicitations
(e.g., Nigerian Fee Scam)
•
Inside Man - Remotely Controlled & Coordinated Attack
Agents
•
Manager - External Automated Attack Agents on Distributed
Machines
•
Shills - Support Agents in a Society of Grifter Agents
AI M
Artificial Intelligence Management and Development Corporation
Malicious Software Agents (Zeltser, 2000)
• Rapidly Spreading Agents
– Viruses and Worms - Explicitly Copy Themselves
– e.g. Melissa Virus and Morris Worm
• Spying (Espionage) Agents
– Transmits Sensitive Information
– e.g. Caligula, Marker and Groov Viruses
• Remotely Controlled Agents
– Complete Control of Victim’s Machine
– Client/Server Architecture
•
•
•
•
Server Communicates with Attacker through Outbound HTTP & FTP Channels
Client directs Agent through Inbound Email and Web Browsing Channels
Programming API Permits Controlling Traffic to be Encrypted with Plug-Ins
Plug-Ins Permit Newly Propagated Versions to Register with Home-Base
– e.g. Back Orifice and NetBus
AI M
Artificial Intelligence Management and Development Corporation
Malicious Software Agents (Zeltser, 2000)
(continued…)
• Coordinated Attack Agents
– Complete Control of Victim’s Machine
– Client/Server Architecture
• Multiple Clients Operate from Compromised Machines
• Difficult to Trace
– e.g. Trinoo and TFN
• Advanced Malicious Agents
– Builds on Strengths of Previously Described Agents
– Alleviates Their Weaknesses
– e.g. RingZero Trojan
AI M
Artificial Intelligence Management and Development Corporation
Veracity Agent Network (VAN)
- A Society of Protection Agents • Monitoring Agents - Incoming/Outgoing Traffic &
Unusual Local Activity
• Filtering Agents - Filters (Blocks) Unwanted Activity
• Masking Agents - Masks Identify (Hides or Falsifies)
• Tracking Agents - Track & Identify Unknown Sources
• Information Agents - Explains Activities to Users
• Proactive Agents - Build User Profiles of Attackers;
Report Violations; Alter Code of
Intrusive Agents; Search & Destroy
AI M
Artificial Intelligence Management and Development Corporation
VAN Functionality:
Ensuring Good “Underworld” Etiquette?
• Monitoring, Intercepting & Controlling Cookie Traffic
• Monitoring Automatic Version
Personal Info to Company Sites
Checkers
Sending
– (e.g. usage statistics correlated with software Serial No.)
• Blocking Unwanted Transmission of Personal Info
– (e.g. credit card numbers, email address)
• Stripping Browser Type, Platform & OS Info Sent With
Every Request for Web Page
• Blocking Banner Ads; Automatic Closing of Pop-Up Ads
AI M
Artificial Intelligence Management and Development Corporation
Current Level of Development:
Monitoring Agents
• Internet Traffic Can Be Intercepted Either:
– leaving an application & passing to the OS
– leaving the OS & passing to network
• Both Require Low-Level Drivers to Intercept Data
AI M
Artificial Intelligence Management and Development Corporation
Current Level of Development:
Monitoring Agents (continued…)
• Look Up IP Addresses Automatically Using “whois”
• Determine Usage Stats Being Collected, by RealPlayer
• Port Number Look-Up (65K+ Ports): Identify Type of
Traffic Using Ports & Build a DataBase
• Identify Information Sent Out Without Asking User
–
–
–
–
AI M
cookies
software update requests
AOL messenger activity
usage stats
Artificial Intelligence Management and Development Corporation
Current Level of Development:
Monitoring Agents (continued…)
• Outside Attempts to Access System
• Personal Info Being Sent Out
– e.g. credit card numbers; email addresses; passwords
• System Info Sent Out While Web Browsing
– e.g. browser type, operating system, type of computer
• Monitor Email to...
– identify common Internet hoaxes & scams
– compile statistics on incoming messages for future use
AI M
Artificial Intelligence Management and Development Corporation
Support Technology
• NetTraffic & WinpCap - Monitors Low-Level Event
Traffic on PC
• Current Open Source Code from Politecnico di Torino
– http://winpcap.polito.it/
• Original UNIX Pcap Developed at Berkeley
• Higher-Level Functionality is Needed to Interpret & Use
That Information
AI M
Artificial Intelligence Management and Development Corporation
User Requirements
• Protection Only - Don’t Bother Me With Details
• Track Activities (At Least in the Beginning)
• See Explanations of Activity; ID Sources; Report
Intrusions & Misuse of Information
• Be Proactive Realtive to Intruders
AI M
Artificial Intelligence Management and Development Corporation
“User” Models
• For Actual User (Encrypted)
• For Several Masked Versions of Own User
• For “Friends” of Own User
• For Tracked (Potentially Malicious) Sources
AI M
Artificial Intelligence Management and Development Corporation
Possibility of Agent Wars
• Disseminate Info Other Agents Created To Block
• Misrepresent Themselves For Nefarious Purposes
• Hack Other Agents to Prevent Them from Achieving
Competing Goals
AI M
Artificial Intelligence Management and Development Corporation
The Future of “Underworld” Internet Computing
• “Underworld” of the Internet - The “Wild West”
• Few Rules and Little Explicit “Consideration of Others,”
as We Defined as the Source of Good Etiquette
• Helplessness of Average User to Protect Themselves From
This “Underworld” Activity Will Help Drive Etiquette
• Our Goal: Agents to Help Ensure You Are “Taken Into
Consideration,” in this New World of Ubiquitous Internet
Computing
AI M
Artificial Intelligence Management and Development Corporation