BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:An Empirical Analysis of Phishing Attack and Defense - Tyler Moore
  (Computer Laboratory\, University of Cambridge)
DTSTART:20080408T151500Z
DTEND:20080408T161500Z
UID:TALK11378@talks.cam.ac.uk
CONTACT:Andrew Lewis
DESCRIPTION:A key way in which banks mitigate the effects of phishing atta
 cks is to remove the fraudulent websites and abusive domain names hosting 
 them.  We have gathered and analyzed empirical data on phishing website re
 moval times and the number of visitors that the websites attract.  We find
  that website removal is part of the answer to phishing\, but it is not fa
 st enough to completely mitigate the problem.  Phishing-website lifetimes 
 follow a long-tailed lognormal distribution -- while many sites are remove
 d quickly\, others remain much longer.  We have found evidence that one gr
 oup responsible for half of all phishing\, the rock-phish gang\, cooperate
 s by pooling\nhosting resources and by targeting many banks  simultaneousl
 y.  The gang's architectural innovations have significantly extended their
  websites' average lifetime.  Using response data obtained from the server
 s hosting phishing websites\, we also provide a ballpark estimate of the t
 otal losses due to phishing.\n\nPhishing-website removal is often subcontr
 acted to specialist companies. We analyze three months of `feeds' of phish
 ing website URLs from multiple sources\, including two such companies.  We
  demonstrate that in each case huge numbers of websites may be known to ot
 hers\, but the company with the take-down contract remains unaware\, or le
 arns of sites only belatedly.  Upon calculating the resultant increase in 
 lifetimes caused by the take-down company's lack of action\, the results c
 ategorically demonstrate that significant amounts of money are being put a
 t risk by the failure to share proprietary feeds of URLs.\n\nFinally\, we 
 have studied how one anti-phishing organization has leveraged the so-calle
 d `wisdom of crowds' by relying on volunteers to submit and verify suspect
 ed phishing sites.  We show its voting-based decision mechanism to be slow
 er and less comprehensive than unilateral verification performed by compan
 ies.  We also find that the distribution of user participation is highly s
 kewed\, leaving the scheme vulnerable to manipulation.
LOCATION:Lecture Theatre 2\, Computer Laboratory\, William Gates Building
END:VEVENT
END:VCALENDAR