Data-Driven Security: A Socio-Economic Approach to Disrupting Cybercrime
Speaker: Damon McCoy, George Mason University
Modern-day cybercrime is largely profit-fueled and much of modern-day computer security is focused on developing new defenses that close security gaps, which allow criminals to exploit vulnerable systems. However, this focus on understanding the technical methods used by cyber criminals has not been matched by a complimentary effort to understand the underlying socio-economic factors that drive much of this large scale cybercrime. In this talk, I will describe my work on understanding the economics, capabilities and limitations of cyberciminal enterprises and how this has led to the disruption of two cybercrime ecosystems. First, I will describe the counterfeit pharmaceutical spam ecosystem from a socio-economic perspective and how this approach resulted in an effective payment processing level intervention. I will then describe an approach that also relies on a socio-economic understanding to disrupt the market for fraudulent accounts, which are sold by the thousands and are used to perpetrate scams, phishing, and malware via webmail and online social networking sites. These examples illustrate that, by understanding the socio-economic underpinnings of cybercrime, we can undermine cyberciminal ecosystems more efficiently than by using purely technical approaches.
Damon McCoy is an assistant professor in the Department of Computer Science at George Mason University, research scientist at the International Computer Science Institute and a visiting researcher at the University of California Berkley. He obtained his Ph.D. from the University of Colorado, Boulder, and was a Computer Innovation Fellow at the University of California San Diego. His research has focused on the economics of cybercrime, cyberphysical security and privacy enhancing technologies. He was awarded a Google faculty research award and a CRA/NSF Computer Innovation Fellowship.
For more information, contact Nasir Memon.