traps, pitfalls, swindles, lies, doubts and suspicions:
DESCRIPTION
Traps, Pitfalls, Swindles, Lies, Doubts and Suspicions: A Counter-Case for the Study of Good Etiquette Jack L. Edwards & Greg Scott A I Management & Development Corp. Sharon McFadden & Keith C. Hendy Defence Research & Development Toronto. Defence R & D Canada - Toronto. Etiquette. - PowerPoint PPT PresentationTRANSCRIPT
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Traps, Pitfalls, Swindles, Lies, Doubts
and Suspicions:A Counter-Case for the Study of
Good Etiquette
Jack L. Edwards & Greg ScottA I Management & Development Corp.
Sharon McFadden & Keith C. HendyDefence Research & Development Toronto
Defence R & D Canada - TorontoDefence R & D Canada - Toronto
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Etiquette
• A Nice Image
• Context: Human & System Etiquette
• Benevolence Assumption
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Some General Rules of Etiquette
• Be helpful • Be respectful
• Be relevant • Be prompt
• Be brief • Be protective (of
privacy)
• Be pleasant • Be adaptable
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Foundational Rule
• Foundational Rule of Etiquette– Assumption of Honesty (“Be honest”)
• Benevolence Assumption
• High Correlation With Some Overlap in Meaning
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
The Internet: Ubiquitous and Evolving
• Work & Leisure Time Extends Beyond Local Processing
• Increasing Involvement of Technology in Person-To-Person Exchanges
– E.g., email; chat-rooms; video conferencing
• Modern Agents Increasingly Software and Internet-Based
• Traps, Pitfalls, Swindles Generalize Easily to the Internet
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Violations of the Foundational Rule:Traps, Pitfalls, Swindles, Lies...
• Nigerian Fee Scam
• On-line Credit Card Fraud in 2001 – (5% of online consumers)*
• Merchant’s lost $700M in 2001*
• Lies & Hoaxes (Bush’s IQ)
* Gartner Group
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Thorough Understanding of Etiquette Is Not Possible Without An
Active Study of the Abuse of Good Etiquette• Focusing Only on Good Etiquette Prejudices Us Toward
Assumptions of Benevolence
• Actively Assume Mantle of Hacker, Vandal, Scam Artist, Thief or Terrorist
– Explore how to enlist rules of etiquette in deception & fraud
• Active Contemplation Will Engage the Mind in a Creative Pursuit of a Deeper Understanding of Etiquette
– Norman & Rumelhart Example
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Applying Etiquette Rules in the Service of Scams & Frauds
• Be helpful • Be respectful• Be relevant • Be prompt• Be brief • Protect privacy• Be pleasant • Provide options
• Give the Appearance of Honesty– Falsely Establish Credibility
• Some Examples of Grfter Etiquette
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Fraud, Vandalism, Theft & Terrorism on the Internet
• Ubiquitous Computing Is Giving Rise to Ubiquitous “Underworld” Activity
• Generalization of Classic Con Games is Underway– Ponzi schemes – Identity Theft– Affinity Fraud – Insider Trading– Badger Game – Twice-fleeced Fraud– Embezzlement – Weights and Measures Frauds
• Segmentation & Other Refinement Techniques– Mark (or Victim) Categories
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Generalizing Grifter and Other Criminal Agents
• Current & Future Software Agents– Roper Agents – Manager Agent– Inside Man Agent – Forger Agent– Shill Agents – Vandal Agents
• Humans, Corporations & Other Organizations– The Target, Victim or Mark
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Generalizing “Big Con” Grifters to Software
• Roper Agents - Automated Solicitations (e.g., Nigerian Fee Scam)
• Inside Man - Remotely Controlled & Coordinated Attack Agents
• Manager - External Automated Attack Agents on Distributed Machines
• Shills - Support Agents in a Society of Grifter Agents
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Malicious Software Agents (Zeltser, 2000)• Rapidly Spreading Agents
– Viruses and Worms - Explicitly Copy Themselves– e.g. Melissa Virus and Morris Worm
• Spying (Espionage) Agents– Transmits Sensitive Information– e.g. Caligula, Marker and Groov Viruses
• Remotely Controlled Agents– Complete Control of Victim’s Machine– Client/Server Architecture
• Server Communicates with Attacker through Outbound HTTP & FTP Channels• Client directs Agent through Inbound Email and Web Browsing Channels• Programming API Permits Controlling Traffic to be Encrypted with Plug-Ins• Plug-Ins Permit Newly Propagated Versions to Register with Home-Base
– e.g. Back Orifice and NetBus
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Malicious Software Agents (Zeltser, 2000) (continued…)
• Coordinated Attack Agents– Complete Control of Victim’s Machine– Client/Server Architecture
• Multiple Clients Operate from Compromised Machines• Difficult to Trace
– e.g. Trinoo and TFN
• Advanced Malicious Agents– Builds on Strengths of Previously Described Agents– Alleviates Their Weaknesses– e.g. RingZero Trojan
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Veracity Agent Network (VAN) - A Society of Protection Agents -
• Monitoring Agents - Incoming/Outgoing Traffic & Unusual Local Activity
• Filtering Agents - Filters (Blocks) Unwanted Activity• Masking Agents - Masks Identify (Hides or Falsifies)• Tracking Agents - Track & Identify Unknown Sources• Information Agents - Explains Activities to Users• Proactive Agents - Build User Profiles of Attackers;
Report Violations; Alter Code of Intrusive Agents; Search & Destroy
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
VAN Functionality: Ensuring Good “Underworld” Etiquette?
• Monitoring, Intercepting & Controlling Cookie Traffic
• Monitoring Automatic Version Checkers Sending Personal Info to Company Sites– (e.g. usage statistics correlated with software Serial No.)
• Blocking Unwanted Transmission of Personal Info – (e.g. credit card numbers, email address)
• Stripping Browser Type, Platform & OS Info Sent With Every Request for Web Page
• Blocking Banner Ads; Automatic Closing of Pop-Up Ads
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Current Level of Development: Monitoring Agents
• Internet Traffic Can Be Intercepted Either: – leaving an application & passing to the OS– leaving the OS & passing to network
• Both Require Low-Level Drivers to Intercept Data
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Current Level of Development: Monitoring Agents (continued…)
• Look Up IP Addresses Automatically Using “whois”
• Determine Usage Stats Being Collected, by RealPlayer
• Port Number Look-Up (65K+ Ports): Identify Type of Traffic Using Ports & Build a DataBase
• Identify Information Sent Out Without Asking User– cookies– software update requests– AOL messenger activity– usage stats
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Current Level of Development: Monitoring Agents (continued…)
• Outside Attempts to Access System
• Personal Info Being Sent Out– e.g. credit card numbers; email addresses; passwords
• System Info Sent Out While Web Browsing– e.g. browser type, operating system, type of computer
• Monitor Email to...– identify common Internet hoaxes & scams– compile statistics on incoming messages for future use
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Support Technology
• NetTraffic & WinpCap - Monitors Low-Level Event Traffic on PC
• Current Open Source Code from Politecnico di Torino– http://winpcap.polito.it/
• Original UNIX Pcap Developed at Berkeley
• Higher-Level Functionality is Needed to Interpret & Use That Information
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
User Requirements
• Protection Only - Don’t Bother Me With Details
• Track Activities (At Least in the Beginning)
• See Explanations of Activity; ID Sources; Report Intrusions & Misuse of Information
• Be Proactive Realtive to Intruders
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
“User” Models
• For Actual User (Encrypted)
• For Several Masked Versions of Own User
• For “Friends” of Own User
• For Tracked (Potentially Malicious) Sources
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
Possibility of Agent Wars• Disseminate Info Other Agents Created To Block
• Misrepresent Themselves For Nefarious Purposes
• Hack Other Agents to Prevent Them from Achieving Competing Goals
Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M
The Future of “Underworld” Internet Computing
• “Underworld” of the Internet - The “Wild West”
• Few Rules and Little Explicit “Consideration of Others,” as We Defined as the Source of Good Etiquette
• Helplessness of Average User to Protect Themselves From This “Underworld” Activity Will Help Drive Etiquette
• Our Goal: Agents to Help Ensure You Are “Taken Into Consideration,” in this New World of Ubiquitous Internet Computing