Abstract
Identity theft — in particular through phishing — has become a major threat to privacy and a valuable means for (organized) cybercrime. In this paper, we propose a forensic framework that allows for profiling and tracing of the agents involved in phishing networks. The key idea is to apply phishing methods against phishing agents. In order to profile and trace phishers, their databases are filled with fingerprinted credentials (indistinguishable from real ones) whose deployment lures phishers to a fake system that simulates the original service.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
A. Adelsbach, S. Gajek, and J. Schwenk. Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures. In Information Security Practice and Experience Conference, 2005.
D. Agarwal. An empirical bayes approach to detect anomalies in dynamic multidimensional arrays. In ICDM’ 05: Proceedings of the Fifth IEEE International Conference on Data Mining, pages 26-33. IEEE Computer Society, 2005.
R. Beverly. A robust classifier for passive TCP/IP fingerprinting. In Passive and Active Network Measurement, LNCS, pages 158-167, 2004.
D. Birk, S. Gajek, F. Gröbert, and A.-R. Sadeghi. Phishing phishers-observing and tracing organized cybercrime. In ICIMP’07: Proceedings of the Second International Conference on Internet Monitoring and Protection. IEEE Computer Society, 2007.
M. Chandrasekaran, R. Chinchani, and S. Upadhyaya. Phoney: Mimicking user response to detect phishing attacks. wowmom, 0:668–672, 2006.
T. Fawcett and F. Provost. Fraud detection. In W. Kloesgen and J. Zytkow, editors, Handbook of Knowledge Discovery and Data Mining. Oxford University Press, 2002. CeDER Working Paper #IS-99-18, Stern School of Business, New York University, NY, NY 10012.
D. Florencio and C. Herley. Stopping a Phishing Attack, Even when the Victims Ignore Warnings. Technical Report MSR-TR-2005-142, Microsoft Research (MSR), 2005.
T. Kohno, A. Broido, and K. C. Claffy. Remote physical device fingerprintin. IEEE Trans. Dependable Sec. Comput, 2(2):93–108, 2005.
A. Litan. Increased Phishing and Online Attacks Cause Dip in Consumer Confidence. Gartner Study, June 2005.
A. Litan. Phishing Attacks Leapfrog Despite Attempts to Stop Them. Gartner Study, November 2006.
C. M. McRae, R. W. McGrew, and R. B. Vaughn. Honey tokens and web bugs: Developing reactive techniques for investigating phishing scams. Digital Forensic Practice, 1(3): 193–199, 2006.
R. Molva and G. Tsudik. Authentication method with impersonal token cards. In SP’91: Proceedings of the Symposium on Research in Security and Privacy, pages 55-65, May 1991.
T. Moore and R. Clayton. An empirical analysis of the current state of phishing attack and defence. In Workshop on the Economics of Information Security, 2007.
M. Najork and A. Heydon. On high-performance web crawling. Technical report, Compaq Systems Research Center, 2001.
V. Paxson. An analysis of using reflectors for distributed denial-of-service attacks. SIGCOMM Comput. Commun. Rev., 31(3):38–47, 2001.
S. L. Scott. A bayesian paradigm for designing intrusion detection systems. Computational Statistics & Data Analysis, 45(1):69–83, 2004.
M. Smart, G. R. Malan, and F. Jahanian. Defeating TCP/IP stack fingerprinting. In USENIX Security Symposium, 2000.
L. Spitzner. Honeytokens: The Other Honeypot, 2003. http://www. securityfocus.com/infocus/1713.
M. J. T. Jagatic, N. Johnson and F. Menczer. Social phishing, 2007. To appear in Communications of the ACM.
The Honeynet Project and Research Alliance. Know your Enemy: Phishing, Identifying remote hosts, without them knowing, 2005. http://www.honeynet.org/ papers/phishing/.
M. Zalewski and W. Stearns. Passive os fingerprinting tool, 2006. http://lcamtuf. coredump.cx/pof/README.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Gajek, S., Sadeghi, AR. (2008). A Forensic Framework for Tracing Phishers. In: Fischer-Hübner, S., Duquenoy, P., Zuccato, A., Martucci, L. (eds) The Future of Identity in the Information Society. Privacy and Identity 2007. IFIP — The International Federation for Information Processing, vol 262. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-79026-8_2
Download citation
DOI: https://doi.org/10.1007/978-0-387-79026-8_2
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-4629-4
Online ISBN: 978-0-387-79026-8
eBook Packages: Computer ScienceComputer Science (R0)