Abstract
We discuss nine ethical dilemmas which have arisen during the investigation of ‘notice and take-down’ regimes for Internet content. Issues arise when balancing the desire for accurate measurement to advance the security community’s understanding with the need to immediately reduce harm that is uncovered in the course of measurement. Research methods demand explanation to be accepted in peer-reviewed publications, yet the dissemination of knowledge may help miscreants improve their operations and avoid detection in the future. Finally, when researchers put forward solutions to problems they have identified, it is important that they ensure that their interventions demonstrably improve the situation and do not cause undue collateral damage.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ahlert, C., Marsden, C., Yung, C.: How ‘Liberty’ disappeared from cyberspace: the mystery shopper tests Internet content self-regulation (2004), http://pcmlp.socleg.ox.ac.uk/text/liberty.pdf
Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)
Chao, L.: China Porn Measures Raise Fear Of Censors. Wall Street Journal, page A10 (December 17, 2009), http://online.wsj.com/article/SB126098577403994051.html
Clayton, R.: Anonymity and Traceability in Cyberspace. Technical Report UCAM-CL-TR-653, University of Cambridge Computer Laboratory (2005)
Dittrich, D., Leder, F., Werner, T.: A Case Study in Ethical Decision Making Regarding Remote Mitigation of Botnets. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) RLCPS, WECSR, and WLC 2010. LNCS, vol. 6054, pp. 216–230. Springer, Heidelberg (2010)
Dornseif, M.: Government mandated blocking of foreign web content. In: von Knop, J., Haverkamp, W., Jessen, E. (eds.): Security, E-Learning, E-Services: Proceedings of the 17. DFN-Arbeitstagung über Kommunikationsnetze, Düsseldorf, Lecture Notes in Informatics, pp. 617–648 (2003)
Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of Internet miscreants. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), pp. 375–388. ACM Press, New York (2007)
Gill, C.: Hi-tech crime police quiz 19 people over Internet bank scam that netted hackers up to £20m from British accounts. Daily Mail (September 29, 2010), http://www.dailymail.co.uk/news/article-1316022/Nineteen-arrested-online-bank-raid-netted-20m.html
Hobbs, A.C. (Tomlinson, C. (ed.)): Locks and Safes: The Construction of Locks. Virtue and Co., London (1853)
Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: Spamalytics: an empirical analysis of spam marketing conversion. In: Proceedings of the 15th ACM CCS, pp. 3–14. ACM Press, New York (2008)
Kemmerer, R.: How to steal a botnet and what can happen when you do. Google Tech Talk (2009), http://www.youtube.com/watch?v=2GdqoQJa6r4
McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Transactions on Information and System Security 3(4), 262–294 (2000)
Moore, T.: How can we co-operate to tackle phishing? Light Blue Touchpaper (October 27, 2008), http://www.lightbluetouchpaper.org/2008/10/27/how-can-we-co-operate-to-tackle-phishing/
Moore, T., Clayton, R.: Examining the impact of website take-down on phishing. In: 2nd Anti-Phishing Working Group eCrime Researchers Summit (APWG eCrime), pp. 1–13. ACM Press, New York (2007)
Moore, T., Clayton, R.: The Impact of Incentives on Notice and Take-down. In: Eric Johnson, M. (ed.) Managing Information Risk and the Economics of Security, pp. 199–223. Springer, New York (2008)
Moore, T., Clayton, R.: The consequence of non-cooperation in the fight against phishing. In: Anti-Phishing Working Group eCrime Researchers Summit (APWG eCrime), pp. 1–14. IEEE (2008)
Moore, T., Clayton, R.: Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 256–272. Springer, Heidelberg (2009)
Moore, T., Clayton, R.: The impact of public information on phishing attack and defense. Communications and Strategies 81(1), 45–68 (2011)
Moran, T., Moore, T.: The Phish-Market Protocol: Securely Sharing Attack Data Between Competitors. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 222–237. Springer, Heidelberg (2010)
Mutton, P.: Mr-Brain: Stealing Phish from Fraudsters. Netcraft Blog (January 22, 2008), http://news.netcraft.com/archives/2008/01/22/mrbrain_stealing_phish_from_fraudsters.html
Nas, S.: The Multatuli project: ISP notice & take down. In: SANE (2004), http://www.bof.nl/docs/researchpaperSANE.pdf
Olsen, E.: A Contrary Perspective – Forced Data Sharing Will Decrease Performance and Reduce Protection. Cyveillance Blog (October 28, 2008), http://www.cyveillanceblog.com/phishing/a-contrary-perspective-%E2%80%93-forced-data-sharing-will-decrease-performance-and-reduce-protection
Perrow, M.: Click’s botnet experiment. BBC Editors blog (March 13, 2009), http://www.bbc.co.uk/blogs/theeditors/2009/03/click_botnet_experiment.html
Masons, P.: BBC programme broke law with botnets, says lawyer. Out-law news (March 12, 2009), http://www.out-law.com/page-9863
Pocock, S.J.: When to stop a clinical trial. British Medical Journal 305(6847), 235–240 (1992)
Provos, N., Mavrommatis, P., Rajab, M., Monrose, F.: All your iFrames point to us. In: 17th USENIX Security Symposium, pp. 1–15 (2008)
Rasmussen, R.: Personal Communication (August 13, 2010)
Rios, B.: Turning the Tables – Part I (September 27, 2010), http://xs-sniper.com/blog/2010/09/27/turning-the-tables/
Spafford, E.H.: Are computer hacker break-ins ethical? Journal of Systems and Software 17(1), 41–48 (1992)
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM CCS, pp. 635–647. ACM Press, New York (2009)
US Department of Justice: Manhattan U.S. Attorney Charges 37 Defendants Involved in Global Bank Fraud Schemes that Used ‘Zeus Trojan’ and Other Malware to Steal Millions of Dollars from U.S. Bank Accounts (press release September 30, 2010), http://newyork.fbi.gov/dojpressrel/pressrel10/nyfo093010.html
Vixie, P.: Taking Back the DNS. CircleID (July 30, 2010), http://www.circleid.com/posts/20100728_taking_back_the_dns/
Warner, G.: Is Russia joining the Zeus hunt? Cybercrime & Doing Time (October 4, 2010), http://garwarner.blogspot.com/2010/10/is-russia-joining-zeus-hunt.html
Weaver, R., Collins, M.P.: Fishing for phishes: applying capture-recapture methods to estimate phishing populations. In: Anti-Phishing Working Group eCrime Researchers Summit (APWG eCrime), pp. 14–25. ACM Press, New York (2007)
Wilkins, J.: Mercury: Or the Secret and Swift Messenger. Maynard and Wilkins, London (1641)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Moore, T., Clayton, R. (2012). Ethical Dilemmas in Take-Down Research. In: Danezis, G., Dietrich, S., Sako, K. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7126. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29889-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-29889-9_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29888-2
Online ISBN: 978-3-642-29889-9
eBook Packages: Computer ScienceComputer Science (R0)