Manuel Egele, Institute Junior Fellow, Gives Feb 10, 2016 Meet Our Fellows Talk

3:00 PM – 4:00 PM on Wednesday, February 10, 2016
Hariri Institute for Computing, Room 180
Refreshments to follow

Where’s the Money in Cyber-Crime?

Manuel Egele
Junior Faculty Fellow, Hariri Institute for Computing
Assistant Professor, Electrical and Computer Engineering Department

Abstract: Popular media constantly reminds us how cyber-criminals are out to hack our computers, invade our privacy, or disrupt the nation’s power-grid infrastructure. However, these reports rarely mention that many cyber-criminals are in this business simply to make money. With this in mind, we pose the question “how can a cyber-criminal turn their hacking operations into cash?”

This talk investigates three aspects that fuel cyber-criminal enterprises and allow them to turn a profit. First, we focus online social networks (OSNs), such as Facebook and Twitter, exploring why and how attackers compromise legitimate accounts on these networks, and proposing a countermeasure that automatically identifies when an account is compromised. In the absence of such a mechanism, the second aspect investigates how attackers can turn compromised OSN accounts directly into profit through follower-buying schemes. In such a scheme the attacker combines the compromised accounts and re-sells them to users who want to inflate their social standing. While re-selling regular OSN accounts in a follower-buying scheme might make sense, controlling popular accounts (e.g., celebrities or news agencies) open the door to much larger profits. To this end, attackers can leverage popular, compromised accounts to lure large numbers of victims onto malicious websites. In a drive-by download attack, merely visiting a malicious website infects a user’s computer with malware. This malware can spy on the user and transmit payment information, such as credit card numbers, back to the cyber-criminals. The third and final part of this talk will shed light on how cyber-criminals turn numbers and digits from credit cards into cash through reshipping scams. Our research efforts found that such scams are responsible for fraudulent transactions in excess of US$ 1B annually.

Bio: Professor Manuel Egele was selected as an Institute Junior Faculty Fellow in fall 2015. He is an assistant professor of Electrical and Computer Engineering at Boston University. His research interests span all areas of systems security—in particular mobile and embedded systems security, privacy, and malicious code analysis.  Prior to his appointment at Boston University, he was a systems scientist at Carnegie Mellon University. Before that he was a postdoctoral researcher at the Computer Security Group of the Department of Computer Science at the University of California, Santa Barbara. He received his M.Sc. and Ph.D. degrees in computer science from the University of Technology in Vienna.