Stephen McCombie

Stuxnet : the emergence of a new cyber weapon and its implications

The malware Stuxnet was designed to sabotage the Iranian nuclear programme by targeting industrial control systems (ICSs). The potential for cyber attacks to be a significant threat to critical infrastructure has been discussed over the last 15 years, but it was only in 2010 that this potential was finally realised with the advent of Stuxnet. Stuxnet, unlike the malware that came before it, is highly targeted and designed to achieve a real-world outcome. Stuxnet has challenged assumptions about environments not connected to the internet and the belief that network defences will protect facilities from vulnerabilities in software applications. This paper examines Stuxnets forerunners, Stuxnet in detail, its target, and its implication for critical infrastructure. Whatever the cost to create Stuxnet, it was far less than the cost of a traditional military attack. Future versions of Stuxnet may be used by nation states, terrorist groups, hacktivists and cyber criminals to achieve their own goals. In the future, cyber weapons may not be as restrained as Stuxnet. This malware has started a new arms race, and has created serious implications for the security of critical infrastructure worldwide.

A Preliminary Profiling of Internet Money Mules: An Australian Perspective

Along with the massive growth in Internet commerce over the last ten years there has been a corresponding boom in Internet related crime, or cybercrime. According to research recently released by the Australian Bureau of Statistics in 2006 57,000 Australians aged 15 years and over fell victim to phishing and related Internet scams. Of all the victims of cybercrime, only one group is potentially subject to criminal prosecution: ‘Internet money mules’ – those who, either knowingly or unknowingly, launder money. This paper examines the demographic profile – specifically age, gender and postcode – related to 660 confirmed money mule incidents recorded during the calendar year 2007, for a major Australian financial institution. This data is compared to ABS statistics of Internet usage in 2006. There is clear evidence of a strong gender bias towards males, particularly in the older age group. This is directly relevant when considering education and training programs for both corporations and the community on the issues surrounding Internet money mule scams and in ultimately understanding the problem of Internet banking fraud.

Winning the Phishing War: A Strategy for Australia

Phishing, a form of on-line identity theft, is a major problem worldwide, accounting for more than

Authorship Attribution of IRC Messages Using Inverse Author Frequency

7.5 Billion in losses in the US alone between 2005 and 2008. Australia was the first country to be targeted by Internet bank phishing in 2003 and continues to have a significant problem in this area. The major cyber crime groups responsible for phishing are based in Eastern Europe. They operate with a large degree of freedom due to the inherent difficulties in cross border law enforcement and the current situation in Eastern Europe, particularly in Russia and the Ukraine. They employ highly sophisticated and efficient technical tools to compromise victims and subvert bank authentication systems. However because it is difficult for them to repatriate the fraudulently obtained funds directly they employ Internet money mules in Australia to transfer the money via Western Union or Money gram. It is proposed a strategy, which firstly places more focus by Australian law enforcement upon transactions via Western Union and Money gram to detect this money laundering, would significantly impact the success of the Phishing attack model. This combined with a technical monitoring of Trojan technology and education of potential Internet money mules to avoid being duped would provide a winning strategy for the war on phishing for Australia.

Visualization of ATM Usage Patterns to Detect Counterfeit Cards Usage

Internet Relay Chat (IRC) is a useful and relatively simple protocol for text based chat online, used in a variety of areas online such as for discussion and technical support. IRC is also used for cybercrime, with online rooms selling stolen credit card details, botnet access and malware. The reasons for the use of IRC in cybercrime include the widespread adoption and ease of use, but also focus around the anonymity granted by the protocol, allowing users to hide behind aliases that can be changed regularly. In this research, we apply authorship analysis techniques to be able to attribute chat messages to known aliases. A preliminary experiment shows that this application is very difficult, due to the short messages and repeated information. To improve the accuracy, we apply inverse-author-frequency (iaf) weighting, which gives higher weights to features used by fewer authors. This research is the first time that iaf has been applied to character n-gram models, previously being applied to word based models of authorship. We find that this improves the accuracy significantly for the RLP method and provides a platform for successful applications of authorship analysis in the future. Overall, the method achieves accuracies of over 55% in a very difficult application domain.

A methodology for analyzing the credential marketplace

People relish the flexibility of being able access their monetary assets when and where they need them. The abundance of cards able to withdraw funds from Automatic Teller Machines (ATMs) has not gone unnoticed by the cyber criminal element. Means for skimming and cloning cards exist and the market continues to grow. While the methods for obtaining access to anothers funds vary greatly, there are cases in which visualization of a class of card-present fraud can combine the visualization with the powerful abductive reasoning capabilities of the human mind to help identify the threat. As part of a defense-in-depth strategy, this can contribute to the evolution and refinement of rule sets that facilitate the detection of the crime prior to the cash-out phase of the illegal operation. This paper discusses card-present fraud and provides an example of how visualization techniques, coupled with human abductive reasoning, can be used to guide the evolution of analytical tools to help protect our digital assets.

FORENSIC CHARACTERISTICS OF PHISHING - Petty Theft or Organized Crime?

Purpose – Cybercrime has rapidly developed in recent years thanks in part to online markets for tools and credentials. Credential trading operates along the lines of a wholesale distribution model, where compromised credentials are bundled together for sale to end‐users. Thus, the criminals who specialize in obtaining credentials (through phishing, dumpster diving, etc.) are typically not the same as the end‐users. This research aims to propose an initial methodology for further understanding of how credentials are traded in online marketplaces (such as internet relay chat (IRC) channels), such as typical amounts charged per credential, and with a view to preliminary profiling, especially based on language identification.Design/methodology/approach – This research proposes an initial methodology for further understanding of how credentials are traded in online marketplaces (such as IRC channels), such as typical amounts charged per credential, and with a view to preliminary profiling, especially based on ...