-
Privacy or Transparency? Negotiated Smartphone Access as a Signifier of Trust in Romantic Relationships
Authors:
Periwinkle Doerfler,
Kieron Ivy Turk,
Chris Geeng,
Damon McCoy,
Jeffrey Ackerman,
Molly Dragiewicz
Abstract:
In this work, we analyze two large-scale surveys to examine how individuals think about sharing smartphone access with romantic partners as a function of trust in relationships. We find that the majority of couples have access to each others' devices, but may have explicit or implicit boundaries on how this access is to be used. Investigating these boundaries and related social norms, we find that…
▽ More
In this work, we analyze two large-scale surveys to examine how individuals think about sharing smartphone access with romantic partners as a function of trust in relationships. We find that the majority of couples have access to each others' devices, but may have explicit or implicit boundaries on how this access is to be used. Investigating these boundaries and related social norms, we find that there is little consensus about the level of smartphone access (i.e., transparency), or lack thereof (i.e., privacy) that is desirable in romantic contexts. However, there is broad agreement that the level of access should be mutual and consensual. Most individuals understand trust to be the basis of their decisions about transparency and privacy. Furthermore, we find individuals have crossed these boundaries, violating their partners' privacy and betraying their trust. We examine how, when, why, and by whom these betrayals occur. We consider the ramifications of these boundary violations in the case of intimate partner violence. Finally, we provide recommendations for design changes to enable technological enforcement of boundaries currently enforced by trust, bringing access control in line with users' sharing preferences.
△ Less
Submitted 5 July, 2024;
originally announced July 2024.
-
Global-Liar: Factuality of LLMs over Time and Geographic Regions
Authors:
Shujaat Mirza,
Bruno Coelho,
Yuyuan Cui,
Christina Pöpper,
Damon McCoy
Abstract:
The increasing reliance on AI-driven solutions, particularly Large Language Models (LLMs) like the GPT series, for information retrieval highlights the critical need for their factuality and fairness, especially amidst the rampant spread of misinformation and disinformation online. Our study evaluates the factual accuracy, stability, and biases in widely adopted GPT models, including GPT-3.5 and G…
▽ More
The increasing reliance on AI-driven solutions, particularly Large Language Models (LLMs) like the GPT series, for information retrieval highlights the critical need for their factuality and fairness, especially amidst the rampant spread of misinformation and disinformation online. Our study evaluates the factual accuracy, stability, and biases in widely adopted GPT models, including GPT-3.5 and GPT-4, contributing to reliability and integrity of AI-mediated information dissemination.
We introduce 'Global-Liar,' a dataset uniquely balanced in terms of geographic and temporal representation, facilitating a more nuanced evaluation of LLM biases. Our analysis reveals that newer iterations of GPT models do not always equate to improved performance. Notably, the GPT-4 version from March demonstrates higher factual accuracy than its subsequent June release. Furthermore, a concerning bias is observed, privileging statements from the Global North over the Global South, thus potentially exacerbating existing informational inequities. Regions such as Africa and the Middle East are at a disadvantage, with much lower factual accuracy. The performance fluctuations over time suggest that model updates may not consistently benefit all regions equally.
Our study also offers insights into the impact of various LLM configuration settings, such as binary decision forcing, model re-runs and temperature, on model's factuality. Models constrained to binary (true/false) choices exhibit reduced factuality compared to those allowing an 'unclear' option. Single inference at a low temperature setting matches the reliability of majority voting across various configurations. The insights gained highlight the need for culturally diverse and geographically inclusive model training and evaluation. This approach is key to achieving global equity in technology, distributing AI benefits fairly worldwide.
△ Less
Submitted 31 January, 2024;
originally announced January 2024.
-
Money Over Morals: A Business Analysis of Conti Ransomware
Authors:
Ian W. Gray,
Jack Cable,
Benjamin Brown,
Vlad Cuiujuclu,
Damon McCoy
Abstract:
Ransomware operations have evolved from relatively unsophisticated threat actors into highly coordinated cybercrime syndicates that regularly extort millions of dollars in a single attack. Despite dominating headlines and crippling businesses across the globe, there is relatively little in-depth research into the modern structure and economics of ransomware operations.
In this paper, we leverage…
▽ More
Ransomware operations have evolved from relatively unsophisticated threat actors into highly coordinated cybercrime syndicates that regularly extort millions of dollars in a single attack. Despite dominating headlines and crippling businesses across the globe, there is relatively little in-depth research into the modern structure and economics of ransomware operations.
In this paper, we leverage leaked chat messages to provide an in-depth empirical analysis of Conti, one of the largest ransomware groups. By analyzing these chat messages, we construct a picture of Conti's operations as a highly-profitable business, from profit structures to employee recruitment and roles. We present novel methodologies to trace ransom payments, identifying over $80 million in likely ransom payments to Conti and its predecessor -- over five times as much as in previous public datasets. As part of our work, we publish a dataset of 666 labeled Bitcoin addresses related to Conti and an additional 75 Bitcoin addresses of likely ransom payments. Future work can leverage this case study to more effectively trace -- and ultimately counteract -- ransomware activity.
△ Less
Submitted 23 April, 2023;
originally announced April 2023.
-
Understanding the (In)Effectiveness of Content Moderation: A Case Study of Facebook in the Context of the U.S. Capitol Riot
Authors:
Ian Goldstein,
Laura Edelson,
Minh-Kha Nguyen,
Oana Goga,
Damon McCoy,
Tobias Lauinger
Abstract:
Social media networks commonly employ content moderation as a tool to limit the spread of harmful content. However, the efficacy of this strategy in limiting the delivery of harmful content to users is not well understood. In this paper, we create a framework to quantify the efficacy of content moderation and use our metrics to analyze content removal on Facebook within the U.S. news ecosystem. In…
▽ More
Social media networks commonly employ content moderation as a tool to limit the spread of harmful content. However, the efficacy of this strategy in limiting the delivery of harmful content to users is not well understood. In this paper, we create a framework to quantify the efficacy of content moderation and use our metrics to analyze content removal on Facebook within the U.S. news ecosystem. In a data set of over 2M posts with 1.6B user engagements collected from 2,551 U.S. news sources before and during the Capitol Riot on January 6, 2021, we identify 10,811 removed posts. We find that the active engagement life cycle of Facebook posts is very short, with 90% of all engagement occurring within the first 30 hours after posting. Thus, even relatively quick intervention allowed significant accrual of engagement before removal, and prevented only 21% of the predicted engagement potential during a baseline period before the U.S. Capitol attack. Nearly a week after the attack, Facebook began removing older content, but these removals occurred so late in these posts' engagement life cycles that they disrupted less than 1% of predicted future engagement, highlighting the limited impact of this intervention. Content moderation likely has limits in its ability to prevent engagement, especially in a crisis, and we recommend that other approaches such as slowing down the rate of content diffusion be investigated.
△ Less
Submitted 21 February, 2023; v1 submitted 6 January, 2023;
originally announced January 2023.
-
Conspiracy Brokers: Understanding the Monetization of YouTube Conspiracy Theories
Authors:
Cameron Ballard,
Ian Goldstein,
Pulak Mehta,
Genesis Smothers,
Kejsi Take,
Victoria Zhong,
Rachel Greenstadt,
Tobias Lauinger,
Damon McCoy
Abstract:
Conspiracy theories are increasingly a subject of research interest as society grapples with their rapid growth in areas such as politics or public health. Previous work has established YouTube as one of the most popular sites for people to host and discuss different theories. In this paper, we present an analysis of monetization methods of conspiracy theorist YouTube creators and the types of adv…
▽ More
Conspiracy theories are increasingly a subject of research interest as society grapples with their rapid growth in areas such as politics or public health. Previous work has established YouTube as one of the most popular sites for people to host and discuss different theories. In this paper, we present an analysis of monetization methods of conspiracy theorist YouTube creators and the types of advertisers potentially targeting this content. We collect 184,218 ad impressions from 6,347 unique advertisers found on conspiracy-focused channels and mainstream YouTube content. We classify the ads into business categories and compare their prevalence between conspiracy and mainstream content. We also identify common offsite monetization methods. In comparison with mainstream content, conspiracy videos had similar levels of ads from well-known brands, but an almost eleven times higher prevalence of likely predatory or deceptive ads. Additionally, we found that conspiracy channels were more than twice as likely as mainstream channels to use offsite monetization methods, and 53% of the demonetized channels we observed were linking to third-party sites for alternative monetization opportunities. Our results indicate that conspiracy theorists on YouTube had many potential avenues to generate revenue, and that predatory ads were more frequently served for conspiracy videos.
△ Less
Submitted 31 May, 2022;
originally announced May 2022.
-
Ethics and Efficacy of Unsolicited Anti-Trafficking SMS Outreach
Authors:
Rasika Bhalerao,
Nora McDonald,
Hanna Barakat,
Vaughn Hamilton,
Damon McCoy,
Elissa M. Redmiles
Abstract:
The sex industry exists on a continuum based on the degree of work autonomy present in labor conditions: a high degree exists on one side of the continuum where independent sex workers have a great deal of agency, while much less autonomy exists on the other side, where sex is traded under conditions of human trafficking. Organizations across North America perform outreach to sex industry workers…
▽ More
The sex industry exists on a continuum based on the degree of work autonomy present in labor conditions: a high degree exists on one side of the continuum where independent sex workers have a great deal of agency, while much less autonomy exists on the other side, where sex is traded under conditions of human trafficking. Organizations across North America perform outreach to sex industry workers to offer assistance in the form of services (e.g., healthcare, financial assistance, housing), prayer, and intervention. Increasingly, technology is used to look for trafficking victims or facilitate the provision of assistance or services, for example through scra** and parsing sex industry workers' advertisements into a database of contact information that can be used by outreach organizations. However, little is known about the efficacy of anti-trafficking outreach technology, nor the potential risks of using it to identify and contact the highly stigmatized and marginalized population of those working in the sex industry.
In this work, we investigate the use, context, benefits, and harms of an anti-trafficking technology platform via qualitative interviews with multiple stakeholders: the technology developers (n=6), organizations that use the technology (n=17), and sex industry workers who have been contacted or wish to be contacted (n=24). Our findings illustrate misalignment between developers, users of the platform, and sex industry workers they are attempting to assist. In their current state, anti-trafficking outreach tools such as the one we investigate are ineffective and, at best, serve as a mechanism for spam and, at worst, scale and exacerbate harm against the population they aim to serve. We conclude with a discussion of best practices for technology-facilitated outreach efforts to minimize risk or harm to sex industry workers while efficiently providing needed services.
△ Less
Submitted 19 February, 2022;
originally announced February 2022.
-
"I'm a Professor, which isn't usually a dangerous job": Internet-Facilitated Harassment and its Impact on Researchers
Authors:
Periwinkle Doerfler,
Andrea Forte,
Emiliano De Cristofaro,
Gianluca Stringhini,
Jeremy Blackburn,
Damon McCoy
Abstract:
While the Internet has dramatically increased the exposure that research can receive, it has also facilitated harassment against scholars. To understand the impact that these attacks can have on the work of researchers, we perform a series of systematic interviews with researchers including academics, journalists, and activists, who have experienced targeted, Internet-facilitated harassment. We pr…
▽ More
While the Internet has dramatically increased the exposure that research can receive, it has also facilitated harassment against scholars. To understand the impact that these attacks can have on the work of researchers, we perform a series of systematic interviews with researchers including academics, journalists, and activists, who have experienced targeted, Internet-facilitated harassment. We provide a framework for understanding the types of harassers that target researchers, the harassment that ensues, and the personal and professional impact on individuals and academic freedom. We then study preventative and remedial strategies available, and the institutions that prevent some of these strategies from being more effective. Finally, we discuss the ethical structures that could facilitate more equitable access to participating in research without serious personal suffering.
△ Less
Submitted 22 April, 2021; v1 submitted 22 April, 2021;
originally announced April 2021.
-
The illicit trade of COVID-19 vaccines on the dark web
Authors:
Alberto Bracci,
Matthieu Nadini,
Maxwell Aliapoulios,
Damon McCoy,
Ian Gray,
Alexander Teytelboym,
Angela Gallo,
Andrea Baronchelli
Abstract:
Early analyses revealed that dark web marketplaces (DWMs) started offering COVID-19 related products (e.g., masks and COVID-19 tests) as soon as the COVID-19 pandemic started, when these goods were in shortage in the traditional economy. Here, we broaden the scope and depth of previous investigations by analysing 194 DWMs until July 2021, including the crucial period in which vaccines became avail…
▽ More
Early analyses revealed that dark web marketplaces (DWMs) started offering COVID-19 related products (e.g., masks and COVID-19 tests) as soon as the COVID-19 pandemic started, when these goods were in shortage in the traditional economy. Here, we broaden the scope and depth of previous investigations by analysing 194 DWMs until July 2021, including the crucial period in which vaccines became available, and by considering the wider impact of the pandemic on DWMs. First, we focus on vaccines. We find 250 listings offering approved vaccines, like Pfizer/BioNTech and AstraZeneca, as well as vendors offering fabricated proofs of vaccination and COVID-19 passports. Second, we consider COVID-19 related products. We reveal that, as the regular economy has become able to satisfy the demand of these goods, DWMs have decreased their offer. Third, we analyse the profile of vendors of COVID-19 related products and vaccines. We find that most of them are specialized in a single type of listings and are willing to ship worldwide. Finally, we consider a broader set of listings mentioning COVID-19 as proxy for the general impact of the pandemic on these DWMs . Among 10,330 such listings, we show that recreational drugs are the most affected among traditional DWMs product, with COVID-19 mentions steadily increasing since March 2020. We anticipate that our effort is of interest to researchers, practitioners, and law enforcement agencies focused on the study and safeguard of public health.
△ Less
Submitted 4 April, 2022; v1 submitted 10 February, 2021;
originally announced February 2021.
-
Understanding Incentivized Mobile App Installs on Google Play Store
Authors:
Shehroze Farooqi,
Álvaro Feal,
Tobias Lauinger,
Damon McCoy,
Zubair Shafiq,
Narseo Vallina-Rodriguez
Abstract:
"Incentivized" advertising platforms allow mobile app developers to acquire new users by directly paying users to install and engage with mobile apps (e.g., create an account, make in-app purchases). Incentivized installs are banned by the Apple App Store and discouraged by the Google Play Store because they can manipulate app store metrics (e.g., install counts, appearance in top charts). Yet, ma…
▽ More
"Incentivized" advertising platforms allow mobile app developers to acquire new users by directly paying users to install and engage with mobile apps (e.g., create an account, make in-app purchases). Incentivized installs are banned by the Apple App Store and discouraged by the Google Play Store because they can manipulate app store metrics (e.g., install counts, appearance in top charts). Yet, many organizations still offer incentivized install services for Android apps. In this paper, we present the first study to understand the ecosystem of incentivized mobile app install campaigns in Android and its broader ramifications through a series of measurements. We identify incentivized install campaigns that require users to install an app and perform in-app tasks targeting manipulation of a wide variety of user engagement metrics (e.g., daily active users, user session lengths) and revenue. Our results suggest that these artificially inflated metrics can be effective in improving app store metrics as well as hel** mobile app developers to attract funding from venture capitalists. Our study also indicates lax enforcement of the Google Play Store's existing policies to prevent these behaviors. It further motivates the need for stricter policing of incentivized install campaigns. Our proposed measurements can also be leveraged by the Google Play Store to identify potential policy violations.
△ Less
Submitted 4 October, 2020;
originally announced October 2020.
-
Dark Web Marketplaces and COVID-19: before the vaccine
Authors:
Alberto Bracci,
Matthieu Nadini,
Maxwell Aliapoulios,
Damon McCoy,
Ian Gray,
Alexander Teytelboym,
Angela Gallo,
Andrea Baronchelli
Abstract:
The COVID-19 pandemic has reshaped the demand for goods and services worldwide. The combination of a public health emergency, economic distress, and misinformation-driven panic have pushed customers and vendors towards the shadow economy. In particular, dark web marketplaces (DWMs), commercial websites accessible via free software, have gained significant popularity. Here, we analyse 851,199 listi…
▽ More
The COVID-19 pandemic has reshaped the demand for goods and services worldwide. The combination of a public health emergency, economic distress, and misinformation-driven panic have pushed customers and vendors towards the shadow economy. In particular, dark web marketplaces (DWMs), commercial websites accessible via free software, have gained significant popularity. Here, we analyse 851,199 listings extracted from 30 DWMs between January 1, 2020 and November 16, 2020. We identify 788 listings directly related to COVID-19 products and monitor the temporal evolution of product categories including Personal Protective Equipment (PPE), medicines (e.g., hydroxyclorochine), and medical frauds. Finally, we compare trends in their temporal evolution with variations in public attention, as measured by Twitter posts and Wikipedia page visits. We reveal how the online shadow economy has evolved during the COVID-19 pandemic and highlight the importance of a continuous monitoring of DWMs, especially now that real vaccines are available and in short supply. We anticipate our analysis will be of interest both to researchers and public agencies focused on the protection of public health.
△ Less
Submitted 26 January, 2021; v1 submitted 4 August, 2020;
originally announced August 2020.
-
The Tools and Tactics Used in Intimate Partner Surveillance: An Analysis of Online Infidelity Forums
Authors:
Emily Tseng,
Rosanna Bellini,
Nora McDonald,
Matan Danos,
Rachel Greenstadt,
Damon McCoy,
Nicola Dell,
Thomas Ristenpart
Abstract:
Abusers increasingly use spyware apps, account compromise, and social engineering to surveil their intimate partners, causing substantial harms that can culminate in violence. This form of privacy violation, termed intimate partner surveillance (IPS), is a profoundly challenging problem to address due to the physical access and trust present in the relationship between the target and attacker. Whi…
▽ More
Abusers increasingly use spyware apps, account compromise, and social engineering to surveil their intimate partners, causing substantial harms that can culminate in violence. This form of privacy violation, termed intimate partner surveillance (IPS), is a profoundly challenging problem to address due to the physical access and trust present in the relationship between the target and attacker. While previous research has examined IPS from the perspectives of survivors, we present the first measurement study of online forums in which (potential) attackers discuss IPS strategies and techniques. In domains such as cybercrime, child abuse, and human trafficking, studying the online behaviors of perpetrators has led to better threat intelligence and techniques to combat attacks. We aim to provide similar insights in the context of IPS. We identified five online forums containing discussion of monitoring cellphones and other means of surveilling an intimate partner, including three within the context of investigating relationship infidelity. We perform a mixed-methods analysis of these forums, surfacing the tools and tactics that attackers use to perform surveillance. Via qualitative analysis of forum content, we present a taxonomy of IPS strategies used and recommended by attackers, and synthesize lessons for technologists seeking to curb the spread of IPS.
△ Less
Submitted 28 May, 2020;
originally announced May 2020.
-
An Analysis of United States Online Political Advertising Transparency
Authors:
Laura Edelson,
Shikhar Sakhuja,
Ratan Dey,
Damon McCoy
Abstract:
During the summer of 2018, Facebook, Google, and Twitter created policies and implemented transparent archives that include U.S. political advertisements which ran on their platforms. Through our analysis of over 1.3 million ads with political content, we show how different types of political advertisers are disseminating U.S. political messages using Facebook, Google, and Twitter's advertising pl…
▽ More
During the summer of 2018, Facebook, Google, and Twitter created policies and implemented transparent archives that include U.S. political advertisements which ran on their platforms. Through our analysis of over 1.3 million ads with political content, we show how different types of political advertisers are disseminating U.S. political messages using Facebook, Google, and Twitter's advertising platforms. We find that in total, ads with political content included in these archives have generated between 8.67 billion - 33.8 billion impressions and that sponsors have spent over $300 million USD on advertising with U.S. political content.
We are able to improve our understanding of political advertisers on these platforms. We have also discovered a significant amount of advertising by quasi for-profit media companies that appeared to exist for the sole purpose of creating deceptive online communities focused on spreading political messaging and not for directly generating profits. Advertising by such groups is a relatively recent phenomenon, and appears to be thriving on online platforms due to the lower regulatory requirements compared to traditional advertising platforms.
We have found through our attempts to collect and analyze this data that there are many limitations and weaknesses that enable intentional or accidental deception and bypassing of the current implementations of these transparency archives. We provide several suggestions for how these archives could be made more robust and useful. Overall, these efforts by Facebook, Google, and Twitter have improved political advertising transparency of honest and, in some cases, possibly dishonest advertisers on their platforms. We thank the people at these companies who have built these archives and continue to improve them.
△ Less
Submitted 12 February, 2019;
originally announced February 2019.
-
Towards Automatic Discovery of Cybercrime Supply Chains
Authors:
Rasika Bhalerao,
Maxwell Aliapoulios,
Ilia Shumailov,
Sadia Afroz,
Damon McCoy
Abstract:
Cybercrime forums enable modern criminal entrepreneurs to collaborate with other criminals into increasingly efficient and sophisticated criminal endeavors. Understanding the connections between different products and services can often illuminate effective interventions. However, generating this understanding of supply chains currently requires time-consuming manual effort.
In this paper, we pr…
▽ More
Cybercrime forums enable modern criminal entrepreneurs to collaborate with other criminals into increasingly efficient and sophisticated criminal endeavors. Understanding the connections between different products and services can often illuminate effective interventions. However, generating this understanding of supply chains currently requires time-consuming manual effort.
In this paper, we propose a language-agnostic method to automatically extract supply chains from cybercrime forum posts and replies. Our supply chain detection algorithm can identify 36% and 58% relevant chains within major English and Russian forums, respectively, showing improvements over the baselines of 13% and 36%, respectively. Our analysis of the automatically generated supply chains demonstrates underlying connections between products and services within these forums. For example, the extracted supply chain illuminated the connection between hack-for-hire services and the selling of rare and valuable `OG' accounts, which has only recently been reported. The understanding of connections between products and services exposes potentially effective intervention points.
△ Less
Submitted 4 December, 2018; v1 submitted 2 December, 2018;
originally announced December 2018.
-
Under the Underground: Predicting Private Interactions in Underground Forums
Authors:
Rebekah Overdorf,
Carmela Troncoso,
Rachel Greenstadt,
Damon McCoy
Abstract:
Underground forums where users discuss, buy, and sell illicit services and goods facilitate a better understanding of the economy and organization of cybercriminals. Prior work has shown that in particular private interactions provide a wealth of information about the cybercriminal ecosystem. Yet, those messages are seldom available to analysts, except when there is a leak. To address this problem…
▽ More
Underground forums where users discuss, buy, and sell illicit services and goods facilitate a better understanding of the economy and organization of cybercriminals. Prior work has shown that in particular private interactions provide a wealth of information about the cybercriminal ecosystem. Yet, those messages are seldom available to analysts, except when there is a leak. To address this problem we propose a supervised machine learning based method able to predict which public \threads will generate private messages, after a partial leak of such messages has occurred. To the best of our knowledge, we are the first to develop a solution to overcome the barrier posed by limited to no information on private activity for underground forum analysis. Additionally, we propose an automate method for labeling posts, significantly reducing the cost of our approach in the presence of real unlabeled data. This method can be tuned to focus on the likelihood of users receiving private messages, or \threads triggering private interactions. We evaluate the performance of our methods using data from three real forum leaks. Our results show that public information can indeed be used to predict private activity, although prediction models do not transfer well between forums. We also find that neither the length of the leak period nor the time between the leak and the prediction have significant impact on our technique's performance, and that NLP features dominate the prediction power.
△ Less
Submitted 11 May, 2018;
originally announced May 2018.
-
Identifying Products in Online Cybercrime Marketplaces: A Dataset for Fine-grained Domain Adaptation
Authors:
Greg Durrett,
Jonathan K. Kummerfeld,
Taylor Berg-Kirkpatrick,
Rebecca S. Portnoff,
Sadia Afroz,
Damon McCoy,
Kirill Levchenko,
Vern Paxson
Abstract:
One weakness of machine-learned NLP models is that they typically perform poorly on out-of-domain data. In this work, we study the task of identifying products being bought and sold in online cybercrime forums, which exhibits particularly challenging cross-domain effects. We formulate a task that represents a hybrid of slot-filling information extraction and named entity recognition and annotate d…
▽ More
One weakness of machine-learned NLP models is that they typically perform poorly on out-of-domain data. In this work, we study the task of identifying products being bought and sold in online cybercrime forums, which exhibits particularly challenging cross-domain effects. We formulate a task that represents a hybrid of slot-filling information extraction and named entity recognition and annotate data from four different forums. Each of these forums constitutes its own "fine-grained domain" in that the forums cover different market sectors with different properties, even though all forums are in the broad domain of cybercrime. We characterize these domain differences in the context of a learning-based system: supervised models see decreased accuracy when applied to new forums, and standard techniques for semi-supervised learning and domain adaptation have limited effectiveness on this data, which suggests the need to improve these techniques. We release a dataset of 1,938 annotated posts from across the four forums.
△ Less
Submitted 31 August, 2017;
originally announced August 2017.
-
Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services
Authors:
Mohammad Karami,
Youngsam Park,
Damon McCoy
Abstract:
DDoS-for-hire services, also known as booters, have commoditized DDoS attacks and enabled abusive subscribers of these services to cheaply extort, harass and intimidate businesses and people by knocking them offline. However, due to the underground nature of these booters, little is known about their underlying technical and business structure. In this paper we empirically measure many facets of t…
▽ More
DDoS-for-hire services, also known as booters, have commoditized DDoS attacks and enabled abusive subscribers of these services to cheaply extort, harass and intimidate businesses and people by knocking them offline. However, due to the underground nature of these booters, little is known about their underlying technical and business structure. In this paper we empirically measure many facets of their technical and payment infrastructure. We also perform an analysis of leaked and scraped data from three major booters---Asylum Stresser, Lizard Stresser and VDO---which provides us with an in-depth view of their customers and victims. Finally, we conduct a large-scale payment intervention in collaboration with PayPal and evaluate its effectiveness. Based on our analysis we show that these services are responsible for hundreds of thousands of DDoS attacks and identify potentially promising methods of increasing booters' costs and undermining these services.
△ Less
Submitted 13 August, 2015;
originally announced August 2015.