Understanding Politically Motivated Adversaries: Targeted Threats and Censorship Product Fingerprinting

07 Dec
Wednesday, 12/07/2016 1:15pm to 2:20pm
Computer Science Building, Room 151
Security Seminar
Speaker: Phillipa Gill

Abstract: Politically motivated adversaries change the way we think of attacks on the  Internet. Unlike conventional online adversaries, who are motivated by economic gain, politically motivated adversaries are motivated to gain and  control access to information and are willing to expend time and money to achieve their goals. In this talk, I will discuss research that characterizes the level of sophistication of targeted malware attacks and techniques to fingerprint specific instances of filtering technology used to violate human rights.

I will discuss our study of targeted malware attacks faced by civil society  organizations which characterizes malicious e-mails received by 10 civil  society organizations over a period of 4 years.  We find that the technical  sophistication of malware we observe is fairly low, with more effort placed on socially engineering the e-mail content. Based on this observation, we develop the Targeted Threat Index (TTI), a metric which incorporates both social engineering and technical sophistication when assessing the risk of malware threats. We demonstrate that this metric is more effective than simple technical sophistication for identifying malware threats with the highest potential to successfully compromise victims.

My talk will also present methods we have developed to identify and confirm the use of specific filtering technologies around the world. The first method leverages a combination of network scanning and in-country network measurements. Using this method we are able to confirm the use of two different filtering products in four different countries. The second method uses the fact that filtering products use common templates when generating block pages to enable a retrospective look at product usage. We apply this technique on five years of data from the OpenNet Initiative and are able to identify installations of products that were missed in prior (manual) analysis of the data.

Bio: Phillipa Gill is an assistant professor in the Computer Science Department at the University of Massachusetts -- Amherst. Her work focuses on many aspects of computer networking and security with a focus on designing novel network measurement techniques to understand online information controls, network interference, and inter-domain routing. She currently leads the ICLab project which is working to develop a network measurement platform specifically for online information controls. She was recently included on N2Women's list of 10 women in networking to watch. She has received the NSF CAREER award, Google Faculty Research Award and best paper awards at the ACM Internet Measurement Conference (characterizing online aggregators), and Passive and Active Measurement Conference (characterizing interconnectivity of large content providers).