Theses and Dissertations from UMD

Permanent URI for this communityhttp://hdl.handle.net/1903/2

New submissions to the thesis/dissertation collections are added automatically as they are received from the Graduate School. Currently, the Graduate School deposits all theses and dissertations from a given semester after the official graduation date. This means that there may be up to a 4 month delay in the appearance of a give thesis/dissertation in DRUM

More information is available at Theses and Dissertations at University of Maryland Libraries.

Browse

Filters

2013 - 20162

Settings

Subject: search.filters.subject.cybercrime

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Active Data Collection Techniques to Understand Online Scammers and Cybercriminals
    (2016) Park, Young Sam; Shi, Elaine; McCoy, Damon; Computer Science; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Nigerian scam, also known as advance fee fraud or 419 scam, is a prevalent form of online fraudulent activity that causes financial loss to individuals and businesses. Nigerian scam has evolved from simple non-targeted email messages to more sophisticated scams targeted at users of classifieds, dating and other websites. Even though such scams are observed and reported by users frequently, the community’s understanding of Nigerian scams is limited since the scammers operate “underground”. To better understand the underground Nigerian scam ecosystem and seek effective methods to deter Nigerian scam and cybercrime in general, we conduct a series of active and passive measurement studies. Relying upon the analysis and insight gained from the measurement studies, we make four contributions: (1) we analyze the taxonomy of Nigerian scam and derive long-term trends in scams; (2) we provide an insight on Nigerian scam and cybercrime ecosystems and their underground operation; (3) we propose a payment intervention as a potential deterrent to cybercrime operation in general and evaluate its effectiveness; and (4) we offer active and passive measurement tools and techniques that enable in-depth analysis of cybercrime ecosystems and deterrence on them. We first created and analyze a repository of more than two hundred thousand user-reported scam emails, stretching from 2006 to 2014, from four major scam reporting websites. We select ten most commonly observed scam categories and tag 2,000 scam emails randomly selected from our repository. Based upon the manually tagged dataset, we train a machine learning classifier and cluster all scam emails in the repository. From the clustering result, we find a strong and sustained upward trend for targeted scams and downward trend for non-targeted scams. We then focus on two types of targeted scams: sales scams and rental scams targeted users on Craigslist. We built an automated scam data collection system and gathered large-scale sales scam emails. Using the system we posted honeypot ads on Craigslist and conversed automatically with the scammers. Through the email conversation, the system obtained additional confirmation of likely scam activities and collected additional information such as IP addresses and shipping addresses. Our analysis revealed that around 10 groups were responsible for nearly half of the over 13,000 total scam attempts we received. These groups used IP addresses and shipping addresses in both Nigeria and the U.S. We also crawled rental ads on Craigslist, identified rental scam ads amongst the large number of benign ads and conversed with the potential scammers. Through in-depth analysis of the rental scams, we found seven major scam campaigns employing various operations and monetization methods. We also found that unlike sales scammers, most rental scammers were in the U.S. The large-scale scam data and in-depth analysis provide useful insights on how to design effective deterrence techniques against cybercrime in general. We study underground DDoS-for-hire services, also known as booters, and measure the effectiveness of undermining a payment system of DDoS Services. Our analysis shows that the payment intervention can have the desired effect of limiting cybercriminals’ ability and increasing the risk of accepting payments.
  • Thumbnail Image
    Item
    An Explanatory Model of Motivation for Cyber-Attacks Drawn from Criminological Theories
    (2013) Mandelcorn, Seymour Mordechai; Modarres, Mohammad; Mosleh, Ali; Mechanical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    A new influence model for Cyber Security is presented that deals with security attacks and implementation of security measures from an attacker's perspective. The underlying hypothesis of this model is that Criminological theories of Rational Choice, Desire for Control, and Low Self-Control are relevant to cybercrime and thereby aid in the understanding its basic Motivation. The model includes the roles of Consequences, Moral Beliefs such as Shame and Embarrassment together with Formal Sanctions in deterring cybercrime, as well as role of Defense Posture to limit the Opportunity to attack and increase the likelihood that an attacker will be detected and exposed. One of the motivations of the study was the observation that few attempts have been made to understand cybercrime, in the context of typical crime because: (a) an attacker may consider his actions as victimless due to remoteness of the victim; (b) ease to commit cybercrimes due to opportunities afforded by the Internet and its accessibility, and readily available tools and knowledge for an attack; and (c) vagueness of cybercrime laws that makes prosecution difficult. In developing the model, information from studies in classical crime was related to Cybercrime allowing for analysis of past cyber-attacks, and subsequently preventing future IS attacks, or mitigating their effects. The influence model's applicability is demonstrated by applying it to case studies of actual information attacks which were prosecuted through the United States Courts, and whose judges' opinions are used for statements of facts. Additional, demonstration of the use and face validity of the model is through the mapping of the model to major annual surveys' and reports' results of computer crime. The model is useful in qualitatively explaining "best practices" in protecting information assets and in suggesting emphasis on security practices based on similar results in general criminology.