Understanding the Growth of the Underground Economy

Dr. Stefan Savage, University of California, San Diego
February 12, 2008

Abstract

New threats are inevitably driven by changes in opportunity. Nowhere is this more true than on the Internet, where the combination of widespread software homogeneity and unrestricted high-speed connectivity have created "perfect storm" conditions for large-scale outbreaks of network-borne infections. Indeed, over the last decade, the ability to easily compromise large numbers of Internet hosts has emerged as the backbone of a vibrant criminal economy encompassing unsolicited bulk-email (SPAM), denial-of-service extortion, piracy, phishing and identity theft. Using tools such as worms, viruses, and web-based exploits, the technical cadre of this community can leverage a small investment in software into a large-scale virtual commodity - hundreds of thousands of remotely controlled "bot" hosts - that are then used, resold and leased to others. This capability effectively provides a platform upon which higher-level criminal applications are deployed (such as SPAM forwarding, DDoS, piracy, etc.) In this talk I will describe the growth of this ecosystem, its underlying technical drivers and provide preliminary data quantifying the emergence of a vibrant third-party market economy in support of on-line crime.

Bio

Stefan Savage is an associate professor of Computer Science and Engineering at the University of California, San Diego. He received his Ph.D. in Computer Science and Engineering from the University of Washington and a B.S. in Applied History from Carnegie-Mellon University. Savage's research interests lie at the intersection of operating systems, networking and computer security and he currently serves as director of the Cooperative Center for Internet Epidemiology and Defenses (CCIED), a joint effort between UCSD and the International Computer Science Institute.