Presentation is loading. Please wait.

Presentation is loading. Please wait.

Traps, Pitfalls, Swindles, Lies, Doubts and Suspicions: A Counter-Case for the Study of Good Etiquette Jack L. Edwards & Greg Scott A I Management & Development.

Similar presentations


Presentation on theme: "Traps, Pitfalls, Swindles, Lies, Doubts and Suspicions: A Counter-Case for the Study of Good Etiquette Jack L. Edwards & Greg Scott A I Management & Development."— Presentation transcript:

1 Traps, Pitfalls, Swindles, Lies, Doubts and Suspicions: A Counter-Case for the Study of Good Etiquette Jack L. Edwards & Greg Scott A I Management & Development Corp. Sharon McFadden & Keith C. Hendy Defence Research & Development Toronto

2 Presentation Overview Foundational Rule of Etiquette The Internet: Ubiquitous and Evolving Active Study of Use & Abuse of Good Etiquette Veracity Agent Network (VAN) –An Agent Protection Network Current Level of Development

3 Etiquette A Nice Image Context: Human & System Etiquette Benevolence Assumption

4 Some General Rules of Etiquette Be helpfulBe respectful Be relevantBe prompt Be briefBe protective (of privacy) Be pleasantBe adaptable

5 Foundational Rule Foundational Rule of Etiquette –Assumption of Honesty (“Be honest”) Benevolence Assumption High Correlation With Some Overlap in Meaning

6 The Internet: Ubiquitous and Evolving Work & Leisure Time Extends Beyond Local Processing Increasing Involvement of Technology in Person-To- Person Exchanges –E.g., ; chat-rooms; video conferencing Modern Agents Increasingly Software and Internet-Based Traps, Pitfalls, Swindles Generalize Easily to the Internet

7 Violations of the Foundational Rule: Traps, Pitfalls, Swindles, Lies... Nigerian Fee Scam On-line Credit Card Fraud in 2001 –(5% of online consumers)* Merchant’s lost $700M in 2001* Lies & Hoaxes (Bush’s IQ) * Gartner Group

8 Thorough Understanding of Etiquette Is Not Possible Without An Active Study of the Abuse of Good Etiquette Focusing Only on Good Etiquette Prejudices Us Toward Assumptions of Benevolence Actively Assume Mantle of Hacker, Vandal, Scam Artist, Thief or Terrorist –Explore how to enlist rules of etiquette in deception & fraud Active Contemplation Will Engage the Mind in a Creative Pursuit of a Deeper Understanding of Etiquette –Norman & Rumelhart Example

9 Applying Etiquette Rules in the Service of Scams & Frauds Be helpfulBe respectful Be relevantBe prompt Be briefProtect privacy Be pleasantProvide options Give the Appearance of Honesty –Falsely Establish Credibility Some Examples of Grfter Etiquette

10 Fraud, Vandalism, Theft & Terrorism on the Internet Ubiquitous Computing Is Giving Rise to Ubiquitous “Underworld” Activity Generalization of Classic Con Games is Underway –Ponzi schemes–Identity Theft –Affinity Fraud–Insider Trading –Badger Game–Twice-fleeced Fraud –Embezzlement–Weights and Measures Frauds Segmentation & Other Refinement Techniques –Mark (or Victim) Categories

11 Generalizing Grifter and Other Criminal Agents Current & Future Software Agents –Roper Agents–Manager Agent –Inside Man Agent–Forger Agent –Shill Agents–Vandal Agents Humans, Corporations & Other Organizations –The Target, Victim or Mark

12 Generalizing “Big Con” Grifters to Software Roper Agents - Automated Solicitations (e.g., Nigerian Fee Scam) Inside Man - Remotely Controlled & Coordinated Attack Agents Manager - External Automated Attack Agents on Distributed Machines Shills - Support Agents in a Society of Grifter Agents

13 Malicious Software Agents (Zeltser, 2000) Rapidly Spreading Agents –Viruses and Worms - Explicitly Copy Themselves –e.g. Melissa Virus and Morris Worm Spying (Espionage) Agents –Transmits Sensitive Information –e.g. Caligula, Marker and Groov Viruses Remotely Controlled Agents –Complete Control of Victim’s Machine –Client/Server Architecture Server Communicates with Attacker through Outbound HTTP & FTP Channels Client directs Agent through Inbound and Web Browsing Channels Programming API Permits Controlling Traffic to be Encrypted with Plug-Ins Plug-Ins Permit Newly Propagated Versions to Register with Home-Base –e.g. Back Orifice and NetBus

14 Malicious Software Agents (Zeltser, 2000) (continued…) Coordinated Attack Agents –Complete Control of Victim’s Machine –Client/Server Architecture Multiple Clients Operate from Compromised Machines Difficult to Trace –e.g. Trinoo and TFN Advanced Malicious Agents –Builds on Strengths of Previously Described Agents –Alleviates Their Weaknesses –e.g. RingZero Trojan

15 Veracity Agent Network (VAN) - A Society of Protection Agents - Monitoring Agents - Incoming/Outgoing Traffic & Unusual Local Activity Filtering Agents - Filters (Blocks) Unwanted Activity Masking Agents - Masks Identify (Hides or Falsifies) Tracking Agents - Track & Identify Unknown Sources Information Agents - Explains Activities to Users Proactive Agents - Build User Profiles of Attackers; Report Violations; Alter Code of Intrusive Agents; Search & Destroy

16 VAN Functionality: Ensuring Good “Underworld” Etiquette? Monitoring, Intercepting & Controlling Cookie Traffic Monitoring Automatic Version Checkers Sending Personal Info to Company Sites –(e.g. usage statistics correlated with software Serial No.) Blocking Unwanted Transmission of Personal Info –(e.g. credit card numbers, address) Stripping Browser Type, Platform & OS Info Sent With Every Request for Web Page Blocking Banner Ads; Automatic Closing of Pop-Up Ads

17 Current Level of Development: Monitoring Agents Internet Traffic Can Be Intercepted Either: –leaving an application & passing to the OS –leaving the OS & passing to network Both Require Low-Level Drivers to Intercept Data

18 Current Level of Development: Monitoring Agents (continued…) Look Up IP Addresses Automatically Using “whois” Determine Usage Stats Being Collected, by RealPlayer Port Number Look-Up (65K+ Ports): Identify Type of Traffic Using Ports & Build a DataBase Identify Information Sent Out Without Asking User –cookies –software update requests –AOL messenger activity –usage stats

19 Current Level of Development: Monitoring Agents (continued…) Outside Attempts to Access System Personal Info Being Sent Out –e.g. credit card numbers; addresses; passwords System Info Sent Out While Web Browsing –e.g. browser type, operating system, type of computer Monitor to... –identify common Internet hoaxes & scams –compile statistics on incoming messages for future use

20 Support Technology NetTraffic & WinpCap - Monitors Low-Level Event Traffic on PC Current Open Source Code from Politecnico di Torino –http://winpcap.polito.it/ Original UNIX Pcap Developed at Berkeley Higher-Level Functionality is Needed to Interpret & Use That Information

21 User Requirements Protection Only - Don’t Bother Me With Details Track Activities (At Least in the Beginning) See Explanations of Activity; ID Sources; Report Intrusions & Misuse of Information Be Proactive Realtive to Intruders

22 “User” Models For Actual User (Encrypted) For Several Masked Versions of Own User For “Friends” of Own User For Tracked (Potentially Malicious) Sources

23 Possibility of Agent Wars Disseminate Info Other Agents Created To Block Misrepresent Themselves For Nefarious Purposes Hack Other Agents to Prevent Them from Achieving Competing Goals

24 The Future of “Underworld” Internet Computing “Underworld” of the Internet - The “Wild West” Few Rules and Little Explicit “Consideration of Others,” as We Defined as the Source of Good Etiquette Helplessness of Average User to Protect Themselves From This “Underworld” Activity Will Help Drive Etiquette Our Goal: Agents to Help Ensure You Are “Taken Into Consideration,” in this New World of Ubiquitous Internet Computing


Download ppt "Traps, Pitfalls, Swindles, Lies, Doubts and Suspicions: A Counter-Case for the Study of Good Etiquette Jack L. Edwards & Greg Scott A I Management & Development."

Similar presentations


Ads by Google