Every Second Counts: Quantifying the Negative Externalities of Cybercrime via Typosquatting

Mohammad Taha Khan (University of Illinois at Chicago), Xiang Huo (University of Illinois at Chicago), Zhou Li (RSA Laboratories), Chris Kanich (University of Illinois at Chicago) Mohammad Taha Khan (University of Illinois at Chicago), Xiang Huo (University of Illinois at Chicago), Zhou Li (RSA Laboratories), Chris Kanich (University of Illinois at Chicago)

Each day, millions of people are harmed in one way or another by cybercrime. While we have a good understanding of the number of systems compromised or even the profits of the attackers, the harm experienced by humans is less well understood, and reducing this harm should be the ultimate goal of any security intervention. To efficiently allocate effort for the purpose of reducing harm, we must understand how this harm is perpetrated, which perpetrators are causing it, and how much harm is being experienced due to which attacks. This paper presents a strategy for quantifying the harm caused by the cybercrime of typosquatting via a new technique we developed called intent inference. Intent inference allows us to achieve three goals: define a new metric for quantifying harm to users, develop a new methodology for identifying typosquatting domain names, and quantify the harm caused by various typosquatting perpetrators. Through synthesizing complementary datasets, we find that on average, typosquatting costs the typical user 1.3 seconds per typosquatting event over the alternative of receiving a browser error page, and legitimate sites lose approximately 3% of their mistyped traffic over the alternative of an unregistered typo. While these metrics quantify harm for typosquatting overall, there is much variation between perpetrators: while on average perpetrators increase the time it takes to find the intended site, many typosquatters actually improve the latency for users finding their intended site. Overall, we find that we are able to precisely quantify the amount of harm experienced by the primary stakeholders, and that some perpetrators of typosquatting are actually strictly utility increasing for themselves, the targeted site's owner, and the users, calling into question the necessity of harsh penalties or legal intervention against this flavor of cybercrime.

SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies

Joseph Bonneau (Princeton University), Andrew Miller (University of Maryland), Jeremy Clark (Concordia University), Arvind Narayanan (Princeton University), Joshua A. Kroll (Princeton University), Edward W. Felten (Princeton University) Joseph Bonneau (Princeton University), Andrew Miller (University of Maryland), Jeremy Clark (Concordia University), Arvind Narayanan (Princeton University), Joshua A. Kroll (Princeton University), Edward W. Felten (Princeton University)

Bitcoin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bitcoin grew to comprise billions of dollars of economic value, even while the body of published research and security analysis justifying the system's design was negligible. In the ensuing years, a growing literature has identified hidden-but-important properties of the system, discovered attacks, proposed promising alternatives, and singled out difficult future challenges. This interest has been complemented by a large and vibrant community of open-source developers who steward the system, while proposing and deploying numerous modifications and extensions. We provide the first systematic exposition of the second generation of cryptocurrencies, including Bitcoin and the many alternatives that have been implemented as alternate protocols or ``altcoins.'' Drawing from a scattered body of knowledge, we put forward three key components of Bitcoin's design that can be decoupled, enabling a more insightful analysis of Bitcoin's properties and its proposed modifications and extensions. We contextualize the literature into five central properties capturing blockchain stability. We map the design space for numerous proposed modification, providing comparative analyses for alternative consensus mechanisms, currency allocation mechanisms, computational puzzles, and key management tools. We focus on anonymity issues in Bitcoin and provide an evaluation framework for analyzing a variety of proposals for enhancing unlinkability. Finally we provide new insights on a what we term disintermediation protocols, which absolve the need for trusted intermediaries in an interesting set of applications. We identify three general disintermediation strategies and provide a detailed comparative cost analysis.

The Miner's Dilemma

Ittay Eyal (Cornell University) Ittay Eyal (Cornell University)

An open distributed system can be secured by requiring participants to present proof of work and rewarding them for participation. The Bitcoin digital currency introduced this mechanism, which is adopted by almost all contemporary digital currencies and related services. A natural process leads participants of such systems to form pools, where members aggregate their power and share the rewards. Experience with Bitcoin shows that the largest pools are often open, allowing anyone to join. It has long been known that a member can sabotage an open pool by seemingly joining it but never sharing its proofs of work. The pool shares its revenue with the attacker, and so each of its participants earns less. We define and analyze a game where pools use some of their participants to infiltrate other pools and perform such an attack. With any number of pools, no-pool-attacks is not a Nash equilibrium. With two pools, or any number of identical pools, there exists an equilibrium that constitutes a tragedy of the commons where the pools attack one another and all earn less than they would have if none had attacked. For two pools, the decision whether or not to attack is the miner's dilemma, an instance of the iterative prisoner's dilemma. The game is played daily by the active Bitcoin pools, which apparently choose not to attack. If this balance breaks, the revenue of open pools might diminish, making them unattractive to participants.

Bitcoin over Tor isn't a good idea

Alex Biryukov (University of Luxembourg), Ivan Pustogarov (University of Luxembourg) Alex Biryukov (University of Luxembourg), Ivan Pustogarov (University of Luxembourg)

Bitcoin is a decentralized P2P digital currency in which coins are generated by a distributed set of miners and transaction are broadcasted via a peer-to-peer network. While Bitcoin provides some level of anonymity (or rather pseudonymity) by encouraging the users to have any number of random-looking Bitcoin addresses, recent research shows that this level of anonymity is rather low. This encourages users to connect to the Bitcoin network through anonymizers like Tor and motivates development of default Tor functionality for popular mobile SPV clients. In this paper we show that combining Tor and Bitcoin creates an attack vector for the deterministic and stealthy man-in-the-middle attacks. A low-resource attacker can gain full control of information flows between all users who chose to use Bitcoin over Tor. In particular the attacker can link together user's transactions regardless of pseudonyms used, control which Bitcoin blocks and transactions are relayed to the user and can delay or discard user's transactions and blocks. In collusion with a powerful miner double-spending attacks become possible and a totally virtual Bitcoin reality can be created for such set of users. Moreover, we show how an attacker can fingerprint users and then recognize them and learn their IP address when they decide to connect to the Bitcoin network directly.

Ad Injection at Scale: Assessing Deceptive Advertisement Modifications

Kurt Thomas (Google), Elie Bursztein (Google), Chris Grier (International Computer Science Institute, Databricks), Grant Ho (UC Berkeley), Nav Jagpal (Google), Alexandros Kapravelos (UC Santa Barbara, Google), Damon McCoy (International Computer Science Institute, George Mason University), Antonio Nappa (International Computer Science Institute, IMDEA), Vern Paxson (International Computer Science Institute, UC Berkeley), Paul Pearce (UC Berkeley), Niels Provos (Google), Moheeb Abu Rajab (Google) Kurt Thomas (Google), Elie Bursztein (Google), Chris Grier (International Computer Science Institute, Databricks), Grant Ho (UC Berkeley), Nav Jagpal (Google), Alexandros Kapravelos (UC Santa Barbara, Google), Damon McCoy (International Computer Science Institute, George Mason University), Antonio Nappa (International Computer Science Institute, IMDEA), Vern Paxson (International Computer Science Institute, UC Berkeley), Paul Pearce (UC Berkeley), Niels Provos (Google), Moheeb Abu Rajab (Google)