Dr. Howard Schmidt, a former White House cybersecurity coordinator, executive director of SAFECode and a CyLab Distinguished Fellow, passed away on March 2, 2017 in his home in Muskego, Wisconsin. Dr. Schmidt served as a CyLab Distinguished Fellow for over a decade. After being appointed to the White House as a cybersecurity advisor by George W. Bush, Dr. Schmidt was later named Chief of Cybersecurity by President Barack Obama. Serving over 31 years in public service, Dr. Schmidt was well respected for his work at the intersection of computer security and national security.
Distinguished Seminar: Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
|Date:||March 27, 2017|
|Speaker:||Nick Nikiforakis, Assistant Professor, Stony Brook University|
|Time & Location:||12:00 PM - 1:00 PM
DEC, CIC Building, Pittsburgh
|Abstract:||In technical support scams, cybercriminals attempt to convince users that their machines are infected with malware and are in need of their technical support. In this process, the victims are asked to provide scammers with remote access to their machines, who will then "diagnose the problem", before offering their support services which typically cost hundreds of dollars. Despite their conceptual simplicity, technical support scams are responsible for yearly losses of tens of millions of dollars from everyday users of the web. In this talk, we report on the first systematic study of technical support scams and the call centers hidden behind them. We identify malvertising as a major culprit for exposing users to technical support scams and use it to build an automated system capable of discovering, on a weekly basis, hundreds of phone numbers and domains operated by scammers. By allowing our system to run for more than 8 months we collect a large corpus of technical support scams and use it to provide insights on their prevalence, the abused infrastructure, the illicit profits, and the current evasion attempts of scammers. Finally, by setting up a controlled, IRB-approved, experiment where we interact with 60 different scammers, we experience first-hand their social engineering tactics, while collecting detailed statistics of the entire process. We explain how our findings can be used by law-enforcing agencies and propose technical and educational countermeasures for helping users avoid being victimized by technical support scams.|