USENIX 2013 - Day 1

Perhaps unsurprisingly, there were fewer papers today that I was particularly interested–given that FOCI is directly related to my area of research. Still, computer security is a very useful field and one that I’m keen to learn more about. I only went to two of the sessions today (it’s always unfortunate when they run two interesting sessions at the same time) and here are some of the talks I found particularly interesting:

Greystar: Fast and Accurate Detection of SMS Spam Numbers in Large Cellular Networks Using Gray Phone Space

Nan Jiang, University of Minnesota; Yu Jin and Ann Skudlark, AT&T Labs; Zhi-Li Zhang, University of Minnesota

The first talk of the day was essentially about SMS / text message spam. They seemed to have some pretty nice data about how spammers actually send out such messages; showing that something like 4.5 billion spam texts were sent in 2012, up 45% from the year before. They showed that since phone numbers are so regular, spammers can essentially just text an entire block. This is contrary to email where you have to have a list of email addresses to really get anywhere. With that though, you can do a fair amount to automatically detect such spammers on the network even without complete control just by watching numbers that don’t normally get text messages. It’s a neat concept and a field that will certainly keep growing in the coming years.

Practical Comprehensive Bounds on Surreptitious Communication over DNS

Vern Paxson, University of California, Berkeley, and International Computer Science Institute; Mihai Christodorescu, Qualcomm Research; Mobin Javed,*University of California, Berkeley; *Josyula Rao, Reiner Sailer, Douglas Lee Schales, and Marc Ph. Stoecklin,IBM Research; Kurt Thomas, *University of California, Berkeley; *Wietse Venema, IBM Research; Nicholas Weaver, International Computer Science Institute and University of California, San Diego

That’s one heck of an author list. 😄 It makes sense though, it was a rather in depth paper with some impressive data. Basically, they took the idea of communicating over DNS (basically, running your own DNS server and abusing the DNS protocol) and went with the most covert methods they could think of. One in particular was sending requests of different types in order to encode messages. From that, they analyzed some 230 billion DNS records, looking for statistically significant patterns… and they found them. They found 59 channels in those queries that so far as I understand weren’t previously known. Crazy stuff that; but it really makes me want to try to implement one of these systems on my home computer…

Let Me Answer That for You: Exploiting Broadcast Information in Cellular Networks

Nico Golde, Kévin Redon, and Jean-Pierre Seifert,Technische Universität Berlin and Deutsche Telekom Innovation Laboratories

This paper was kind of terrifying. Essentially, they talked about known vulnerabilities with the older GSM network that almost all cell phones still run on if they have to fall back to it. Essentially, they found that with a cheap phone (on the order of $20) and custom firmware, they could:

  • Impersonate and intercept calls for any particular user on a network without them even noticing
  • Intercept many users within the same area (something like 1/10 per phone)
  • DoS an entire geographical area (which could be on the order of many smaller cities)

The scariest part about all of this? There’s pretty much nothing that can / will be done to stop it. The GSM protocol is old and basically set in stone based on how much it would cost to replace. So hopefully at least no one actually malicious actually uses this idea…

Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse

Kurt Thomas, University of California, Berkeley, and Twitter; Damon McCoy, *George Mason University;*Chris Grier, University of California, Berkeley, and International Computer Science Institute; Alek Kolcz,*Twitter; *Vern Paxson, University of California, Berkeley, and International Computer Science Institute

I actually cited a previous, similar version of this paper in my Twitter paper where they essentially proved that people are selling massive quantities of Twitter accounts. In this case, they went through a number of vendors and purchased accounts, finding that just these few dozen vendors accounted for something like 20% of the all the spam accounts on Twitter. They also found that just about anyone can order said accounts with an average price of only $0.04 each and taking only a day to arrive. Unfortunately (or perhaps not), many of the services will resell accounts or otherwise work against their customers, but it’s still interesting. What’s good though is that they worked with Twitter to shut down virtually all of the accounts of this type. The best part about that was perhaps the messages they say on the spam-as-a-service forums after that: “Temporarily not selling Twitter accounts”. Oops. 😄

The Velocity of Censorship: High-Fidelity Detection of Microblog Post Deletions

Tao Zhu, Independent Researcher; David Phipps,Bowdoin College; Adam Pridgen, *Rice University;*Jedidiah R. Crandall, *University of New Mexico; *Dan S. Wallach, Rice University

This paper was similar to some I’ve already read before, essentially talking about how China censors its own internal microblogging networks (since Twitter is blocked entirely(more or less)). What they found was that new posts of a sensitive nature will be blocked within 1-2 minutes and that it’s not terribly difficult to get yourself on a watchlist where your posts will be deleted. It’s even more interesting to see how Chinese users get around such problems, essentially using their equivalent of homonyms. Rather than words that sound similar, they use characters that look *almost *the same. It’s easy for a human reader to ‘fix’ the mistake, but much harder for a computer to automatically detect it.

Well, that’s all for today. It’s only the first day of three, but I’m already tired. It’s amazing how intense sitting in a room and watching / listening to people talk for a day can be…