Booted: An Analysis of a Payment Intervention on a DDoS-for-Hire Service

June 26, 2017

Ryan Brunt, Prakhar Pandey and Damon McCoy.

Distributed Denial of Service (DDoS) attacks have become a growing threat that, to a large extent, have become commoditized by DDoS-for-hire, or “booter”, services. In this case study, we analyze leaked fine-grain “ground truth” data from a larger booter service, VDoS, which earned over $597,000 over two years and launched 915,000 DDoS attacks and 48 attack years (i.e., the amount of DDoS time faced by victims of VDoS). The time period of the data includes data before and after a payment intervention, providing a rare opportunity to understand how it impacted VDoS’s operation

WannaCry Ransomware Attack Illustrates Need for Evolution in Cybersecurity Norms

May 22, 2017


Individuals and institutions affected by the WannaCry ransomware attack face a Hobson’s choice—the malicious software (malware) encrypts a user’s documents while the decryption keys remain in the hands of the cybercriminals. Victims of the attack can either pay the hackers for the release of their files, feeding the profit motive that generates attacks like this in the first instance, or refuse to do so and permanently say goodbye to their computers, say Center for Cybersecurity co-founder Zachary Goldman and Professor Damon McCoy.

Can Big Data Analysis Swing a Political Election? (Video)

May 24, 2017


As nearly everything in our lives transitions from the real to the digital world, the more those things can — and are — being tracked. Every like, tweet, search and swipe ours is a piece of that digital data mosaic that makes up our online life. But with that massive amount of information, companies, advertisers and now political campaigns are gaining a big advantage. … “There are ways that this can be very creepy and very personalized,” said Justin Cappos, a professor at the NYU Tandon School of Engineering (at 3:07).

When a Hack Shuts Down a Hospital, Who’s to Blame?

May 15, 2017


… Justin Cappos, an assistant professor of computer systems and security at New York University [Tandon School of Engineering], suggested one quick fix for future security updates. Rather than telling users to update their systems for a “security patch,” Windows could offer a bleak warning: “Hackers can get into your computer right now, so please update so we can fix that.”

Trump’s Call for a Crackdown on Botnets Is a Long Shot

May 22, 2017


President Trump wants to crack down on botnets, the networks of hacked zombie computers that criminals or adversaries can use to carry out large-scale cyberattacks. Achieving this would surely disrupt the cybercriminal infrastructure, but it will also require that the administration overcome monumental technical and political hurdles. Zachary K. Goldman comments in the MIT Technology Review.

WannaCry Malware Exploited OS Weakness to Spread

May 15, 2017


The recent ransomware cyberattack has claimed an estimated 300,000 computers in 150 countries. Cyber security expert Justin Cappos is a professor at NYU’s Tandon School of Engineering. He described what the WannaCry malware is doing now and how it invades computers through a loophole in Microsoft Corp’s Windows operating system. He said the malware exploits a weakness in the operating system to spread from computer to computer.