Quick links

CITP Talk: Understanding Politically Motivated Adversaries: Targeted Threats and Censorship Product Fingerprinting

Date and Time
Tuesday, October 6, 2015 - 12:30pm to 1:30pm
Location
Sherrerd Hall 306
Type
CITP

Food and discussion begin at 12:30 pm. Open to current Princeton faculty, staff, and students. Open to members of the public by invitation only. Please contact Laura Cummings-Abdo at if you are interested in attending a particular lunch.

Politically motivated adversaries change the way one thinks of attacks on the Internet. Unlike conventional online adversaries, who are motivated by economic gain, politically motivated adversaries are motivated to gain and control access to information and are willing to expend time and money to achieve their goals. In this talk, Gill will discuss research that characterizes the level of sophistication of targeted malware attacks and techniques to fingerprint specific instances of filtering technology used to violate human rights.

Gill will discuss her team’s study of targeted malware attacks faced by civil society organizations which characterizes malicious e-mails received by 10 civil society organizations over a period of 4 years. Gill and her team found that the technical sophistication of malware observed is fairly low, with more effort placed on socially engineering the e-mail content. Based on this observation, they developed the Targeted Threat Index (TTI), a metric which incorporates both social engineering and technical sophistication when assessing the risk of malware threats. They demonstrate that this metric is more effective than simple technical sophistication for identifying malware threats with the highest potential to successfully compromise victims.

Gill’s talk will also present methods they have developed to identify and confirm the use of specific filtering technologies around the world. The first method leverages a combination of network scanning and in-country network measurements. Using this method they are able to confirm the use of two different filtering products in four different countries. The second method uses the fact that filtering products use common templates when generating block pages to enable a retrospective look at product usage. They applied this technique on five years of data from the OpenNet Initiative and are able to identify installations of products that were missed in prior (manual) analysis of the data.

Phillipa Gill is an assistant professor in the Computer Science Department at Stony Brook University. She received her Ph.D. in Computer Science from the University of Toronto in 2012, and her B.Sc. and M.Sc. degrees in Computer Science from the University of Calgary in 2006 and 2008, respectively. Her work focuses on many aspects of computer networking and security with a focus on designing novel network measurement techniques to understand online information controls, network interference, and interdomain routing. She currently leads the ICLab project which is working to develop a network measurement platform specifically for online information controls. She has received the NSF CAREER award, Google Faculty Research Award and best paper awards at the ACM Internet Measurement Conference (characterizing online aggregators), and Passive and Active Measurement Conference (characterizing interconnectivity of large content providers).

Follow us: Facebook Twitter Linkedin