AllThingsD » cyber criminals

"Evercookies" and "Fingerprinting": Are Anti-Fraud Tools Good for Ads?

Jennifer Valentino-DeVries — Wed, 01 Dec 2010 20:23:34 +0000

Techniques like “evercookies” and “device fingerprinting” are new and controversial in the online ad industry, but they’re widely used by firms that seek to catch cyber criminals.

Criminals, who have a powerful incentive to remain anonymous, learned long ago to thwart cookies–small text files associated with their Web browser. So anti-fraud companies began searching for more persistent identifiers.

Some firms hide other small files in several places on a person’s machine. The technology is known as a “supercookie” or “evercookie,” a term popularized by programmer Samy Kamkar this fall when he created a program that stores more than 10 such identifiers.

One anti-fraud company, California-based ThreatMetrix Inc., touts its “evercookie” approach in detecting criminals. The company does not disclose every place that it stores identifiers but says it uses browser cookies, files associated with Adobe Systems Inc.’s Flash player and local storage in HTML5, the newest version of the language used to code Web pages, said ThreatMetrix CEO Reed Taussig.

Read the rest of this post on the original site

Fraudsters Like Virtual Goods

Ben Worthen — Wed, 21 Jul 2010 12:00:03 +0000

Sales of digital goods such as virtual objects and currency used in online games are taking off with consumers. Unfortunately for their vendors, they are increasingly popular with cyber criminals, too.

Merchants that sell digital goods lost 1.9 percent of all revenue to fraud in 2009, compared with a 1.1 percent fraud rate for companies that sell physical goods online, according to CyberSource Corp., which processes credit cards for online merchants.

Such percentages seem small, but can translate into sizeable sums of money as social networks like Facebook Inc. expand the market for virtual goods, which have long been associated with games like Second Life and World of Warcraft, where players buy items like virtual gold and clothes for avatars.

Read the rest of this post on the original site

Conficker: Don't Believe the Hype

Ben Worthen — Thu, 26 Mar 2009 11:59:17 +0000

You may have heard about Conficker, the rogue computer program that might do something dreadful on April 1. The truth is that the threat posed by Conficker is almost entirely theoretical, and that only a handful of dedicated professionals will notice anything out of the ordinary when that date comes around.

Conficker is the latest example of a type of malware called a botnet, which gives a cyber criminal control over an infected computer. The criminal can steal information stored on the computer or make it do things like send spam emails. In some cases, criminals amass millions of computers to command.

Researchers estimate that a couple million computers could be infected with Conficker, which makes it a large botnet, but not the largest. What sets Conficker apart is that it’s more sophisticated than any previous piece of malware. It uses a new form of cryptography, can be controlled by criminals in multiple ways, and updates itself. This scares security researchers. So does the fact that the bad guys haven’t done anything with the computers they control yet, which means they could do, well, anything.

Read the rest of this post