Online Games, Political Campaigns Provide Opportunities for Electronic Criminals

Byron SpiceMonday, September 10, 2007

New computer security threats posed by online multiplayer games and the potential for political dirty tricks on the Web are among the topics that electronic crime researchers will discuss at the second annual Anti-Phishing Working Group (APWG) eCrime Researchers Summit, Oct. 4-5 at the Holiday Inn Select University Center in Oakland.

The summit, sponsored by the APWG and hosted by Carnegie Mellon University's CyLab, will bring to Pittsburgh some of the world's leading industrial and academic practitioners in the field of electronic crime research.

In a keynote address, Gary McGraw, chief technology officer of Cigital Inc., a software security and quality consulting firm in Washington, D.C., will describe controversial security issues surrounding massive multiplayer online role-playing games (MMORPGs), such as World of Warcraft and Everquest. He argues that these games are a harbinger of future security problems, both because they closely monitor each player (and each player's computer) and because security problems could disrupt the multibillion-dollar online game industry.

The summit will also feature a panel on political "phishing." Conventional phishing attacks usually involve email that appears to come from a financial institution, but actually directs people to a counterfeit Web site where fraudsters steal their personal or financial data. The same tactic is ripe for exploitation by political saboteurs.

Rachna Dhamija, a post-doctoral fellow at the Harvard Center for Research on Computation and Society; Christopher Soghoian, a cybersecurity doctoral student at Indiana University; and Celeste Taylor, state coordinator of People for the American Way, are among the panelists who will discuss how phishing could be used in the 2008 national election. They will also analyze how defenses against phishing developed by financial institutions might be used in the political sphere.

The program will also include research paper and poster presentations and a panel discussion on whether user education is effective in reducing phishing attacks and other security breaches - a point of controversy among e-crime experts. Carnegie Mellon researchers will present papers examining how people respond to phishing emails and the effectiveness of anti-phishing education.

"These presentations are not just computer-science lab rat esoterica," said Peter Cassidy, the secretary general of the APWG who conceived of the eCrime Researchers Summit. "This stuff is applied research at its best from the savviest investigators in e-crime research from academe and industry."p Lorrie Cranor, associate research professor of computer science at Carnegie Mellon, is general chair for the conference, and Markus Jakobsson, associate professor of informatics at Indiana University, is program chair. For more information, visit www.ecrimeresearch.org/2007/program.html.

Press representatives interested in registering and attending the eCRS can send their inquiries to pressrequest@antiphishing.org.

About the APWG: The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,700 companies and government agencies participating in the APWG and more than 2,900 members. The APWG's Web site (www.antiphishing.org) offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. APWG's corporate sponsors include: 41st Parameter, 8e6 Technologies, AT&T (T), Able NV, ActivCard (ACTI), Adobe (ADBE), Afilias Inc., AhnLab, Aladdin Knowledge Systems (ALDN), Anakam, Anonymizer, BBN Technologies, BlueStreak, Brandimensions, Bsecure Technologies, Cisco (CSCO), Clear Search, Cloudmark, Comodo, Corillian (CORI), Cydelity, Cyveillance, DigitalEnvoy, DigitalResolve, Earthlink (ELNK), eBay/PayPal (EBAY), Entrust (ENTU), Experian, eEye Digital Security, F-Secure, Grisoft, GeoTrust, GlobalSign, GoDaddy, ING Bank, Iconix, InternetIndentity, Internet Security Systems, IOvation, IS3, Kaspersky Labs, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), Mirapoint, MX Logic, NameProtect, National Australia Bank (ASX: NAB) Netcraft, NetStar, PassMark, Panda Software, Phoenix Technologies Inc. (PTEC), Quova, RSA Security (RSAS), SAIC, SecureBrain, Secure Computing (SCUR), Sigaba, SOPHOS, SquareTrade, SurfControl, Symantec (SYMC), Trek Blue, Trend Micro (TMIC), Tricerion, TriCipher, Tumbleweed Communications (TMWD), SurfControl (SRF.L), Vasco (VDSI), VeriSign (VRSN), Visa, Websense Inc. (WBSN), WholeSecurity, Yahoo! (YHOO) and ZixCorp.

About Carnegie Mellon: Carnegie Mellon is a private research university with a distinctive mix of programs in engineering, computer science, robotics, business, public policy, fine arts and the humanities. More than 10,000 undergraduate and graduate students receive an education characterized by its focus on creating and implementing solutions for real problems, interdisciplinary collaboration, and innovation. A small student-to-faculty ratio provides an opportunity for close interaction between students and professors. While technology is pervasive on its 144-acre Pittsburgh campus, Carnegie Mellon is also distinctive among leading research universities for the world-renowned programs in its College of Fine Arts. A global university, Carnegie Mellon has campuses in Silicon Valley, Calif., and Qatar, and programs in Asia, Australia and Europe. For more, see www.cmu.edu.

For More Information

Byron Spice | 412-268-9068 | bspice@cs.cmu.edu