Vaughn Pursues Botnets, Helps Identify Internet CriminalsApril 22, 2008
By Kate Gronewald
Management Information Systems Professor Randal Vaughn's vocation sometimes sounds less like a faculty member and more like a role in a video game or action movie. He has pursued some botnets into oblivion and works to get Internet criminals into orange jumpsuits.
Vaughn works to eradicate eCrime. Such criminal Internet activity includes the SPAM that frequently fills inboxes worldwide, as well as phishing, a scam that involves an Internet perpetrator posing as a legitimate company to defraud an online account holder of financial information.
Vaughn will present "Botnets: A Plague of Neglect - The Crucial Changes Required to Staunch Runaway Botnets' Proliferation" at the second annual Anti-Phishing Working Group (APWG) Counter-eCrime Operations Summit (CeCOS II), May 26 and 27 in Tokyo.
The Summit will host operations experts, researchers, security professionals, and law enforcement officials from Japan, East Asia, America and Europe in a discussion of operational issues and resources for counter-eCrime professionals who protect consumers and enterprises from daily threats.
The fight against eCrime has become a global confrontation.
Participating presenters represent some of the world's pre-eminent counter-eCrime companies, research centers and agencies, including the Council of Anti-Phishing Japan, Korea Internet Security Center, the Palo Alto Research Center, and INTERPOL.
With so many specialty organizations working independently to combat eCrime, conference organizers look to help prioritize and integrate the fight against Internet deception to more efficiently eradicate the growing problem.
"I look forward to seeing different groups, from banks to law enforcement agencies, all work toward a common goal to help solve an international problem," Vaughn said.
Vaughn's presentation regarding eCrime and the Global Communications Infrastructure focuses on botnets, an increasingly popular source of Internet scams he has studied since 2004.
A botnet, or network of bots, is a collection of compromised machines that do the bidding of their robot masters, Vaughn said. They are used for multiple purposes, including credential theft, extortion and attacks on infrastructure. Botnets are also regularly used for sending out SPAM and phishing.
Unfortunately, Internet deception has proved to be a lucrative business for some robot masters.
"These guys are pretty slick," Vaughn said. "They make a lot of money."
Economic losses from Internet fraud have reached an all-time high. According to Internet Crime Complaint Center data released last week, nearly $240 million of individual losses from Internet fraud were reported to the FBI in 2007, a 20 percent increase since 2006.
Many of the profits are swindled from citizens who have the least to lose. Vaughn acknowledged that educated Internet users are less likely to fall prey to scams than say, their grandmothers, or other users unaware of potential online risks.
"It's important to protect people who can't protect themselves," Vaughn said.
Vaughn is a member of the APWG, a coalition of industry, law enforcement and government associates committed to wiping out Internet scams and fraud. The APWG focuses on eliminating the identity theft and fraud caused by the growing problems of phishing, email spoofing, and crimeware. The organization is comprised of over 3,000 members and 1,700 companies and organizations worldwide.
"The global criminal plexus that has emerged on the Internet requires technical and policy coordination across national frontiers and technological domains," said APWG Secretary General Peter Cassidy. "APWG's CeCOS II will survey the technical advances of phishing and eCrime groups and, at the same time, benchmark the kinds of technical, operational and policy responses that have proven useful in countering them from the desktop all the way back to domain Registry."
While Vaughn now works with organizations and professionals across the globe, his initial interest in content filtering was sparked at home eight years ago, when his then 9-year-old daughter began using the Internet.
"I've always had an interest in security, because you have to if you ever do anything in computing," Vaughn said. "You're always worried about people misusing the resources."
Vaughn's primary research areas are in demographics and awareness. He teaches business telecommunications, cyber security technology, and cyber warfare courses in the Hankamer School of Business.