Title: Exposing and Mitigating Cross-Channel Abuse that Exploits the Converged Communications Infrastructure

Bharat Srinivasan

Ph.D. Student

School of Computer Science

College of Computing

Georgia Institute of Technology

Date: Wednesday, Aug 2, 2017

Time: 4:00pm-5:00pm

Location: Klaus 3126, Georgia Tech

Committee:

---------------

Prof. Mustaque Ahamad (Advisor), School of Computer Science, Georgia Institute of Technology

Prof. Manos Antonakakis, School of Electrical and Computer Engineering, Georgia Institute of Technology

Prof. Wenke Lee, School of Computer Science, Georgia Institute of Technology

Prof. Mostafa Ammar, School of Computer Science, Georgia Institute of Technology

Prof. Nick Nikiforakis, Department of Computer Science, Stony Brook University

Abstract:

---------------

Recently we have witnessed rapid consolidation of traditional and emerging communications infrastructures, leading to the convergence of telephony and the Internet. While this convergence has been beneficial in many ways, it has also expanded the arsenal of malicious actors by increasing possible attack vectors. Specifically, it offers malicious actors the ability to craft cross-channel attacks that combine both telephony and Internet resources to evade existing defenses, abuse the underlying infrastructure and victimize the end-user in ways that have not been adequately explored in the past. In fact, instances of such abuse have attracted the attention of federal law enforcement and consumer protection agencies such as the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC). In response to strong consumer demand for action against cross-channel abuse, these agencies have pressed for robust solutions in dealing with such abuse.

In this thesis, we first introduce the notion of cross-channel abuse and place it in the context of traditional notions of Internet and telephony abuse. Then, as a first case in point, we present a data-driven longitudinal study of the support infrastructure aiding cross-channel text-messaging abuse which reveals insights into the domain and IP infrastructure used in text-messaging scams, spam and phishing attacks. As a second case in point, we extend the data-driven approach to study, in depth, the infamous technical support scams (TSS) originating from online search-and-ads, that have plagued consumers and industry brands for over a decade. The lens of a cross-channel view of TSS helps reveal previously underexposed tactics and infrastructure used in these scams. Lastly, based on the learnings from these two large cases, we explore novel mechanisms to counter cross-channel abuse with cross-channel intelligence sharing that augments and enhances existing abuse prevention and defense mechanisms on both telephony and Internet channels. Through these contributions, we seek to provide a framework that increases the security and trust of everyday transactions taking place in the converged communications landscape.