Characterising and predicting cyber attacks using the Cyber Attacker Model Profile (CAMP)
- Authors: Watters, Paul , McCombie, Stephen , Layton, Robert , Pieprzyk, Josef
- Date: 2012
- Type: Text , Journal article
- Relation: Journal of Money Laundering Control Vol. 15, no. 4 (2012), p. 430-441
- Full Text: false
- Reviewed:
- Description: Purpose – Ethnographic studies of cyber attacks typically aim to explain a particular profile of attackers in qualitative terms. The purpose of this paper is to formalise some of the approaches to build a Cyber Attacker Model Profile (CAMP) that can be used to characterise and predict cyber attacks. Design/methodology/approach – The paper builds a model using social and economic independent or predictive variables from several eastern European countries and benchmarks indicators of cybercrime within the Australian financial services system. Findings – The paper found a very strong link between perceived corruption and GDP in two distinct groups of countries – corruption in Russia was closely linked to the GDP of Belarus, Moldova and Russia, while corruption in Lithuania was linked to GDP in Estonia, Latvia, Lithuania and Ukraine. At the same time corruption in Russia and Ukraine were also closely linked. These results support previous research that indicates a strong link between been legitimate economy and the black economy in many countries of Eastern Europe and the Baltic states. The results of the regression analysis suggest that a highly skilled workforce which is mobile and working in an environment of high perceived corruption in the target countries is related to increases in cybercrime even within Australia. It is important to note that the data used for the dependent and independent variables were gathered over a seven year time period, which included large economic shocks such as the global financial crisis. Originality/value – This is the first paper to use a modelling approach to directly show the relationship between various social, economic and demographic factors in the Baltic states and Eastern Europe, and the level of card skimming and card not present fraud in Australia. Acknowledgements: Paul A. Watters and Robert Layton are funded by IBM, Westpac, the State Government of Victoria and the Australian Federal Police.
- Description: 2003011112
Cybercrime attribution : An Eastern European case study
- Authors: McCombie, Stephen , Pieprzyk, Josef , Watters, Paul
- Date: 2009
- Type: Text , Conference paper
- Relation: Paper presented at 7th Australian Digital Forensics Conference, Perth, Western Australia 1st-3rd December 2009 p. 41-51
- Full Text: false
- Description: Phishing and related cybercrime is responsible for billions of dollars in losses annually. Gartner reported more than 5 million U.S. consumers lost money to phishing attacks in the 12 months ending in September 2008 (Gartner 2009). This paper asks whether the majority of organised phishing and related cybercrime originates in Eastern Europe rather than elsewhere such as China or the USA. The Russian “Mafiya” in particular has been popularised by the media and entertainment industries to the point where it can be hard to separate fact from fiction but we have endeavoured to look critically at the information available on this area to produce a survey. We take a particular focus on cybercrime from an Australian perspective, as Australia was one of the first places where Phishing attacks against Internet banks were seen. It is suspected these attacks came from Ukrainian spammers. The survey is built from case studies both where individuals from Eastern Europe have been charged with related crimes or unsolved cases where there is some nexus to Eastern Europe. It also uses some earlier work done looking at those early Phishing attacks, archival analysis of Phishing attacks in July 2006 and new work looking at correlation between the Corruption Perception Index, Internet penetration and tertiary education in Russia and the Ukraine. The value of this work is to inform and educate those charged with responding to cybercrime where a large part of the problem originates and try to understand why.
- Description: 2003007921