using “account-free” email services to combat phishing, brand infringement, and other online...
Post on 19-Dec-2015
219 views
TRANSCRIPT
Using “Account-free” Email Services to Combat Phishing,
Brand Infringement, and Other Online Threats
Qi-fense LLC © 2009
Sebastian Holstsebastian@qi-
fense.com+1 440 484 2243
This presentation highlights the specific tactical and regulatory advantages that can be gained by
tapping information and activity managed by “account-free” email service providers.
The removal of constraints imposed by privacy regulations simplifies existing anti-spam and anti-
phishing techniques and enables entirely new strategies as well.
Classic Email
• User creates account with authentication• User creates one or mail mailboxes
Mailbox creation
Account-free email
Account-free Email
• Creates mailbox for incoming email• Mailbox is “owned” by service – there are no accounts
Mailbox creation
Qi-fense LLC © 2009
Use cases
End-user◦ Newsletter subscriptions◦ Online account credential requests◦ Transaction confirmations
Enterprise ◦ Quality Assurance for testing applications that send
email◦ A forwarding destination from other domains◦ Enterprise disposable email
Spam diversion Reduced record-retention
Spam examples
6-Sep 7-Sep 8-Sep 9-Sep 10-Sep 11-Sep 12-Sep
Obama 1479 1513 1604 2970 2250 1714 2663
McCain 996 829 2113 2659 1590 1701 1856
Palin 1367 873 1880 2218 1547 932 1904
Biden 338 132 234 347 179 177 336
250
750
1250
1750
2250
2750
3250
PRESIDENTIAL SPAM-CAIGN 2008S
PA
M P
ER
DA
Y
ObamaMc-
Cain Palin
Biden
Plausible deniability
Obama McCain Palin Biden
-80.00%
-60.00%
-40.00%
-20.00%
0.00%
20.00%
40.00%
60.00%
80.00%
100.00%
120.00%
Decline on Sept 11
Increase on Sept 12
VishingPhishingBrand monitoringGrey marketMule trafficIllicit trafficMalware
Account-free email
Account-free Email Service
Classic email
servers
Domains
Send email
Forward email
Manual
reading
Early
Pa
rsing &
C
aptu
re
Extended retention and
indexing
Redire
ction
& R
eportin
g
Usage Profiling
Qi-fense LLC © 2009
Both Unsolicited & Solicited content
Access to all server functions (receipt, read, delete)
Unrestricted access and distribution rights
Account-free Email
Account-free email
Qi-fense LLC © 2009
Account-free email applications
Anti-phishingAnti-spamMalware captureBrand monitoringProsecutorial toolEducational contentEnterprise anti-spam control
Sample Implementation
Q
Q
Q
Mature Account-
free Email Services
Real-time
Alerts
Real-time
Alerts
Real-time
Alerts
Client Admin
Reporting
Repository
Online Discovery
Qi-fense Portal
Filter AdministrationActivity query
requestStatistics
aggregation
Filter logicData collection
Message aggregation
Alert distribution
Activity Reports
SamplesAlerts
ReportsSearch Sliver
Extract reference URLs
Same URL attacking
multiple banks
Time stampTrue IP address
Header information
True reference URL
Time, IP, subject, from, reference URL…
Observations A novel source
◦ No precedents inside law enforcement, federal agencies, financial institutions, technology suppliers
◦ Difficult to develop “artificial” sources
Organizational mismatch◦ Take-down, anti-spam, prosecution, education, malware forensics, etc. are
rarely in the same organization
Fresh◦ Heavy use ensures that these email addresses will continue to proliferate
◦ Intelligence and applications are still being identified – more work be done!
Vulnerable to exclusion◦ Although domains and IP addresses can shift almost as quickly as with the
bad guys
◦ Enterprise sub-domains would permanently eliminate this risk
Qi-fense LLC © 2009
Q & AThank you