Dr Phillip Hallam-Baker is principal scientist at VeriSign Inc. He has been developing protocols for the Web since 1992 and has made substantial contributions to HTTP, X.509/PKIX, OCSP, XKMS, SAML and WS-Security. He is currently editor of the XKMS specification and a co-editor of the WS-Security specification.
Dr Hallam-Baker's area of special interest is phishing; he became interested in this fraud after working on the application of authentication technologies as a solution to spam. He is chair of the solutions evaluation and trial committee of the anti-phishing working group.
He has a degree in electronic engineering from the University of Southampton and a doctorate from the University of Oxford. Prior to VeriSign, he held research posts at DESY, CERN and MIT.
Internet Crime - The New Frontier
Internet crime is organized, professional. Annual losses due to Phishing, Advance Fee fraud and Denial of Service Extortion are large and growing at an alarming rate. In this presentation I will describe the tactics and techniques used by the Internet criminals and the countermeasures being brought to bear against them.
In order to defeat Internet crime we must understand the ways in which the criminals organized. In the 1930s organized crime adopted the then revolutionary management principles being pioneered by Alfred P. Sloane and others. Today Internet criminals are adopting the principles of the virtual enterprise: high margin activities such as 'carding' are performed in-house, low margin activities such as managing botnets, sending spam and even phishing are outsourced through a network of criminal marketplaces.
While few countries have the resources necessary to develop and maintain a credible information warfare program the infrastructure developed to support Internet crime allows this capability to be rented at remarkably low cost.
Tactical controls such as fraud detection, takedown services, managed security services and security intelligence services allow businesses to protect their assets in the insecure environment of the Internet. The challenge security protocol architects face is to change the fabric of the Internet to make it more resistant to criminal attack tipping the advantage away from the attacker towards the defender. At the end of the presentation I will cover some recent standards initiatives to develop Internet safety technologies based on the accountability approach.
Sponsor of The CIO Dinner