Traps, Pitfalls, Swindles, Lies, Doubts and Suspicions:

Artificial Intelligence Management and Development CorporationArtificial Intelligence Management and Development Corporation AI M

Traps, Pitfalls, Swindles, Lies, Doubts

and Suspicions:A Counter-Case for the Study of

Good Etiquette

Jack L. Edwards & Greg ScottA I Management & Development Corp.

Sharon McFadden & Keith C. HendyDefence Research & Development Toronto

Defence R & D Canada - TorontoDefence R & D Canada - Toronto


Etiquette

• A Nice Image

• Context: Human & System Etiquette

• Benevolence Assumption


Some General Rules of Etiquette

• Be helpful • Be respectful

• Be relevant • Be prompt

• Be brief • Be protective (of

privacy)

• Be pleasant • Be adaptable


Foundational Rule

• Foundational Rule of Etiquette– Assumption of Honesty (“Be honest”)

• Benevolence Assumption

• High Correlation With Some Overlap in Meaning


The Internet: Ubiquitous and Evolving

• Work & Leisure Time Extends Beyond Local Processing

• Increasing Involvement of Technology in Person-To-Person Exchanges

– E.g., email; chat-rooms; video conferencing

• Modern Agents Increasingly Software and Internet-Based

• Traps, Pitfalls, Swindles Generalize Easily to the Internet


Violations of the Foundational Rule:Traps, Pitfalls, Swindles, Lies...

• Nigerian Fee Scam

• On-line Credit Card Fraud in 2001 – (5% of online consumers)*

• Merchant’s lost $700M in 2001*

• Lies & Hoaxes (Bush’s IQ)

* Gartner Group


Thorough Understanding of Etiquette Is Not Possible Without An

Active Study of the Abuse of Good Etiquette• Focusing Only on Good Etiquette Prejudices Us Toward

Assumptions of Benevolence

• Actively Assume Mantle of Hacker, Vandal, Scam Artist, Thief or Terrorist

– Explore how to enlist rules of etiquette in deception & fraud

• Active Contemplation Will Engage the Mind in a Creative Pursuit of a Deeper Understanding of Etiquette

– Norman & Rumelhart Example


Applying Etiquette Rules in the Service of Scams & Frauds

• Be helpful • Be respectful• Be relevant • Be prompt• Be brief • Protect privacy• Be pleasant • Provide options

• Give the Appearance of Honesty– Falsely Establish Credibility

• Some Examples of Grfter Etiquette


Fraud, Vandalism, Theft & Terrorism on the Internet

• Ubiquitous Computing Is Giving Rise to Ubiquitous “Underworld” Activity

• Generalization of Classic Con Games is Underway– Ponzi schemes – Identity Theft– Affinity Fraud – Insider Trading– Badger Game – Twice-fleeced Fraud– Embezzlement – Weights and Measures Frauds

• Segmentation & Other Refinement Techniques– Mark (or Victim) Categories


Generalizing Grifter and Other Criminal Agents

• Current & Future Software Agents– Roper Agents – Manager Agent– Inside Man Agent – Forger Agent– Shill Agents – Vandal Agents

• Humans, Corporations & Other Organizations– The Target, Victim or Mark


Generalizing “Big Con” Grifters to Software

• Roper Agents - Automated Solicitations (e.g., Nigerian Fee Scam)

• Inside Man - Remotely Controlled & Coordinated Attack Agents

• Manager - External Automated Attack Agents on Distributed Machines

• Shills - Support Agents in a Society of Grifter Agents


Malicious Software Agents (Zeltser, 2000)• Rapidly Spreading Agents

– Viruses and Worms - Explicitly Copy Themselves– e.g. Melissa Virus and Morris Worm

• Spying (Espionage) Agents– Transmits Sensitive Information– e.g. Caligula, Marker and Groov Viruses

• Remotely Controlled Agents– Complete Control of Victim’s Machine– Client/Server Architecture

• Server Communicates with Attacker through Outbound HTTP & FTP Channels• Client directs Agent through Inbound Email and Web Browsing Channels• Programming API Permits Controlling Traffic to be Encrypted with Plug-Ins• Plug-Ins Permit Newly Propagated Versions to Register with Home-Base

– e.g. Back Orifice and NetBus


Malicious Software Agents (Zeltser, 2000) (continued…)

• Coordinated Attack Agents– Complete Control of Victim’s Machine– Client/Server Architecture

• Multiple Clients Operate from Compromised Machines• Difficult to Trace

– e.g. Trinoo and TFN

• Advanced Malicious Agents– Builds on Strengths of Previously Described Agents– Alleviates Their Weaknesses– e.g. RingZero Trojan


Veracity Agent Network (VAN) - A Society of Protection Agents -

• Monitoring Agents - Incoming/Outgoing Traffic & Unusual Local Activity

• Filtering Agents - Filters (Blocks) Unwanted Activity• Masking Agents - Masks Identify (Hides or Falsifies)• Tracking Agents - Track & Identify Unknown Sources• Information Agents - Explains Activities to Users• Proactive Agents - Build User Profiles of Attackers;

Report Violations; Alter Code of Intrusive Agents; Search & Destroy


VAN Functionality: Ensuring Good “Underworld” Etiquette?

• Monitoring, Intercepting & Controlling Cookie Traffic

• Monitoring Automatic Version Checkers Sending Personal Info to Company Sites– (e.g. usage statistics correlated with software Serial No.)

• Blocking Unwanted Transmission of Personal Info – (e.g. credit card numbers, email address)

• Stripping Browser Type, Platform & OS Info Sent With Every Request for Web Page

• Blocking Banner Ads; Automatic Closing of Pop-Up Ads


Current Level of Development: Monitoring Agents

• Internet Traffic Can Be Intercepted Either: – leaving an application & passing to the OS– leaving the OS & passing to network

• Both Require Low-Level Drivers to Intercept Data


Current Level of Development: Monitoring Agents (continued…)

• Look Up IP Addresses Automatically Using “whois”

• Determine Usage Stats Being Collected, by RealPlayer

• Port Number Look-Up (65K+ Ports): Identify Type of Traffic Using Ports & Build a DataBase

• Identify Information Sent Out Without Asking User– cookies– software update requests– AOL messenger activity– usage stats


Current Level of Development: Monitoring Agents (continued…)

• Outside Attempts to Access System

• Personal Info Being Sent Out– e.g. credit card numbers; email addresses; passwords

• System Info Sent Out While Web Browsing– e.g. browser type, operating system, type of computer

• Monitor Email to...– identify common Internet hoaxes & scams– compile statistics on incoming messages for future use


Support Technology

• NetTraffic & WinpCap - Monitors Low-Level Event Traffic on PC

• Current Open Source Code from Politecnico di Torino– http://winpcap.polito.it/

• Original UNIX Pcap Developed at Berkeley

• Higher-Level Functionality is Needed to Interpret & Use That Information


User Requirements

• Protection Only - Don’t Bother Me With Details

• Track Activities (At Least in the Beginning)

• See Explanations of Activity; ID Sources; Report Intrusions & Misuse of Information

• Be Proactive Realtive to Intruders


“User” Models

• For Actual User (Encrypted)

• For Several Masked Versions of Own User

• For “Friends” of Own User

• For Tracked (Potentially Malicious) Sources


Possibility of Agent Wars• Disseminate Info Other Agents Created To Block

• Misrepresent Themselves For Nefarious Purposes

• Hack Other Agents to Prevent Them from Achieving Competing Goals


The Future of “Underworld” Internet Computing

• “Underworld” of the Internet - The “Wild West”

• Few Rules and Little Explicit “Consideration of Others,” as We Defined as the Source of Good Etiquette

• Helplessness of Average User to Protect Themselves From This “Underworld” Activity Will Help Drive Etiquette

• Our Goal: Agents to Help Ensure You Are “Taken Into Consideration,” in this New World of Ubiquitous Internet Computing

Traps, Pitfalls, Swindles, Lies, Doubts and Suspicions:

Documents