Abuse at scale hearn@google.com.

Slides:

Advertisements

Similar presentations

Geneva Public Library February 15th, What is ? How many of you have had accounts before?

Advertisements

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Deliverability How We Get You to the Inbox. +98 % Our Deliverability routinely ranks in the high 90s. There’s another way of saying this: We Get Your.

Tony BrettOUCS Course Code ZAE 1 March 2004 Webmail – the new WING Tony Brett Oxford University Computing Services.

Security Jonathan Calazan December 12, 2005.

Google Account Basics: Getting Started with free Google applications.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Managing and Avoiding Junkmail. Junk  Where does Junk Mail come from? People with whom you do business  Pepsi Friends of people with whom you.

SAG INFOTECH PVT. LTD Bulk Contact Detail Portal SOFT SOLUTION FOR THOSE WHO CAN”T AFFORD TO MAKE ERROR.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Who Knew? 15 Things You Didn’t Know About HighRoad Solution’s Campaign Tool Jenny Lassi Professional Services HighRoad Solution.

1 The Business Case for DomainKeys Identified Mail.

Information Security Phishing Update CTC

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.

Masud Hasan Secue VS Hushmail Project 2.

Relay Online Team Registration Relay Online Makes Registration Easy! Step 1: Sign Up on your Relay Online website Step 2: Start your Relay For Life.

Reliability & Desirability of Data

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely presents:

Security at NCAR David Mitchell February 20th, 2007.

Tired of Spam? The solution is MailWasher

BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)

Leveraging Asset Reputation Systems to Detect and Prevent Fraud and Abuse at LinkedIn Jenelle Bray Staff Data Scientist Strata + Hadoop World New York,

By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.

The Future of Anti-Spam: A Blueprint for New Internet Abuse Tools Garth Bruen CEO, KnujOn.com LLC MIT Spam Conference.

Professor Yashar Ganjali Department of Computer Science University of Toronto

Wikispam, Wikispam, Wikispam PmWiki Patrick R. Michaud, Ph.D. March 4, 2005.

Safety on Facebook Julie de Bailliencourt Safety Policy Manager EMEA.

Staff addresses Availability tradeoffs December 13, 2012.

SSH/SSL Attacks not on tests, just for fun. SSH/SSL Should Be Secure Cryptographic operations are secure SSL uses certificates to authenticate servers.

Advanced Guide to ing. Introduction In this guide you and explain will learn how to use ing in an advanced way. I will go through on.

How to manage your s Tips and tricks. Use Folders Folders are used to manage files in your hard disk drive. Similarly you can create folders in your.

Proactive Incident Response

Sales Engagement Platform

Cyber Info Gathering Techniques

Keeping Children Safe Online

Social Media Security: Understanding how to keep yourself safe.

& Google Gmail.

Unit 4 IT Security.

Gmail customer service

Dial +1(505) Quickly Gmail Password Recover.

Dial +1(505) Quickly Gmail Password Recovery.

How to manage your s Tips and tricks.

Outlook support number Ireland OUTLOOK ISSUES:- Unable to login Invalid password Sending spam s Receiving spam mails Gmail server.

Google Account Recovery Number. Google /Gmail Google is a well known service to all over the world. It is a kind of free service.

Outlook Technical Support It’s a web based service which is being used by Millions of users and owned by Microsoft. Microsoft.

Fix Error 550 Connect at Customer Service Number to Fix Error 550 under expertise of tech Support team experts.

Bluehost Coupons

Gmail Customer Service Online Chat. Gmail Technical Support Number Gmail technical support number is a 24/7 active service which provides the best technical.

Why is it important? ❏ Most website owners do not think that if they paste address on page or post than they have too much risk of spam. ❏

Outlook is the American service providers used by a number of people all over the world as it provides free and instant services to user of all age.

Google 2 Step Verification Backup Codes Google 2 Steps Verification Backup Codes is very important to get access Gmail account. Backup codes is usually.

How To Blocks s On Gmail

Gmail Password Support Customer Service Numebr

outlook is the American service providers used by a number of people all over the world as it provides free and instant services to user of all.

Relay Online Participant Registration

How to Protect your Privacy on Facebook Facebook Privacy.

CSE 303 Concepts and Tools for Software Development

Setting up a Gmail Account & Safety Kamlesh Singh Bisht IT Specialist.

BACHELOR’S THESIS DEFENSE

Sharing my own personal information

How to manage your s Tips and tricks.

NETIQUETTE Pn. Jamilah Binti Yusof.

Latest Questions Answers PDF

How to manage your s Tips and tricks.

It started with a list! Kieran Lamb SHH01 - LGF.

Cybersecurity Simplified: Phishing

Presentation transcript:

Abuse at scale hearn@google.com

Agenda

Agenda Stories from abuse@google.com Abuse in 2012 Abuse report handling Why it's hard What we could do about it

Stories from the abyss

Gmail then Launched 2004, invite only. 2006, open invites. Gmail does not provide sender IP for web sends Open signups make abuse fighting much harder CAPTCHA solving teams became available, $1 per thousand CAPTCHAs. Result>50% of all outbound mail is spam within months Gmail abuse team split out from inbound spam and grown

Gmail now No major outbound campaigns using spammy accounts Disclaimer: still send 5,000 (legit) mails/sec you may get sometimes get mail from @gmail.com accounts that you don't want How? Mail send risk analysis with hundreds of features, ML Phone verification on suspect spamming accounts Tactical operations against account sellers Account signup protected by risk analysis/ML/encrypted javascript, dedicated team that monitors bulk signup

Account sellers still exist Account sellers still exist. Normal price is $120-$150 per thousand (phone verified) This price level makes bulk spam uneconomic.

Problem areas Spammers who pay for the ability to spam Spammers who claim they will pay but don't 10,000+ engineers/product managers who are not used to thinking adversarially Highly motivated spammers who find exploits Students love Gmail. Let's make it available to universities! Spammer discovers he can make fake universities: *.edu.tk is treated as valid (now fixed) CAPTCHAs that are open to replay attacks .... etc

Google abuse in 2012

Recent trends April 2010 - the world changed Bulk signup era is over Account hijacking begins Over 1 million sets of credentials tried per day Successfully authenticating to >100,000 accounts per day WTF? The age of the password is over and never coming back

Solution Abuse team becomes anti-hijacking team Online login risk analysis Classifies 60-100k logins per second (2-3k/sec web) <100msec 0.1% false positive rate 2 years later, web hijacking on Gmail is largely wiped out.

Nobody expects the Spanish Inquisition! Abuse report handling Nobody expects the Spanish Inquisition!

abuse@gmail.com Some unhappy truths: Receives >40 reports/second Reports grouped into "feeds" Automatically reviewed in almost all cases Abuse report handling is a hard problem

Why is processing hard? Finding trusted feeds is tricky Individual reports have wildly varying quality, useful only in aggregate "Trusted partners" are incentivized to become untrusted partners Abuse reporting mechanisms frequently gamed Trustworthiness is not enough. You have to add coverage too. If you have <100 users it makes no difference. Abuse feed agreements exist between most major players, hard to avoid spamming them

Why is sending hard? Abuse reports contain verbatim/lightly redacted copies of mails Users have an expectation of privacy People click "report spam" on mails which are not spam Receivers should be processing abuse reports from us automatically and with reasonably good privacy controls: Manual review for sanity checking: OK Manual review of most abuse reports: NOT OK

What works best? Feeds that aggregate large numbers of users Feeds that have active anti-abuse teams behind them Otherwise spammers will game the system Feeds that use standard formats like ARF Feeds which are automated

Ideas for moving forward Upgrades to ARF: Could distinguish "this is spam" from "this is from a friend but doesn't seem like them". Easy extension to Feedback-Type. URL abuse (goo.gl) Self-service tool for @google abuse feeds? Neutral / non profit aggregators that enforce basic ground rules?

The end! Thanks for listening