An inquiry into the nature and causes of the wealth of internet miscreants
Proceedings of the 14th ACM conference on Computer and communications security
Protecting browsers from dns rebinding attacks
Proceedings of the 14th ACM conference on Computer and communications security
Robust defenses for cross-site request forgery
Proceedings of the 15th ACM conference on Computer and communications security
Who are the crowdworkers?: shifting demographics in mechanical turk
CHI '10 Extended Abstracts on Human Factors in Computing Systems
Task search in a human computation market
Proceedings of the ACM SIGKDD Workshop on Human Computation
Ethics and tactics of professional crowdwork
XRDS: Crossroads, The ACM Magazine for Students - Comp-YOU-Ter
How unique is your web browser?
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
An analysis of private browsing modes in modern browsers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Got traffic?: an evaluation of click traffic providers
Proceedings of the 2011 Joint WICOW/AIRWeb Workshop on Web Quality
Measuring pay-per-install: the commoditization of malware distribution
SEC'11 Proceedings of the 20th USENIX conference on Security
It's all about the benjamins: an empirical study on incentivizing users to ignore security advice
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
Today, several actors within the Internet's burgeoning underground economy specialize in providing services to like-minded criminals. At the same time, gray and white markets exist for services on the Internet providing reasonably similar products. In this paper we explore a hypothetical arbitrage between these two markets by purchasing "Human Intelligence" on Amazon's Mechanical Turk service, determining the vulnerability of and cost to compromise the computers being used by the humans to provide this service, and estimating the underground value of the computers which are vulnerable to exploitation. We show that it is economically feasible for an attacker to purchase access to high value hosts via Mechanical Turk, compromise the subset with unpatched, vulnerable browser plugins, and sell access to these hosts via Pay-Per-Install programs for a tidy profit. We also present supplementary statistics gathered regarding Mechanical Turk workers' browser security, antivirus usage, and willingness to run arbitrary programs in exchange for a small monetary reward.