by Solange Ghernaouti-Hélie, Jens Tölle and Jean-Jacques Quisquater

44 years ago Charles P. Lickson in a well-known paper "Privacy and the computer age" (IEEE Spectrum, October 1968, pp. 58-63) began his abstract with the prediction “By the year 2000, Americans could have computers and robots in the home - and virtually no privacy”. Now, in 2012, we could say better “virtually no privacy and a lot of cybercrimes”.

Cybercriminality has become a curse of society that affects everybody, nationally and internationally. Individuals, companies, institutions and governments may both become victims as well as (involuntary) helpers of cyber criminals. Inextricably associated with cyberspace, it is a reflection of the evolution of criminal practices that have adapted to the world of information and communication technologies.

by Solange Ghernaouti-Hélie

An overview of the cybercriminal ecosystem
All the individuals and groups involved in cybercriminality, their ways of working, and the processes they have adopted to maximize their profits while minimising their risks of legal consequences; these elements go together to form an ecosystem. Like all ecosystems, this is lively, dynamic and undergoing permanent adaptation in order to exploit new opportunities in the marketplace, new vulnerabilities, new tools and new means of communication.

by Michael Levi

Estimates of cybercrime costs are highly contested. We have become conditioned to believe that in order to generate control expenditure and powers to override privacy, very high attention-grabbing figures are needed. We were asked by the UK Ministry of Defence in 2011 to do a relatively ‘quick and dirty’ calculation to stimulate some serious analysis to counterbalance some of the high guesstimates currently in circulation, which have little general credibility. This attempt to dissect plausible data from scattered guesstimates was led by Ross Anderson from Cambridge and was co-authored by Chris Barton, Rainer Böhme, Richard Clayton, Michel van Eeten, Michael Levi, Tyler Moore, and Stefan Savage [1].

by Evangelos Markatos and Herbert Bos

For many years, cyber attackers have been one step ahead of the defenders. The asymmetric nature of the threat has led to a vicious cycle where attackers end up winning. SysSec, a new Network of Excellence in the area of Systems Security, attempts to break this vicious cycle and encourages researchers to work not on yesterday’s attacks but on tomorrow’s threats, to anticipate the attackers’ next move and to make sure they are prepared.

by Juan Caballero

At the core of most cybercrime operations is the attacker's ability to install malware on Internet-connected computers without the owner's informed consent. The goal of the MALICIA project is to study the crucial role of malware in cybercrime and the rise in recent years of an “underground economy” associated with malware and the subversion of Internet-connected computers.

Cybercrime, criminal activity conducted via computers connected to the Internet, is a growing threat for developed regions like Europe where nearly three quarters of households and a large number of the infrastructures are connected to the Internet, and an increasingly number of services and transactions happen online.

by Srdjan Matic, Aristide Fattori, Danilo Bruschi and Lorenzo Cavallaro

Advances in technology and a steady orientation of services toward the cloud are becoming increasingly popular with legitimate users and cybercriminals. How frequently is sensitive information leaked to the public? And how easy it is to identify it amongst the tangled maze of legitimate posts that are published daily? The underground economy and the trade of users' stolen information are once again rising to the surface and mutating into a bazaar under the eyes of everyone. Do we have to worry about it and can we do anything to stop it?

by Radoniaina Andriatsimandefitra, Valérie Viet Triem Tong, and Ludovic Mé

"In the world of mobile, there is no anonymity," says Michael Becker of the Mobile Marketing Association, an industry trade group. In recent work, Enck and colleagues have used information flow monitoring on a mobile device to show that, on average, over two thirds of the most popular applications of an Android market were responsible for data leakage [1]. We believe data leakages are mainly due to the intrinsic limitations of Android's security mechanisms. Here we describe “Blare”, a tool that detects Androïd data leakages.

by Stefano Zanero, Sotiris Ioannidis and Evangelos Markatos

A European Union project aims to provide a much needed toolkit for forensic analysis of network-spreading malicious code.

by Jan Gassen and Elmar Gerhards-Padilla

Today’s computer systems face a vast array of severe threats that are posed by automated attacks performed by malicious software as well as manual attacks by individual humans. These attacks not only differ in their technical implementation but may also be location-dependent. Consequentially, it is necessary to join the information from heterogeneous and distributed attack sensors in order to acquire comprehensive information on current ongoing cyber attacks.

by Daniel Plohmann and Elmar Gerhards-Padilla

Malware is responsible for massive economic damage. Being the preferred tool for digital crime, botnets are becoming increasingly sophisticated, using more and more resilient, distributed infrastructures based on peer-to-peer (P2P) protocols. On the other side, current investigation techniques for malware and botnets on a technical level are time-consuming and highly complex. Fraunhofer FKIE is addressing this problem, researching new ways of intelligent process automation and information management for malware analysis in order to minimize the time needed to investigate these threats.

Collecting location data of an individual is one of the greatest offences against privacy. The main objective of this paper is to raise the awareness about the use and collection of such data by illustrating which types of personal information can be inferred from it.

by Michael Baentsch, Paolo Scotton and Thomas Gschwind

Using private workstations for business purposes – securely
In recent years, the concept of consumerization has led to consumer IT equipment that is often more powerful and easier to use than workplace computers such as notebooks. This phenomenon, coupled with the rapid generation and renewal cycle of modern ultrabooks and the administrative overhead involved in the purchase of business computers, is fueling the trend of enterprises offering their employees a contribution towards buying a private notebook for use as workplace computer. This is problematic from a security point of view: How can an enterprise ensure that privately owned computers fulfill all security requirements for accessing confidential enterprise data?

by Marc Stevens

When significant weaknesses are found in cryptographic primitives on which the everyday security of the Internet relies, it is important that they are replaced by more secure alternatives, even if the weaknesses are only theoretical. This is clearly emphasized by our construction of a (purposely crippled) rogue Certification Authority (CA) in 2009 that in principle enabled the impersonation of all secure websites. This was possible due to the continued use of the insecure cryptographic hash function MD5 by a leading commercial CA. The hash function SHA-1, the successor to MD5 as the de facto hash function standard, has been theoretically broken since 2005. The Cryptology group at CWI has recently made a significant step towards a practical attack on SHA-1 that has long been anticipated, as well as efficient counter-measures against these cryptographic attacks.

by Markus Huber

Recently, academia and law enforcement alike have shown a strong demand for data that is collected from online social networks. We present a novel method for harvesting such data from social networking websites. Our approach uses a hybrid system based on a custom add-on for social networks in combination with a web crawling component.

by Alex Biryukov, Ivan Pustogarov and Ralf-Philipp Weinmann

Tor is one of the most widely used tools for providing anonymity on the Internet. We have devised novel attacks against the Tor network that can compromise the anonymity of users accessing services that exhibit frequent and predictable communication patterns and users establishing long-lived connections.

by Christopher Humphries, Nicolas Prigent and Christophe Bidan

As networks increase in size and complexity, IT security officers are being overwhelmed by large volumes of data (alerts from IDSes, logs from various machines and services, etc). These data are often very heterogeneous and multidimensional. It is, of course, impossible to handle these data manually and even automated analysis tools are often inadequate owing to the scale of the data. This situation has reached a point at which most available data is never used. Visualization provides new hope in this context.

‘Cloud computing environments have become a new battlefield for cyber crime’ [3], posing an unprecedented risk to individuals’ privacy. A survey with 257 respondents on Cloud forensic capabilities and perceived challenges shows the state of Cloud forensics.

by Jeroen van den Bos and Tijs van der Storm

Recovering evidence of criminal activities from digital devices is often difficult, time-consuming and prone to errors. The Software Analysis and Transformation group at CWI designed Derric, a domain-specific language (DSL) that enables the efficient construction of scalable digital forensics tools.

by Attila Kertesz and Szilvia Varadi

Cloud Computing offers flexible resource provision for businesses, enabling them to respond effectively to new demands from customers. This new technology moves local data management to a third-party provided service, a phenomenon that raises legal issues such as data protection and privacy. We have evaluated Cloud use cases against the applicable law set out by the Data Protection Directive of the EU to pinpoint where legal problems may arise.

by Oleg Chertov and Dan Tavrov

Protection of individual online privacy is currently a high profile issue. But, as important as it is, solving individual privacy issues does not eliminate other security breaches likely to occur if data aren’t handled properly. Collective information about groups of people is also of vital importance and needs to be secured. Novel research into providing anonymity for particular groups highlights the necessity of privacy for groups.

by Martin Burkhart and Xenofontas Dimitropoulos

At ETH Zurich, we have developed the SEPIA library, which makes secure multiparty computation practical for many participants and large input data volumes. This paves the way for novel approaches in collaborative network security.

by Nicolas Anciaux, Jean-Marc Petit, Philippe Pucheral and Karine Zeitouni

In the IT world every piece of information is just “one-click away”. This convenience comes at a high indirect price: the loss of the user’s control over her personal data. We propose a simple yet effective approach, called Personal Data Server, to help protect the user’s data.

by Nicolas Anciaux, Benjamin Nguyen and Michalis Vazirgiannis

When requesting bank loans, social care, tax reduction, and many other services, individuals are required to fill in application forms with hundreds of data items. It is possible, however, to drastically reduce the set of completed fields without impacting the final decision. The Minimum Exposure Project investigates this issue. It aims at proposing an analysis, framework and implementation of an important privacy principle, called Limited Data Collection.

by Arnaud Legout and Walid Dabbous

Linking a social identity such as a name to an IP address is generally believed to be difficult for an individual with no dedicated infrastructure or privileged information. Although an individual’s ISP has access to this information, it is kept private except in the case of a legal decision. Similarly, some big Internet companies such as Facebook and Google might be privy to this information but it will never be communicated as it is an industrial secret used for targeted advertisements. In the context of the bluebear project, we show that it is possible for an individual to inconspicuously make the link between social identity and IP address for all Skype users.

by Vicenç Torra and Klara Stokes

The release of confidential data to third parties requires a detailed risk analysis. Identity disclosure occurs when a record is linked to the person or, more generally, the entity that has supplied the information in the record. A re-identification method (eg record linkage) is a tool which, given two files, links the records that correspond to the same entity. In the project Consolider-ARES we study re-identification methods, their formalization and their use for measuring disclosure risk.

by Marek Kumpošt and Vashek Matyáš

As a part of our research on privacy protection and identity management, we conducted two experiments to find out how people value their private information. Privacy and control of private information sharing/flow is becoming a crucial part of everyday “online” life. But still, people seem to be prepared to disclose private data for a very modest reward – loyalty cards, for example, allow profiling of customer behaviour and use of this information (to create, e.g., personalized advertisements. Search engines and social networks can track users’ browsing activities via embedded sharing buttons. This is a very common technique and even if we are not a member of a social network, there is a lot of evidence about our browsing history. This can also be used for providing customized content.