Information Trust Institute (ITI) Calendar

Back to Listing

TSS Seminar: Shishir Nagaraja: "The Snooping Dragon: Social-Malware Surveillance of the Tibetan Movement"

Event Type
Information Trust Institute
3405 Siebel Center
Apr 3, 2009   4:00 pm  
Shishir Nagaraja, Information Trust Institute, University of Illinois at Urbana-Champaign
Originating Calendar
Information Trust Institute (ITI) archival calendar


In this talk I shall describe the case of a malware-based electronic surveillance of a political organization by the agents of a nation state. While malware attacks are not new, two aspects of this case make it worth serious study. First, it was a targeted surveillance attack designed to collect actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed. Second, the modus operandi combined social phishing with high-grade malware. This combination of well-written malware with well-designed email lures, which we call social malware, is devastatingly effective. Few organizations outside the defense and intelligence sector could withstand such an attack. This work is of importance not just to companies that may attract the attention of government agencies, but to all companies. As social malware attacks spread, they are bound to target people such as accounts payable and payroll staff who use their computers to make payments. The traditional defense against social malware in government agencies involves expensive and intrusive measures that range from mandatory access controls to tiresome operational security procedures. These will not be sustainable in the economy as a whole. Hence, prevention will be hard.

This work received coverage from the New York Times in a March 28, 2009 article entitled "Vast Spy System Loots Computers in 103 Countries":

link for robots only