Wednesday, January 02, 2013
First of all, may 2013 be a prosperous year for all of you. Yes, the holidays are coming to an end (for some the holidays already ended) and for most people it will be back to work and school very soon. Although I had a great vacation I also had a very busy one. In between the relaxation and quality time with family and friends, I also spent some time working on new projects here at Cyber Top Cops. I am really exited about these projects because I believe they will make us more effective in the battle against cyber crime. So lets take a look at what is new at Cyber Top Cops
Although this is not a new project, I have made some improvements to it. These improvements were mainly made behind the scenes, so you won't really notice anything different, but I have upgraded our scam example publishing tool which makes it possible for me to process scam examples quicker and easier.
This new project is a visible enhancement to the SHPAMEE Project. Although it is still in it's baby shoes, I believe this will add a lot of value to the spam examples we publish on our site in the future. The main idea behind this project was to get all the information collected about a cyber criminal during an investigation, out to the public. The main focus of this project is 419 scams at the moment, but the infrastructure of this project allows us to do much more than just 419 scammers. It is not really a project completely on its own, but it is rather tightly integrated into the SHPAMEE Project. At the bottom of each e-mail example you will see a heading “Related Cyber Criminal Profiles”. The system uses keywords from the e-mail example and searches the Cyber Criminal Profile database for cyber criminals that could possibly be related to the specific e-mail example on display. For an example of how this works, visit the following spam example page:
When you click on one of the profile links, it will take you to a profile page for that specific cyber criminal. It will highlight all similarities between the cyber criminal and the example page, in red, so that you can see why this cyber criminal was flagged as a related cyber criminal for that specific spam example.
In the spam example mentioned above you will find Mrs Kwesi Jane as the first related cyber criminal. At the bottom of the cyber criminal profile page you will find a cross reference back to the spam example and any other spam example the cyber criminal might be linked to, as well as a list of other cyber criminals related to the one on display. When you click on any of these related cyber criminal links, it will take you to the related cyber criminal's page where the similarities between the current cyber criminal and the related cyber criminal will be highlighted.
The database is almost non-existent, with only 4 active profiles at the moment. These 4 initial profiles were used to test the functionality of the system and now that the infrastructure is in place for more cyber criminal profiles, we can expand the database over time. A 419 scam example only tells you so much about the cyber criminal involved, but the new Cyber Criminal Profile system allows us to tell you so much more about a specific scam, not just about the main peanut in the packet, but also about everyone else involved in a scam (or at least every other alias used by a scammer). Who knows what kind of links this system will identify when we add more profiles to the database?
Most of my time went into this project. Over the years we have collected hundreds of malware samples, submitted by members of the public through our Malware Sample Upload Form as well as samples collected from spam e-mails and links reported through our Malware Site Report Form. But working through these samples and links was quite a tedious task, so I developed a system to make my life easier and at the same time provide feedback about the samples we have analysed so far. The malware sample information pages provide very basic information about the sample and which malware scanners you can use to remove it from your system, but I will add more information to these pages as time goes by.
This database is not just about a bunch of information pages. Visitors can also upload files to compare it to our database and if no match is not found, you can submit the sample for further analysis. I have also added an RSS feed, to keep interested parties up to date when we add new samples to our database. This feed can also be a great way for visitors to get some feedback about a malware sample submitted for analysis.
A lot of effort went into these projects and I really hope it will serve the Internet community well. I would like to see these projects as work in progress, because I am never done with them, every now and then I get an idea to expand or enhance a project or sometimes I just find a way to do the same thing, only better and more effective. But to make these projects more effective we need the help of the Internet community. We need you to report cyber crime!