As phishing and pharming become more prevalent, researchers at Stevens Institute of Technology have taken steps to mitigate the risk posed by such online threats. Susanne Wetzel, Assistant Professor, and Liu Yang, Research Scholar, both in the Stevens’ Computer Science Department, will participate in and present their research findings at the Anti-Phishing Working Group eCrime Researchers Summit in Orlando, Nov. 16-17.

The Anti-Phishing Working Group (APWG) is joining with the Florida Department of Law Enforcement, Florida State University and the University of Central Florida to host its first research summit. The conference will present original, unpublished research results, and/or best practices in the area of online fraud; explore research gaps/opportunities/challenges and the state-of-the-art with respect to forensic practice (methods, tools, and techniques) for investigating scams based on phishing, pharming and crimeware; and discuss innovative ideas related to eCrime mitigation efforts.

Wetzel and Yang will present findings from their paper, “Warkitting: The Drive by Subversion of Wireless Routers,” written in collaboration with Alex Tsow, Visiting Research Associate, and Markus Jakobsson, Associate Director, CACR, both from Indiana University.

“In this paper, we introduce the notion of warkitting as the drive-by subversion of wireless home routers through unauthorized access by mobile WiFi clients. Until recently, the perceived risk of wireless routers has centered around unauthorized network and bandwidth use. However, as we illustrate in this paper, the risks are far greater,” said Wetzel. “Our analysis shows that it is possible in practice to carry out warkitting attacks with low-cost equipment widely available today, and that the volume of credential theft possible through warkitting exceeds current estimates of credential theft due to phishing.”

By bringing together academics, law enforcement and ITSec practitioners, the summit will facilitate collaborations between PIs and centers of research developing eCrime forensics and/or eCrime countering technologies.

[tags]phish, pharm, Anti-Phishing Working Group, APWG, Warkitting: The Drive by Subversion of Wireless Routers, eCrime Researchers Summit[/tags]