Exposing and mitigating cross-channel abuse that exploits the converged communications infrastructure

Abstract

Recently we have witnessed rapid consolidation of traditional and emerging communications infrastructures, leading to the convergence of telephony and the Internet. While this convergence has been beneficial in many ways, it has also expanded the arsenal of malicious actors by introducing new attack vectors. Specifically, it offers malicious actors the ability to craft cross-channel attacks that combine both telephony and Internet resources to evade existing defenses, abuse the underlying infrastructure and victimize the end-user in ways that have not been adequately explored in the past. In fact, instances of such abuse have attracted the attention of federal law enforcement and consumer protection agencies such as the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC). In response to strong consumer demand for action against cross-channel abuse, these agencies have pressed for robust solutions to deal with such abuse.

In this dissertation, we first introduce the notion of cross-channel abuse and place it in the context of traditional notions of Internet and telephony abuse. Then, as a first case in point, using CHURN, a cross-channel messaging attribution system, we present a data-driven longitudinal study of the support infrastructure aiding cross-channel text-messaging abuse which reveals insights into the domain and IP infrastructure used in text-messaging scams, spam and phishing attacks. As a second case in point, using X-TSS, a system developed to track online search-and-ad based cross-channel abuse in technical support scams (TSS), we extend the data-driven approach to study these infamous scams that have plagued consumers and industry brands for over a decade. The lens of a cross-channel view of TSS helps reveal previously underexposed tactics and infrastructure used in these scams. Lastly, based on the learnings from these two cases, we explore cross-channel intelligence sharing that augments and enhances existing abuse prevention and defense mechanisms on both telephony and Internet channels. By making these contributions, we seek to improve the situational awareness around cross-channel abuse and provide a framework that increases the security and trust of everyday transactions taking place in the converged communications landscape.