Christopher Abad

Last updated

Christopher Abad
NationalityAmerican
Occupation(s) Hacker, museum curator, artist, network engineer and programmer

Christopher Abad is an American hacker, museum curator, artist, network engineer and programmer. He is best known for his qualitative analysis of specialization stratification in the underground economies related to computer crime.

Contents

Academic publication and mainstream news coverage

While at UCLA, Abad discovered a method by which collisions in the hash function used in Internet Protocol datagrams may be leveraged to enable covert channel communications. [1] His discovery was a centerpiece of covert communications methodology and was the primary citation for an Association for Computing Machinery paper on covert channel detection [2] and another on a similar technique using TCP timestamps, [3] the two most well-cited and widely republished papers on the subject.

In 2005 while working at Cloudmark, Abad spent six months examining the phishing underworld from the inside. [4] Abad discovered that phishers were using IRC channels in order to trade personal information. [5] He stalked and collected messages from thirteen chat rooms phishers use. [5] Whereas past phishing researchers believed that phishing was coordinated by highly organized criminals, Abad discovered that phishing rings were decentralized. [5] Abad published his findings in First Monday. [6] This paper was the first examination of how the economy of phishing agents functioned, and highlighted the high degree of specialization within the economy.

20 GOTO 10

Abad was the founder and owner [7] of 20 GOTO 10 (2008–2012), a former gallery which caters not only to fine art, but to "hacker" art, with an emphasis on technology as art, or exhibits which make the potentially criminal or unethical aspects of computer security accessible to the public. [8] The gallery received many favorable reviews coverage for its airing of art related to the computer underground, including ANSI [9] and 3D [10] art.

Related Research Articles

<span class="mw-page-title-main">Error detection and correction</span> Techniques that enable reliable delivery of digital data over unreliable communication channels

In information theory and coding theory with applications in computer science and telecommunication, error detection and correction (EDAC) or error control are techniques that enable reliable delivery of digital data over unreliable communication channels. Many communication channels are subject to channel noise, and thus errors may be introduced during transmission from the source to a receiver. Error detection techniques allow detecting such errors, while error correction enables reconstruction of the original data in many cases.

<span class="mw-page-title-main">IRC</span> Protocol for real-time Internet chat and messaging

IRC is a text-based chat system for instant messaging. IRC is designed for group communication in discussion forums, called channels, but also allows one-on-one communication via private messages as well as chat and data transfer, including file sharing.

The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address. For example, an error is indicated when a requested service is not available or that a host or router could not be reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications.

Steganography is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, message, image, or video is concealed within another file, message, image, or video. The word steganography comes from Greek steganographia, which combines the words steganós, meaning "covered or concealed", and -graphia meaning "writing".

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.

In computer security, a covert channel is a type of attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. The term, originated in 1973 by Butler Lampson, is defined as channels "not intended for information transfer at all, such as the service program's effect on system load," to distinguish it from legitimate channels that are subjected to access controls by COMPUSEC.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.

<span class="mw-page-title-main">Botnet</span> Collection of compromised internet-connected devices controlled by a third party

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

ACiD Productions (ACiD) is a digital art group. Founded in 1990, the group originally specialized in ANSI artwork for bulletin board systems (BBS). More recently, they have extended their reach into other graphical media and computer software development. During the BBS-era, their biggest competitor was iCE Advertisements.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

IP traceback is any method for reliably determining the origin of a packet on the Internet. The IP protocol does not provide for the authentication of the source IP address of an IP packet, enabling the source address to be falsified in a strategy called IP address spoofing, and creating potential internet security and stability problems.

20 GOTO 10 was an art gallery in operation from 2008 to 2012, founded by Christopher Abad in San Francisco, California, United States.

A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer. In this attack, a host sends hundreds of ping requests with a packet size that is large or illegal to another host to try to take it offline or to keep it preoccupied responding with ICMP Echo replies.

Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.

Trusted timestamping is the process of securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised.

<span class="mw-page-title-main">Fingerprint (computing)</span> Digital identifier derived from the data by an algorithm

In computer science, a fingerprinting algorithm is a procedure that maps an arbitrarily large data item to a much shorter bit string, its fingerprint, that uniquely identifies the original data for all practical purposes just as human fingerprints uniquely identify people for practical purposes. This fingerprint may be used for data deduplication purposes. This is also referred to as file fingerprinting, data fingerprinting, or structured data fingerprinting.

Linked timestamping is a type of trusted timestamping where issued time-stamps are related to each other.

References

  1. Abad, Christopher (2001), IP Checksum Covert Channels and Selected Hash Collision (PDF), p. 3, archived from the original (PDF) on January 11, 2023, retrieved October 8, 2010
  2. "Ip covert timing channels: Design and detection". Computer and Communications Security: 178–187. 2004. CiteSeerX   10.1.1.84.6196 .
  3. "Covert messaging through TCP timestamps". Covert Messaging through TCP Timestamps: 194–208. 2002. CiteSeerX   10.1.1.104.2501 .
  4. Gomes, Lee (June 20, 2005). "Phisher Tales: How Webs of Scammers Pull Off Internet Fraud". The Wall Street Journal . Retrieved October 8, 2010.
  5. 1 2 3 Keizer, Gregg (July 29, 2005). "Researcher Describes How The Phishing Economy Works". InformationWeek . Retrieved October 8, 2010.
  6. "The economy of phishing: A survey of the operations of the phishing market". First Monday . 10 (9). 2005. Archived from the original on November 21, 2011. Retrieved October 8, 2010.
  7. Lee, Ellen. Early computer-generated art revived for S.F. exhibit. San Francisco Chronicle . January 12, 2008.
  8. McMillan, Robert (IDG News service)San Francisco gallery shows hacker Joe Grand's work as art Archived March 3, 2008, at the Wayback Machine 2 PC World , IT World
  9. Johnson, Joel. ANSI Art Show at 20 GOTO 10 Gallery Boing Boing . January 28, 2008.
  10. Hart, Hugh. Art Geek Creates 3-D on a Shoestring Wired . July 9, 2008.