Markus Jakobsson

Last updated
Markus Jakobsson
Alma mater University of California, San Diego
Occupation(s)Computer Security Researcher, Entrepreneur, Writer
Scientific career
Thesis Privacy vs. authenticity  (1997)
Doctoral advisor Russell Impagliazzo
Website www.markus-jakobsson.com

Markus Jakobsson is a computer security researcher, entrepreneur and writer, whose work is focused on the issue of digital security.

Contents

Career

Markus Jakobsson is currently chief scientist at Artema Labs, a company with the mission of disrupting and improving the crypto and NFT markets. Prior to his current role, he has been chief scientist at ByteDance; chief of security and data analytics at Amber Solutions, and chief scientist at Agari.

Prior to that, he was a senior director at Qualcomm as a result of Qualcomm acquiring FatSkunk in 2014; Jakobsson founded FatSkunk in 2009, and served as its CTO until the acquisition. Prior to his position at Qualcomm, Jakobsson has served as principal scientist of Consumer Security at PayPal, held positions as the principal scientist for Palo Alto Research Center and RSA Security, and served as vice president of the International Financial Cryptography Association. [1] [2] Prior to these positions, he was a member of the technical staff at Bell Labs, and held a position at Xerox PARC. [3] In addition, Jakobsson serves as an expert witness and is a member of the software and networking litigation group Harbor Labs. [4]

He has a background in higher education, having served as an associate professor at Indiana University where he was also a cybersecurity researcher and co-director of the Center for Applied Cybersecurity Research. [5] [6] He has also served as an adjunct associate professor at New York University. [7]

Companies founded and advisory positions

In, 2021, Jakobsson co-founded Artema Labs. In 2004, Jakobsson was one of the founders of the digital security company RavenWhite. [8] The Silicon Valley company offers device identification technologies and other authentication solutions for businesses that pair customer identity with digital privacy. [9] In 2006, he launched securitycartoon.com with Dr. Sukamol Srikwan. [10] A website using comics to teach security awareness and understanding among the average internet user, it became the basis for the company Extricatus, which developed Fastwords, an online password creation system where users create secure passwords made of a string of everyday words in order to make them easy to remember. [11] [12] In 2009, Jakobsson co-founded Fatskunk, a company that targets malware that attacks wireless devices such as tablets and smartphones. [13] He founded ZapFraud Inc in 2013. ZapFraud is an IP holding company with a portfolio related to targeted email attacks, including phishing and business email compromise. Markus has served on the advisory boards for Metaforic, a VC-backed company that markets software that other developers can incorporate into their own for greater security, and Lifelock, an identity protection company. [14] [15] In addition, he is a visiting research fellow of the Anti-Phishing Working Group (APWG), an organization focused on reducing cybercrime. [16]

Education

Jakobsson holds a PhD in computer science from the University of California at San Diego, as well as master's degrees from both the University of California at San Diego and Lund University in Sweden. [17]

Academic research

Jakobsson's early research publications were focused on cryptography. [18] Later research emphasis was aimed at understanding and preventing fraud. [19] [20] [21] With Filippo Menczer and two students, he also conducted live experiments on Internet users in order to determine the ways users were likely to fall victim to various forms on online fraud. [21] [22] His later research was focused toward mobile security and the detection of malware on mobile platforms. [23]

In a 1999 paper he, together with Ari Juels, coined the term "proof of work", a central concept in cryptocurrencies such as Bitcoin. [24]

Personal life

He is the brother of Hampus Jakobsson, an investor and tech entrepreneur, and Andreas Jakobsson, a professor of mathematical statistics at Lund University. [25]

Bibliography

Jakobsson is the author or editor of a series of books and studies dealing with the world of internet security and its practical applications for businesses and individual users. [26]

Related Research Articles

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of cybercrime.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

<span class="mw-page-title-main">Scareware</span> Malware designed to elicit fear, shock, or anxiety

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.

<span class="mw-page-title-main">Security token</span> Device used to gain access to restricted resource

A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless key cards used to open locked doors, a banking token used as a digital authenticator for signing in to online banking, or signing transactions such as wire transfers.

Self-service password reset (SSPR) is defined as any process or technology that allows users who have either forgotten their password or triggered an intruder lockout to authenticate with an alternate factor, and repair their own problem, without calling the help desk. It is a common feature in identity management software and often bundled in the same software package as a password synchronization capability.

Crimeware is a class of malware designed specifically to automate cybercrime.

A transaction authentication number (TAN) is used by some online banking services as a form of single use one-time passwords (OTPs) to authorize financial transactions. TANs are a second layer of security above and beyond the traditional single-password authentication.

<span class="mw-page-title-main">Password manager</span> Application for storing and managing passwords

A password manager is a software program to prevent password fatigue by automatically generating, autofilling and storing passwords. It can do this for local applications or web applications such as online shops or social media. Web browsers tend to have a built-in password manager. Password managers typically require a user to create and remember a single password to unlock to access the stored passwords. Password managers can integrate multi-factor authentication.

Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.

Internet safety, also known as online safety, cyber safety and electronic safety (e-safety), refers to the policies, practices and processes that reduce the harms to people that are enabled by the (mis)use of information technology.

Man-in-the-browser, a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a covert fashion invisible to both the user and host web application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or two- or three-factor authentication solutions are in place. A MitB attack may be countered by using out-of-band transaction verification, although SMS verification can be defeated by man-in-the-mobile (MitMo) malware infection on the mobile phone. Trojans may be detected and removed by antivirus software, but a 2011 report concluded that additional measures on top of antivirus software were needed.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

<span class="mw-page-title-main">Multi-factor authentication</span> Method of computer access control

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.

Trusteer is a Boston-based computer security division of IBM, responsible for a suite of security software. Founded by Mickey Boodaei and Rakesh K. Loonkar, in Israel in 2006, Trusteer was acquired in September 2013 by IBM for $1 billion.

Avalanche was a criminal syndicate involved in phishing attacks, online bank fraud, and ransomware. The name also refers to the network of owned, rented, and compromised systems used to carry out that activity. Avalanche only infected computers running the Microsoft Windows operating system.

The following outline is provided as an overview of and topical guide to computer security:

<span class="mw-page-title-main">Facebook malware</span> Malware incidents and responses on Facebook

The social media platform and social networking service Facebook has been affected multiple times over its history by intentionally harmful software. Known as malware, these pose particular challenges both to users of the platform as well as to the personnel of the tech-company itself. Fighting the entities that create these is a topic of ongoing malware analysis.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

References

  1. Honan, Mat. "What To Do After You've Been Hacked | Gadget Lab". Wired. Wired.com. Retrieved 2013-03-07.
  2. "Interviews Markus Jakobsson". Bankinfosecurity.com. 2007-01-29. Retrieved 2013-03-07.
  3. "Dr. Markus Jakobsson PayPal Principal Scientist Consumer Security, Past Principal Research Scientist RSA Security and PARC - Canadian IT Manager's Blog - Site Home - TechNet Blogs". Blogs.technet.com. 2011-09-21. Retrieved 2013-03-04.
  4. "Harbor". Harborlabs.com. Archived from the original on 2013-06-23. Retrieved 2013-03-04.
  5. "Technology | Users face new phishing threats". BBC News. 2004-10-20. Retrieved 2013-03-07.
  6. Jon Brodkin (2007-08-10). "Phishing researcher 'targets' the unsuspecting". Computerworld.com. Archived from the original on 2013-06-28. Retrieved 2013-03-07.
  7. "eWeek - Author Biography - Markus Jakobsson - News & Reviews". eWeek.com. 2008-04-30. Retrieved 2013-03-04.
  8. "Markus Jakobsson". ITworld. Retrieved 2013-03-07.
  9. "Study: More phishing suckers out there than we thought". Networkworld.com. 2006-10-18. Retrieved 2013-03-07.
  10. "SecurityCartoon.com". SecurityCartoon.com. Retrieved 2013-03-07.
  11. "Hunting For A Password That Only You Will Know". NPR.org. NPR. Retrieved 2013-03-07.
  12. Daniel Lyons (2011-06-26). "Fastwords: The New Online Password Security - Newsweek and The Daily Beast". Thedailybeast.com. Retrieved 2013-03-04.
  13. Naone, Erica (2010-03-05). "Hunting Mobile Threats in Memory | MIT Technology Review". Technologyreview.com. Retrieved 2013-03-07.
  14. "Software Immune System". Metaforic. Retrieved 2013-03-04.
  15. "Identity Theft Protection - Avoid ID & Credit Fraud". LifeLock. Retrieved 2013-03-04.
  16. SparkCMS by Baunfire.com. "About APWG | APWG". Antiphishing.org. Retrieved 2013-03-04.
  17. Markus Jakobsson (2012-08-28). "Markus Jakobsson: Executive Profile & Biography - Businessweek". Investing.businessweek.com. Retrieved 2013-03-04.[ dead link ]
  18. M. Jakobsson; K. Sako; R. Impagliazzo (1996). "Designated Verifier Proofs and Their Applications" (PDF). Advances in Cryptology — EUROCRYPT '96. Lecture Notes in Computer Science. Vol. 1070. Berlin, Heidelberg. pp. 143–154. doi:10.1007/3-540-68339-9_13. ISBN   978-3-540-61186-8 . Retrieved 2013-04-02.
  19. V. Griffith; M. Jakobsson (2005). "Messin' with Texas Deriving Mother's Maiden Names Using Public Records" (PDF). Applied Cryptography and Network Security. Lecture Notes in Computer Science. Vol. 3531. New York, NY. pp. 91–103. doi:10.1007/11496137_7. ISBN   978-3-540-26223-7 . Retrieved 2013-04-02.
  20. M. Gandhi; M. Jakobsson & J. Ratkiewicz (2006). "Badvertisements: Stealthy click-fraud with unwitting accessories" (PDF). Journal of Digital Forensics Practice. 1 (2). Retrieved 2013-04-02.
  21. 1 2 T. N. Jagatic; N. A. Johnson; M. Jakobsson & F. Menczer (2007). "Social phishing" (PDF). Commun. ACM. 50 (10): 94–100. doi:10.1145/1290958.1290968. S2CID   15077519 . Retrieved 2013-04-02.
  22. T. N. Jagatic; N. A. Johnson; M. Jakobsson & F. Menczer (2007). "Designing and Conducting Phishing Experiments" (PDF). IEEE Technology and Society Magazine. Retrieved 2013-04-02.
  23. M. Jakobsson & K. Johansson (2010). "Retroactive Detection of Malware With Applications to Mobile Platforms" (PDF). HotSec 2010. Washington, DC. Retrieved 2013-04-02.
  24. Jakobsson, Markus; Juels, Ari (1999). "Proofs of Work and Bread Pudding Protocols". Secure Information Networks: Communications and Multimedia Security. Kluwer Academic Publishers: 258–272. doi: 10.1007/978-0-387-35568-9_18 .
  25. "Andreas Jakobsson".
  26. "Markus Jakobsson: Books, Biography, Blog, Audiobooks, Kindle". Amazon. Retrieved 2013-03-04.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.