Twitter obviously is a popular platform for communicating and exchanging information. Its popularity, as well as the open API and platform, makes it easy for attackers to exploit and use as a means for efficient distribution of malicious activity. Barracuda Labs has been collecting Twitter data for more than two years and has analyzed more than 20 million user accounts. In this talk, we discuss our findings about the scale and history of malicious activity on Twitter. We measure the Twitter Crime Rate from its inception in 2006 to present day, and then demonstrate how attackers respond rapidly to the large increases of users driven by celebrity attention on Twitter. We also review types of attacks that have been used on Twitter ranging from trending topics poisoning to URL shortener-based attacks. The session then presents work towards building a user-reputation system to statistically identify accounts that resemble fake attacker accounts.
Dr. Paul Q. Judge serves as chief research officer and vice president of cloud services at Barracuda Networks. In this role, he leads the Barracuda Labs threat intelligence team and is responsible for application security, Web threat, intrusion and anti-spam intelligence for over 100,000 appliances deployed worldwide. He was co-founder and chief technology officer at Purewire, a Web security SaaS vendor acquired by Barracuda Networks in October 2009. Previously he served as chief technology officer of CipherTrust and Secure Computing. Dr. Judge is a recognized authority on Internet security, having won numerous honors including InfoWorld Top 25 CTOs, Atlanta Power 30 under 30 and MIT Technology Review Magazine's 100 Top Innovators under 35. He regularly presents at leading conferences and is quoted by national business and technology trade press, and has been awarded 10 patents and has over 20 patents pending. Dr. Judge earned a Ph.D. in Computer Science from Georgia Tech.
David Maynor is a research scientist with Barracuda Labs. He is also co-founder and CTO of Errata Security. Prior to founding Errata Security, he has held positions for both security vendors and organizations in industries such as education and media. Maynor contributes heavily to the ProtoDev program with both proof-of?concept software and newly discovered vulnerabilities. He is an author and sought-after speaker delivering cutting-edge research talks to audiences at conferences including Blackhat, Defcon, ToorCon, Microsoft?s Bluehat and CanSecWest. Maynor has been quoted in technology articles for international news outlets such as The New York Times, CNN and the Fox News Channel. As an author, Maynor has several books to his credit on information security and regularly contributes to Dark Reading, a leading information security news outlet.