Is Everything We Know About Password Stealing Wrong?
Date: November 2012
Publication: IEEE Journal of Security & Privacy, Volume 10, Issue 6
Page(s): 63 - 69
Source 1: http://research.microsoft.com/pubs/161829/EverythingWeKnow.pdf
Source 2: http://dx.doi.org/10.1109/MSP.2012.57 - Subscription or payment required
Abstract or Summary:
Federal Reserve Regulation E guarantees that US consumers are made whole when their bank passwords are stolen. The implications lead us to several interesting conclusions. First, emptying accounts is extremely hard: transferring money in a way that is irreversible can generally only be done in a way that cannot later be repudiated. Since password-enabled transfers can always be repudiated this explains the importance of mules, who accept bad transfers and initiate good ones. This suggests that it is the mule accounts rather than those of victims that are pillaged. We argue that passwords are not the bottle-neck, and are but one, and by no means the most important, ingredient in the cyber-crime value chain. We show that, in spite of appearances, password-stealing is a bad business proposition.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.