TITLE Understanding online criminals: Two years of trawling for drugs and pornography on the Internet ABSTRACT Online crime has undergone an extremely rapid growth in the past decade, and understanding it from an economic and operational standpoint has become a key to trying to turn the tide. In this talk, I will describe two measurement studies that we have conducted to that effect over the past two years. I first examine ``One Click Fraud,'' an online confidence scam that has been plaguing an increasing number of Japanese Internet users, in spite of new laws and the mobilization of police task forces. In this scam, the victim clicks on a link presented to them, only to be informed that they just entered a binding contract and are required to pay a registration fee for a service. Even though no money is legally owed, a large number of users prefer to pay up, because of potential embarrassment due to the type of service ``requested'' (primarily pornographic goods). Using public reports of fraudulent websites as a source of data, we analyze over 2,000 reported One Click Frauds incidents. By correlating several attributes (WHOIS data, bank accounts, phone numbers, malware installed...), we discover that a few fraudsters are seemingly responsible for a majority of the scams, and evidence a number of loopholes these miscreants exploit. The second case study is an investigation of how web search results are manipulated to promote the unauthorized sale of prescription drugs. I will focus on a particular attack where high-ranking websites are compromised to dynamically redirect users to different pharmacies depending on the particular search terms used. Based on our collection of nine months worth of results returned daily by over 200 different queries, I will offer several insights into the nature and dynamics of this form of search engine manipulation, and into the online trade of prescription drugs in general. In particular, I will show that search engine manipulation is considerably much more efficient for attackers than traditional advertising vectors (e.g., spam). Time permitting, I will discuss how similar tactics are also being used in the promotion of counterfeit software. BIO Nicolas Christin is a systems faculty at Carnegie Mellon University, with appointments in the Information Networking Institute, CyLab, Electrical and Computer Engineering, and Engineering and Public Policy. He holds a Diplome d'Ingenieur from Ecole Centrale Lille, and M.S. and Ph.D. degrees in Computer Science from the University of Virginia. After a postdoc in the School of Information at the University of California, Berkeley, he joined Carnegie Mellon in 2005. He served for three years as resident faculty at CMU CyLab Japan, before returning to Carnegie Mellon's main campus in 2008. His research interests are in computer and information systems networks; most of his work is at the boundary of systems and policy research, with a slant toward security aspects. He has most recently focused on online crime, security economics, and psychological aspects of computer security. He equally enjoys field measurements and formal modeling.