CS 2550 - Foundations of Cybersecurity

Essay 2: Cybercrime

This project is due at 11:59pm on Tuesday April 3, 2018.

Description and Deliverables

As we have discussed in class, and as you have read in Spam Nation, there are dozens of ways that cybercriminals make money. We have discussed (or will discuss in the future) several of these methods on depth, including pharmaceutical spam, fake anti-virus, Distributed Denial of Service (DDoS), and Pay Per Install (PPI). Sadly, we won't have time to cover any others, which is where this assignment comes in: your job is to research a specific form of cybercrime that is either widespread or emerging, describe how the attack functions, how the criminals monetize the attack, and design mitigations for the threat.

To receive full credit for this project, you will turn in a single document:

  1. A file named report.pdf that includes your report in PDF format.


For this assignment, you may choose which type of crime you would like to research from the list below: If there is another cybercrime related topic that you are really interested in researching, you may send an email to Professor Wilson briefly describing the topic and why you want to write about it. In general, we want you to be excited about the topic you write about, so if you have a passion then let us know!

Your Goal

In this assignment, you are again assuming the role of a cybersecurity consultant. However, rather than focusing on a specific company, your goal is to write a report for a broad audience that describes an emerging threat in the cybersecurity space. This is the kind of report that your consulting firm might post on their website to inform potential clients and drive business; alternatively, perhaps its the kind of report that you would present to the executives at your firm to help explain a new threat and highlight the potential for your company to develop and sell novel mitigations.

Regardless of which topic you choose to research, or which perspective you use when drafting your report, there are specific areas that you must cover (these should look very familier):

The above outline is not meant to be strict. You may organize your report as you see fit. You may embellish your document as you see fit with citations, images, diagrams, etc.

Also note that this report will rely much more heavily on research than Essay 1. Thus, we expect a larger number of citations to support your research. Citations to sources of questionable quality, like Wikipedia, are forbidden.

The document should be at most 2,500 words, which is roughly 4 pages of single-spaced, size 10 font text. Shorter documents are acceptable, so long as they are complete and thorough.

Bootstrapping Your Research

Several of the topics have been studied by academic security researchers. These papers are all by top academics in the field, and may provide useful information for your own work. Unfortunately, some of these papers are behind publisher paywalls. You should be able to access these papers from anywhere on campus since Northeastern pays for access, but you may not be able to access them from off-campus.

Also, as far as I know, Coinhive-based attacks are so new that they have yet to be studied academically.

Submitting Your Project

Before turning in the project, you must register yourself for our grading system using the following command:
$ /course/cs2550/bin/register-student [NUID]
NUID is your Northeastern ID number, including any leading zeroes. This command is available on all of the Khoury College lab machines.

To turn-in your project, you must submit exactly one file:

which is a PDF formated document. This file should be placed in a directory. You submit your project by running the turn-in script as follows:
$ /course/cs2550/bin/turnin essay2 <project directory>
where <project directory> is the name of the directory with your submission. The script will print out every file that you are submitting, so make sure that it prints out all of the files you wish to submit! The turn-in script will not accept submissions that are missing a strategy.pdf file. You may submit as many times as you wish; only the last submission will be graded, and the time of the last submission will determine whether your assignment is late.

At any time, you can run the following command to see all of your current grades for projects, essays, quizzes, and tests.

$ /course/cs2550/bin/gradesheet


This project is worth 9% of your final grade, broken down as follows (out of 100): Points can be lost for turning in files in incorrect formats (e.g. not PDF) and failing to follow specified formatting or length conventions.