System and method for deterring rogue users from attacking protected legitimate users

US 20060161989A1
Filed: 12/12/2005
Published: 07/20/2006
Est. Priority Date: 12/13/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of deterring rogue cyber activity against protected legitimate users (PLUs), the method comprising:

sending a warning to a rogue user (RU) determined to have targeted or attacked a PLU with rogue cyber activity;

detecting the RU has ignored the warning; and

deploying an active deterrence mechanism to thereby deter the RU from engaging in subsequent rogue cyber activity against the PLU.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An active deterrence method and system deter rogue cyber activity targeting one or more protected legitimate users (PLUs). Methodologies and/or techniques are included to establish a PLU registry and/or enable a PLU to bear an identifying mark; detect rogue cyber activity; issue warnings to one or more rogue users (RUs) that target or attack PLUs with the detected rogue cyber activity; detect non-complying RUs that ignore or otherwise fail to comply with the warnings; and deploy one or more active deterrence mechanisms against the non-complying RUs. One active deterrence mechanism includes deploying a plurality of scripts to each PLU, and executing the scripts to issue complaints and request the non-complying RUs to clean their mailing lists of all PLUs. Other active deterrence mechanisms include alerting unaware business affiliates of the RUs, and notifying victims or law enforcement authorities of unlawful rogue cyber activity.

Citations

58 Claims

1. A method of deterring rogue cyber activity against protected legitimate users (PLUs), the method comprising:
- sending a warning to a rogue user (RU) determined to have targeted or attacked a PLU with rogue cyber activity;
  
  detecting the RU has ignored the warning; and
  
  deploying an active deterrence mechanism to thereby deter the RU from engaging in subsequent rogue cyber activity against the PLU.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 2. The method according to claim 1, further comprising:
    - maintaining a do-not-communicate registry of communication descriptors for the PLUs, wherein the communication descriptors include at least one of an email address, an email domain, an IP address, or an instant message address.
  - 3. The method according to claim 1, further comprising:
    - maintaining a do-not-damage registry of assets for the PLUs, wherein the assets include at least one of a brand name, a customer base, a web site, or an IP address.
  - 4. The method according to claim 1, wherein said sending comprises:
    - providing a PLU registry to the RU.
  - 5. The method according to claim 4, wherein said sending further comprises:
    - receiving a first request from at least one of the PLUs to receive electronic communications from the RU;
      
      receiving a second request from the at least one of the PLUs to block electronic communications from a second RU; and
      
      modifying the PLU registry to thereby allow the second RU to receive a different PLU registry from the PLU registry provided to the RU according to PLU preferences.
  - 6. The method according to claim 4, wherein said providing a PLU registry comprises:
    - accessing a list of communication descriptors for electronic communications with the PLUs;
      
      converting the communication descriptors to a hashed format, wherein said converting includes limiting a number of bits in the hashed format to cause a predetermined quantity of collisions; and
      
      populating the PLU registry with the communications descriptors in the hashed format.
  - 7. The method according to claim 6, wherein said providing a PLU registry comprises:
    - deriving an artificial communication descriptor from the list of communication descriptors; and
      
      populating the PLU registry with the artificial communication descriptor.
  - 8. The method according to claim 1, wherein said sending comprises:
    - contacting the RU and at least one business partner of the RU via an available communications channel;
      
      delivering the warning manually or automatically; and
      
      providing one or both of the RU and the at least one business partner with means for canceling subsequent rogue cyber activity against the PLU to thereby immediately avoid execution of said deploying an active deterrence.
  - 9. The method according to claim 8, wherein the available communications channel includes at least one of an email, a web form, a telephone number, or a fax number.
  - 10. The method according to claim 1, wherein said sending comprises:
    - including the warning within a communications protocol used between the RU and the PLU to identify the PLU to the RU as being protected, wherein said communications protocol includes SMTP, HTTP, or DNS.
  - 11. The method according to claim 1, wherein said detecting comprises:
    - collecting evidence of rogue cyber activity from one or more RUs, wherein said collecting is executed during a performance of rogue cyber activity or subsequent to the performance of rogue cyber activity.
  - 12. The method according to claim 11, wherein said collecting comprises:
    - infiltrating the infrastructure of the one or more RUs with a device or application adapted to collect evidence of rogue cyber activity without enabling communications with the one or more PLUs.
  - 13. The method according to claim 11, wherein said collecting comprises:
    - detecting one or more involved entities (IEs) in the rogue cyber activity.
  - 14. The method according to claim 13, wherein said collecting further comprises:
    - rejecting attempts by the one or more RUs to frame an innocent bystander as one of the IEs.
  - 15. The method according to claim 13, wherein said collecting further comprises:
    - receiving and analyzing a rogue advertisement to create a list of the one or more IEs.
  - 16. The method according to claim 15, wherein said receiving and analyzing comprises:
    - extracting an advertiser mentioned in an email spam, a spyware ad, a search engine spam, or an instant message spam.
  - 17. The method according to claim 13, wherein said collecting further comprises:
    - detecting a computer that communicates with an artificial PLU to create a list of the one or more IEs.
  - 18. The method according to claim 13, wherein said collecting further comprises:
    - receiving a list of the one or more IEs from an external source, said external source including at least one of an anti-spam vendor, a blacklist maintainer, or an anti-virus vendor.
  - 19. The method according to claim 13, wherein said collecting further comprises:
    - detecting a business partner of the one or more IEs, said business partner being unaware of the rogue cyber activity of the one or more IEs.
  - 20. The method according to claim 19, further comprising:
    - alerting the business partner to terminate business relations with the one or more IEs.
  - 21. The method according to claim 13, wherein said collecting further comprises:
    - detecting one or more IEs promoting a product or a service of a business without the business having knowledge of the rogue cyber activity of the one or more IEs.
  - 22. The method according to claim 21, further comprising:
    - alerting the business of the rogue cyber activity of the one or more IEs.
  - 23. The method according to claim 13, wherein said collecting further comprises:
    - detecting an illegal action of the one or more IEs.
  - 24. The method according to claim 23, further comprising:
    - alerting a law enforcement agency.
  - 25. The method according to claim 13, wherein said collecting further comprises:
    - detecting an illegal action of the one or more IEs.
  - 26. The method according to claim 25, further comprising:
    - alerting a victim of the illegal action.
  - 27. The method according to claim 13, wherein said collecting further comprises:
    - creating a community of participants to collect data about rogue cyber activity against the PLU and to detect the one or more IEs.
  - 28. The method according to claim 27, wherein said creating a community comprises:
    - creating a distributed network of a plurality of computing devices to identify the one or more IEs.
  - 29. The method according to claim 13, wherein said deploying comprises:
    - limiting available bandwidth for sending communications from the one or more IEs to the PLU to act against the one or more IEs.
  - 30. The method according to claim 13, wherein said deploying comprises:
    - detecting a vulnerability in a communications system of the one or more IEs; and
      
      utilizing the detected vulnerability to restrict communications from the one or more IEs to the PLU to act against the one or more IEs.
  - 31. The method according to claim 13, wherein said deploying comprises:
    - causing the one or more IEs to exhaust communications resources of the one or more IEs.
  - 32. The method according to claim 13, wherein said deploying comprises:
    - causing an IE to exhaust communications resources of another IE.
  - 33. The method according to claim 13, further comprising:
    - complaining or sending an opt-out request to act against the one or more IEs.
  - 34. The method according to claim 13, further comprising:
    - holding a dialog with the one or more IEs to act against the one or more IEs.
  - 35. The method according to claim 13, further comprising:
    - sending a warning to an Internet user after detecting the one or more IEs.
  - 36. The method according to claim 13, further comprising:
    - sending a warning to an Internet user after detecting the Internet user has unwillingly become an IE.
  - 37. The method according to claim 13, further comprising:
    - displaying information for a reputable competitor of the detected one or more IEs.
  - 38. The method according to claim 13, further comprising:
    - publishing information regarding the one or more IEs to an interested party or to the general public.
  - 39. The method according to claim 13, further comprising:
    - implementing a non-standard communication protocol between the PLU and the one or more IEs in an RFC-complaint format.
  - 40. The method according to claim 1, wherein said deploying comprises:
    - utilizing a plurality of artificial PLUs to deter the RU from engaging in subsequent rogue cyber activity against any PLU.
  - 41. The method according to claim 40, wherein said utilizing comprises:
    - providing a listing of the plurality of artificial PLUs to the RU while warning against contacting any of the plurality of artificial PLUs; and
      
      deploying the active deterrence mechanism when the RU is determined to have ignored said warning against contacting.
  - 42. The method according to claim 1, wherein said deploying comprises:
    - sending the active deterrence mechanism to the PLU, wherein the active deterrence mechanism fetches a sequence of commands that, when executed, controls an operation or a function of the PLU, said operation or function being configured to deter the RU.
  - 43. The method according to claim 1, wherein said deploying comprises:
    - sending the active deterrence mechanism to a plurality of the PLUs, wherein the active deterrence mechanism includes a sequence of commands that, when executed, controls an operation or a function at the plurality of PLUs, said operation or function being configured to deter the RU.
  - 44. The method according to claim 1, wherein said deploying comprises:
    - executing the active deterrence mechanism at one or more centrally controlled devices being operated on behalf of the PLUs, wherein the active deterrence mechanism includes a sequence of commands that, when executed, controls an operation or function at the one or more centrally controlled devices, said operation or function being configured to deter the RU.

45. A method of securing protected legitimate users (PLUs) from rogue cyber activity, the method comprising:
- providing a subscription or a service agreement to a PLU;
  
  detecting rogue cyber activity aimed at the PLU; and
  
  deploying an active deterrence mechanism to thereby secure the PLU from subsequent rogue cyber activity from a rogue user (RU) responsible for the detected rogue cyber activity.
- View Dependent Claims (46, 47, 48, 49, 50)
- - 46. The method according to claim 45, wherein said providing comprises:
    - adding the PLU to a PLU registry.
  - 47. The method according to claim 45, wherein said providing comprises:
    - embedding an identifying mark in a communications protocol to identify the PLU.
  - 48. The method according to claim 45, wherein said providing comprises:
    - offering a reduction in detected rogue cyber activity without reducing traffic between the PLU and an entity approved by the PLU.
  - 49. The method according to claim 45, wherein said providing comprises:
    - offering a reduction in detected rogue cyber activity without requiring cooperation from the PLU regarding an installation of equipment at the PLU or a tuning of equipment at the PLU.
  - 50. The method according to claim 49, wherein said providing comprises:
    - offering a reduction in detected rogue cyber activity without requiring payment from the PLU for a limited or an unlimited time period to thereby grow a community of PLUs.

51. A method of servicing protected legitimate users (PLUs) subjected to rogue cyber activity, the method comprising:
- detecting a rogue user (RU) having targeted or attacked a PLU with rogue cyber activity;
  
  analyzing the rogue cyber activity to identify a product or a service being promoted; and
  
  selling advertisement space to a reputable company offering the identified product or service.
- View Dependent Claims (52)
- - 52. The method according to claim 51, further comprising:
    - providing an advertisement to a PLU from the reputable company.

53. A method for reducing harmful effects or maintenance costs of a currently used defensive measure against rogue cyber activity without reducing overall protection against rogue cyber activity, the method comprising:
- deterring a rogue cyber activity targeting a protected legitimate user (PLU);
  
  deploying an active deterrence mechanism to thereby secure the PLU from subsequent rogue cyber activity; and
  
  instructing the PLU to set a sensitivity level of the currently used defensive measure to a lower level, wherein upon execution of said instructing, the harmful effects or maintenance costs of the currently used defensive measure are reduced.

54. A method for lowering costs associated with offering a deterrence service, the method comprising:
- offering a potential consumer an option to become a protected legitimate users (PLU) for free in exchange for the PLU'"'"'s providing a portion of the computing resources of the PLU available to a distributed deterrence platform;
  
  detecting rogue cyber activity aimed at the PLU; and
  
  deploying an active deterrence mechanism over the distribute deterrence platform to thereby secure the PLU from subsequent rogue cyber activity.

55. A method for creating effective registries or identifying marks for a potential protected legitimate user (PLU) before having a PLU as a customer, the method comprising:
- creating a plurality of artificial PLUs;
  
  deriving an artificial communication descriptor or an artificial identifying mark for each of the plurality of artificial PLUs, to thereby produce a plurality of artificial communication descriptors and/or a plurality of artificial identifying marks;
  
  populating a PLU registry with the artificial communication descriptors;
  
  providing the PLU registry or the plurality of artificial identifying marks to a rogue user (RU);
  
  sending a warning to the RU to discourage communications with any member of the PLU registry or any member displaying any of the plurality of artificial identifying marks;
  
  detecting the RU has ignored the warning; and
  
  deploying an active deterrence mechanism when the RU is detected to have ignored the warning.

56. A method for protecting data entries published to one or more hostile parties, the method comprising:
- accessing a list of data entries;
  
  converting the data entries to a hashed format, wherein said converting includes limiting a number of bits in the hashed format to cause a predetermined quantity of collisions and produce a predefined probability of false matches; and
  
  providing the data entries in the hashed format to the one or more hostile parties.
- View Dependent Claims (57, 58)
- - 57. The method according to claim 56, further comprising:
    - adding one or more fake hashes while maintaining the predefined probability of false matches.
  - 58. The method according to claim 56, further comprising:
    - utilizing an exclude list to mark a specific data entry from the list of data entries as a non-entry while maintaining the predefined probability of false matches for the remaining data entries.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Collactive Ltd. (Government of Israel)
Original Assignee
Collactive Ltd. (Government of Israel)
Inventors
Hirsh, Amir, Reshef, Eran

Application Number

US11/302,508
Publication Number

US 20060161989A1
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06Q 10/107 Computer-aided management o...

H04L 63/1441 Countermeasures against mal...

System and method for deterring rogue users from attacking protected legitimate users

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

58 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for deterring rogue users from attacking protected legitimate users

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

58 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links