I’m currently working with Professor Nick Nikifarakis who is applying his research and existing tools into online scams and cybersecurity into the Cardano ecosystem.
His current Twitter Cardano Phishing Bot provides the results of discovered scams and takedowns that have been initiated. As a result, the bot has taken down over 200 scams successfully creating disruption to these scammers and hopefully protecting more people from being scammed.
He’s has submitted his Catalyst proposal on IdeaScale and would love to get feedback for what we’re planning on unleashing on these scammers.
This is the plan thus far:
-
Expand sources of suspicious domain names, past zone files, including the use of Certificate Transparency Logs and YouTube. We’ll need to build continuous integration pipelines to fetch daily lists of domain names, build YouTube bots capable of screen scraping and OCR-ing videos (in search of domains embedded in scam videos), and then dispatching armies of crawlers towards the identified destinations.
-
Work on anti-evasion mechanisms before they become an issue. We anticipate that scammers operating these scams will have every reason to evade our proposed bots (detect that we are visiting them and show us benign content). Our anti-evasion mechanisms will revolve around geographical diversity (so that a single IP address cannot be blocked), diversity of crawling software, and other anti-fingerprinting techniques that we will incorporate into our tools. The PI (Nick Nikiforakis) is an academic with 15 years of cybersecurity experience and has built a large number of bots for discovering online malicious content ranging from phishing pages to technical support scams.
-
Isolate intelligence content. Other than just reporting the discovered malicious websites, we will work on isolating parts of them, such as the advertised wallet addresses. We will make lists of malicious wallet addresses available to wallet software and online exchanges so that new users can be warned when they are about to send money to them, and given a chance to read more about giveaway scams. Similarly, we will create lists of malicious IP addresses and domain names that will be available to hosting providers, ISPs, registrars, and operators of blocklists such as OpenPhish, Phishtank, and Google Safe Browsing.
-
New dedicated UI and APIs. Next to our Twitter account, we will develop a modern web application where users will be able to retrieve lists of malicious URLs, IP addresses, and wallets. The site will also be the API endpoint for all the aforementioned intelligence that will be provided to interested stake holders. Co-PI Peter Bui is an experienced web developer and has connections with multiple wallet providers that we will use to advertise these APIs.
-
Popularization of our tool. The Co-PI of this proposal (Peter Bui) is an operator of a popular Australian Cardano Stake pool and the podcaster behind the “Learn Cardano” Podcast (https://www.youtube.com/channel/UCj-_2e7L2UgHaJLrGEOJRzA). We will use this podcast to not only keep warning new Cardano users (the ones who are the most likely to be attracted to a podcast about learning Cardano) about these scams but also use the reach of this podcast to connect with stakeholders in ISPs, hosting companies, registries, and web-security companies, who can all integrate with our APIs and protect their users.
-
Manual analysis and ML. A stretch goal for this project is the use of supervised machine learning for the final labelling of suspicious web pages. Once our database of known scams sufficiently expands (past say a thousand positive, i.e., scam, samples), we will experiment with supervised machine-learning techniques (such as a Random Forest) to automatically flag the high-confidence scams so that manual analysts can focus their labelling efforts on only a number fraction of suspicious domain names for which the classifier cannot produce a high-confidence label. We have experience using supervised ML for the detection of phishing pages, malware sandboxes, and tech-support scams.
We want to create a safe and scam-free environment for anyone embarking on a journey into crypto and especially Cardano.
Leave a comment, provide some feedback.
https://cardano.ideascale.com/a/dtd/Automated-Phishing-Scam-Detection/367075-48088
At the moment, my team is building out the API and endpoints to get flagged wallet/addresses that have been detected from websites. We’re looking at breadcrumb trails and following the transactions. It’s all on-chain. We’re just connecting the dots. We should be able to see where scammed money is going.
The second part of the API is the flagged websites and domains.
Third-party developers will be able to access the API and alert users in their interfaces when a user is submitting a transaction to a potentially flagged address. A user on Yoroi, when submitting a send transaction will get an alert message letting them know that the address could be a negative address that has been used or is related to a scam.