This invention relates in general to information security, and in particular to systems and methods for internet threat identification, analysis, management, and prevention along with a system and method to monetize the same.
The importance of information security threat identification, analysis, management, and prevention has grown dramatically in recent years and continues to expand. For example, with the increasing use of the Internet and electronic communication, such as e-mail, for business, personal, and entertainment purposes, efficient, safe, accurate, and reliable electronic communication is essential. Without such communications, tremendous economic and other damage can result, and the utility of electronic communication is compromised. Effectively identifying, analyzing, and managing threats to information security is therefore critical.
Spam, piracy, hacking, and virus spreading, for example, represent important and growing threats. Unsolicited bulk e-mails, or “UBEs”, can cause serious loss in many ways. In the business context, one type of UBE, unsolicited email (UCE or “spam”) is distracting, annoying, wastes workers' time, and reduces productivity. It can clog or slow down networks, and spread computer viruses and pornography, leading to further complications and losses. Excessive UBEs may lead to workers disregarding actual solicited e-mail.
UBEs, in addition to their sharp negative effect in a business context, can also have dramatic negative consequences in a social context. Sources of UBEs often prey on children and other susceptible groups, scamming them or threatening their safety and privacy. For example, spam from phony or disreputable drug companies may induce individuals to purchase vital drugs, under false pretenses or claims about the nature, source, or other critical information about the drug that they are purchasing, at great peril to the purchasers and great profit to the scamming company. Other problems caused by UBEs include identity theft, fraudulent advertising, digital piracy, counterfeit products, diverted products, malicious code (virus/trojan) distribution, and digital entertainment piracy.
Systems are known for attempting to deal with information security, spam, piracy, hacking, and virus spreading. For example, some systems simply attempt to determine whether a received e-mail is unsolicited and then filter or block such an UCE. Such systems suffer from a variety of deficiencies. Blocking or filtering spam can be ineffective, since spammers can often easily find ways to avoid or get around the filter, or find another or different way in to a network or computer. Since spam can be sent cheaply in mass quantity, and since spam blocking does nothing to hold the source of the spamming accountable, the source is free to continue spamming. Companies or entities that suffer loss or damage as a result of spam are often without practical recourse, as the spammers often obscure or hide their real identity.
As an example of the above some spam includes an HREF to an URL that causes an image to be displayed. With such spam, even though the image appears to the eye to contain text that may be searched for by a filter, the filter misses the spam because the image contains no electronically formatted text to detect. Additionally, such spam may use a chain of URLs to lead to the image, and the URL causing the image to be displayed can be disabled shortly after the spam is sent, which can make tracking of the source difficult.
Related problems exist in the computer piracy content. For example, identity thieves may use spamming or spoofing, such as e-mails falsely purporting to be from a particular source, like a bank, for example, to collect personal or financial information from deceived recipients. Even if most of the spoofing is blocked or ignored, the thief may gain from what responses are obtained, without losing appreciably from unsuccessful attempts.
Some systems are available which provide limited internal, civil, or governmental enforcement actions against perceived sources of threats. However, these system have many drawbacks. There is no process in the art for gathering large volumes of reliable, court admissible evidence regarding infringing email activity. There is no mechanism for efficiently associating evidence with a refined list of threat sources. Prior art systems are manually intensive especially with regard to evidence/intelligence aggregation, association and presentation. There is also no method for qualifying and quantifying threats posed by a particular activity source.
UBEs are presently costing large companies tens of millions of dollars each year. A single source may be responsible for great damage from spamming, even though the identity of the source may not obvious, and much apparently unrelated spamming all may originate from an individual source.
Thus, there is a need for a method and system which can provide information security threat identification, management, and analysis more effectively than the prior art.