Shuman Ghosemajumder on Security and Cyber-Crime

In this week's podcast, professor Barry Burd talks to Shuman Ghosemajumder. Ghosemajumder is VP of product management at Shape Security and former click fraud czar for Google. Ghosemajumder is also the co-author of the book CGI Programming Unleashed, and was a keynote speaker at QCon New York 2016 presenting Security War Stories. Why listen to this podcast: With more of our lives conducted online through technology and information retrieval systems, the use of advanced technology gives criminals the opportunity to be able to do things that they weren't able to do. - Cyber-criminals come from all over the world and every socioeconomic background, so long as there's some level of access to computers and technology. - You see organised cyber-crime focusing on large companies because of the fact that they get a much greater sense of efficiency for their attacks. - Cyber-criminals are getting creative, and coming up with ways to interact with websites we haven't thought of before. - You can have very large scale attacks that are completely invisible from the point of view of the application that's being attacked. - The context of what are you are using software for is more important than just going through an understanding of the code level vulnerability. Notes and links can be found on http://bit.ly/2atBFgk The People Behind Cyber-Crime 5:28 - There are all kinds of different personalities and demographics involved. Cyber-criminals come from all over the world and every socioeconomic background, so long as there's some level of access to computers and technology. Even in cases where a cyber criminal doesn't know how to use technology directly, or how to create something like a piece of malware, they can still be involved in a cyber-criminal's scheme. 6:29 - A scheme which uses large groups of individuals and which doesn’t necessarily need to have skills itself, is stealing money from bank accounts. Being able to transfer money using malware on people’s machines from one account to another account that the cyber-criminal controls still involves getting that money out. That last step can involve a set of bank accounts that are assigned to real individuals. More on this: Quick scan our curated show notes on InfoQ. http://bit.ly/2atBFgk You can also subscribe to the InfoQ newsletter to receive weekly updates on the hottest topics from professional software development. http://bit.ly/24x3IVq