FOSDEM '10 is a free and non-commercial event organized by the community, for the community. Its goal is to provide Free and Open Source developers a place to meet. No registration necessary.


Interview: Richard Clayton

Richard Clayton will give a talk about evil on the internet at FOSDEM 2010.

Could you briefly introduce yourself?

I'm Dr Richard Clayton, and I'm a security researcher in the Computer Laboratory of the University of Cambridge.

What will your talk be about, exactly?

I'm going to talk about various sorts of scam websites that you can find on the Internet, and explain a bit about them.

Everyone knows about "phishing" (websites that impersonate real banks) and the illegal online pharmacies, but may not have looked closely at some of the details... and people are seldom aware of the totally fake banks, or the ponzi schemes -- where everyone knows that they're a scam! Even the people handing over their money!

What do you hope to accomplish by giving this talk ? What do you expect?

I hope to make people a little bit more aware of what's going on, so that when they or their friends or family come across these sites, it's a little less likely that they'll hand over their money.

How did you become interested in all sorts of "evil on the internet"?

I've been worrying about email spam for more than a decade -- back when, as an "early adopter" I used to get 100 spam emails a month, and I was concerned that other people might get that many as well. I now, by the way, get around 30 a minute.

I still investigate spam, but for the past three years I've been tracking phishing websites, and -- along with Tyler Moore -- working out what factors affect their longetivity: why some sites are removed much faster than others.

What are the most worrying trends you see in this domain?

I'm disappointed by how few of the scammers are caught and prosecuted.

Is educating people about scams enough to fight against it?

It entirely depends on the scam.

Once I've explained how a lottery scam works, then you should never fall for it. However, I really don't think it's realistic to expect to be able to train people to tell a fake bank website (a phishing site) apart from the real one.

What's the role of social networks with respect to evil on the internet?

There are now some specialist scams, designed to work on social networks, of which the Facebook "Lost in London" is the best known.

How can free and open source software help us fight against evil on the internet?

It tends to be data that's needed, not software per se. However, I'm a great admirer of some of the open source spam filtering systems, they're flexible enough to let me explain to them that I'm not interested in seeing emails that sell me Viagra, but that I've a professional interest in phishing emails, and money mule recruitment campaigns, so please could those not be blocked, and arrive in my inbox so that I can tell what's going on.

Have you attended previous FOSDEM editions?

My first time. I hear that there is beer!

Creative Commons License
This interview is licensed under a Creative Commons Attribution 2.0 Belgium License.