Scheduled for presentation at The Ninth Workshop on the Economics of Information Security at Harvard University, the report by the International Secure Systems Lab takes a security-centric look at online adult and analyzes a number of unique business practices — in some cases based upon hands-on experience.
"The online adult industry is among the most profitable business branches on the Internet, and its [websites] attract large amounts of visitors and traffic. Nevertheless, no study has yet characterized the industry's economical and security-related structure. As cyber-criminals are motivated by financial incentives, a deeper understanding and identification of the economic actors and interdependencies in the online adult business is important for analyzing security-related aspects of this industry," states the report's abstract, which analyzes "the different economic roles that adult [websites] assume, and highlight their economic and technical features."
According to its publishers, the report offers insights into today's opportunities for cybercriminals, based upon "a combination of automatic and manual analysis techniques [used] to investigate the economic structure of the online adult industry and its business cases."
The group developed and deployed its own adult websites to gather information "to gain a better understanding of the flow of visitors to these sites and the related cash flow," allowing it to "report on the lessons learned while operating adult [websites] on our own."
"Our evaluation shows that many adult [websites] try to mislead and manipulate their visitors, with the intent of generating revenue. To this end, a wide range of questionable techniques are employed, and openly offered as business-to-business services," the report concludes. "The tricks that these [websites] employ range from simple obfuscation techniques such as relatively harmless blind links, over convenience services for typo-squatters, to sophisticated redirector chains that are used for traffic trading. Additionally, the used techniques have the potential to be exploited in more harmful ways, for example by facilitating CSRF attacks or click-fraud."
Founded in 2005 at the Technical University of Vienna, the International Secure Systems Lab includes facilities at the Institute Eurécom on the French Riviera and at the University of California, Santa Barbara. According to its website, the group's focus is on "applied computer security, with a recent emphasis on web security, malware analysis, intrusion detection, and vulnerability analysis.