Why AI is the key to robust anti-abuse defenses
This post explains why artificial intelligence (AI) is the key to building anti-abuse defenses that keep up with user expectations and combat increasingly sophisticated attacks. This is the first post of a series of four posts dedicated to provide a concise overview of how to harness AI to build robust ... Read More
How to successfully harness AI to combat fraud and abuse
While machine learning is integral to innumerable anti-abuse systems including spam and phishing detection, the road to reap its benefits is paved with numerous abuse-specific challenges. Drawing from concrete examples this session will discuss how these challenges are addressed at Google and providea roadmap to anyone interested in applying machine ... Read More
Taking down Gooligan part 3 — monetization and clean-up
This post provides an in-depth analysis of Gooligan monetization schemas and recounts how Google took it down with the help of external partners. This post is the final post of the series dedicated to the hunt and take down of Gooligan that we did at Google in collaboration with Check ... Read More
Taking down Gooligan: part 2 — inner workings
This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The first post ... Read More
Taking down Gooligan: part 1 — overview
This series of posts recounts how, in November 2016, we hunted for and took down Gooligan, the infamous Android OAuth stealing botnet. What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. At its peak, Gooligan had hijacked over 1M OAuth ... Read More
Hunting down Gooligan — retrospective analysis
This talk provides a retrospective on how during 2017 Check Point and Google jointly hunted down Gooligan – one of the largest Android botnets at the time. Beside its scale what makes Gooligan a worthwhile case-study is its heavy reliance on stolen oauth tokens to attack Google Play’s API, an ... Read More
Insights about the first three years of the Right To Be Forgotten requests at Google
The "Right To Be Forgotten" (RTBF) is the landmark European ruling that governs the delisting of personal information from search results. This ruling establishes a right to privacy, whereby individuals can request that search engines delist URLs from across the Internet that contain “inaccurate, inadequate, irrelevant or excessive” information surfaced ... Read More
Three years of the Right to be Forgotten
The “Right to be Forgotten” is a privacy ruling that enables Europeans to delist certain URLs appearing in search results related to their name. In order to illuminate the effect this ruling has on information access, we conduct a retrospective measurement study of 2.4 million URLs that were requested for ... Read More