mariapao
commented
5 years ago Hi @sekisanchi thank you for submitting your proposal.
We have reviewed the proposal and we agree with you: educational simulated phishing and exploits liability oracle is an important security practice. However, Nest is currently focusing on funding teams working on dev tooling and infrastructure for Ethereum and/or Aragon. Therefore, this proposal is not a fit for the grants program at this moment. The focus of the program may change in the future as the technology evolves. Thus, if in the future you are working on something that is a fit for the program, don't hesitate to apply again.
sekisanchi
Educational simulated phishing and exploits liability oracle
Abstract
Simulated phishing is a tactical educational cyber security practice widely adapted with Enterprises, especially for social engineering attack.
Crypto eco-system as such enterprise can utilize it not only for internal institutional education, but some positive incentive to accelerate mass adaption of decentrlized environment by educating literacy of decentralization norm.
Etherecan. Metamask and Etherscamdb are current blacklisting source available. In those lists, low-tech profile trust-trading scams, "send X to the address then give 10X back” driven by giveaway phishing kits are the majority of them. The simulated phishing contract simply replace the address.
(example: Exchange tweets reply attack by fake account, a scam claiming airdrop: https://urlscan.io/result/836ae71e-c269-421d-b8eb-2bc3d97c3463/ Landing page of the phishing scam:
https://urlscan.io/result/42c43753-5a1d-4ce7-bcbb-057c39b0c66d/ )
Having campaigns with the contract driven by bounty, and an oracle represent liability of exploits, we may provide an option to those who in current scams whether go into fraudulence or ecosystem safety, let’s say ROI including risk by regulator’s action like prosecution. It also warn exchanges to strengthen their awareness to protect newbie users from exploits, since current black listed account often transaction includes their wallets.
The liability oracle also incentivize black listing and counter exploit activities crowd sourced by mturk like sourcing, with properly designed pipeline process and reward, It’s not limited, but such a activities includes my phishtank 3000+ submission during a few month, as logistic compensation of current black listing services. https://www.phishtank.com/user_submissions.php?username=seki
Those are the first step toward DAO driven fraudulent-free ecosystem governance.
Deliverables
A simulated phishing contract (applicable to specific beneficiary and/or whole ecosystem)
Pilot deployment run of the contract for public and/or membership services (exchanges)
Kick-off initiative or aggregated collaborative service for anti-fraudulent blacklisting with liability measure, to administrate the simulated phishing.
(Optional or seperate proposal ) Exploits Insurance framework for fiat/crypto exchanges
Grant size
Funding: $30K seed to cover overall planning/design and coordination, initial sourcing/hiring. (7K labor + 3K expense * 3 month)
Up to $200k in ETH, split into chunks paid out over achieved deliverables, defined by phased plan later.
Success reward: Up to $100k in ANT, given out when all deliverables are ready, especially for initiative members (TBD)
Application requirements
Simulated phishing smart contract flow Whole operations can be emulated by fake screens only presentation as it easily can be imagined. Having real transaction would be better for educational purpose, and there are several options, like using livepeer to stream the video or two step operation by packed refundable escrow Ether. It'll be decided upon target audience on the pilot run
Details of the team members:
Kazunori Seki https://www.linkedin.com/in/sekisan/
Since last year, voluntarily assisting counter exploits of slack phishing DMs, and then helping some background task for black listing occationally. Recently fully participating counter phishing actions, loosely connected with ESDB/EAL, Metamask and Etherscan to stimulate legacy cyber security network to aware crypto exploits and hands on field research of my own as logistics process.
Former mainframe communication device and PC hardware designer/programer and brand business manager.
Development timeline
The development timeline will be the following one in regards to each deliverable: