SlideShare a Scribd company logo

HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash

Hackito Ergo Sum
Hackito Ergo Sum
Technology
1 of 37
Download to read offline
Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash Yuval Vadim Polevoy – Hackito Ergo Sum 2011
Agenda A bit of nostalgia Listening to the wind of change Fraudsters going brutal Security industry catching up Fraudsters prepare to take the next leap
Geek Viruses My virus beats your virus! Naïve exploitation of poorly written systems Fun oriented Developed by „Basement Dwellers‟ in spare time No financial gain
Business Viruses – Brave New World Fun turns to profit Financially oriented: • Clickers • Espionage • Ransomeware • Financial Crimeware Developed by underground companies as a fully commercial software
Financial Crimeware Basic Idea: • Obtain login credentials • “Keep it secret – keep it safe!” – Gandalf The Gray • Login using stolen data • Buy / sell stocks • Pay your bills • Transfer some cash to your grandma
Getting From A to B Phishing Pharming
Getting From A to B Phishing Pharming
Getting From A to B Phishing Pharming
Getting From A to B - cont Field injection
Getting From A to B - cont Field injection
Simple, right? WRONG! Detection: • Each action is logged • Bills have names • And so do bank accounts
Simple, right? WRONG! Prevention: • User profiling • Device Profiling • Timing Tests • Geo positioning • Two-factor authentication • Drop-point shutdown
Simple, right? WRONG! Technology: • Bot • Infecting correct victims • Obtaining and maintaining a drop-point: • DNS • Storage • Uptime
War it is! Small transfers Short distance transfers – branch and/or location Mules Bullet-proof hosting Socks Fast-flux
Mules Unsuspecting 3rd party doing the dirty work Setup phony company webpage Hire people to “cash out” the stolen money • Either transfer cash via Cash wiring services etc OR • Buy goods and ship them over OR • Login to online gambling sites and “loose”
Mules - cont Mules cannot be punished Two steps plan for successful “cashing out”: • Have more Mules than Bots • Come up with creative and untraceable way to transfer cash / goods
Mules - cont 1,925 applied
Mules - cont
Mules - cont
Two-Factor Authentication First secret considered to be compromised Second secret on a decoupled medium Internet Math: User knows it + User has Trojan = I knows it! I, for one, welcome our new Man-In-The-Browser (MITB) Overlords
MITB Usage Spot user-initiated money transfer Replace destination Bank Account with your Account / Mule‟s Account Sit back and let the user do all the authentication for you • (Have a beer!)
MITB Advanced Usage Spot user-requested history view Replace „hijacked‟ transfers with their original destination Open an iframe in the background, Initiate money transfers on your own • If encountered two-factor authentication – relay it to the user
Operation Overview Bot Infection campaign Drop-point Bot-plugins Hiring Mules Managing Mules Establishing covert channels for “cashing out” Maintaining Fast-Flux - Optional
Required Skill Set Low-level programmer Spammer / 0-day researcher Hosting owner Javascript programmer HR recruiter E-commerce expert IT specialist - Optional Simple, right?
War it is, Take II Security industry catching up Keyboard sniffers are tackled with Virtual On-Screen keyboards MITB getting a lot of attention • Obfuscating documents to prevent HTML injections • High-logic tests to determine the origin of the request
Divide and Conquer Obviously not a one-man-gig Function based approach • Or is it „outsourcing‟? A multi-stage cross-border sting operation • Now Hiring: VP of Operations for an international money stealing venture In Soviet Russia, criminals cyber you • The Al Capone of the Digital Age
Criminals Cyber You
Outsourcing Bots
Outsourcing Drop Points
Fraud “Customer Care”
Screen, the Final Frontier
Screen, the Final Frontier
Russ ZeuS Hamilton A wide range of online games where „seeing‟ the opponents screen guarantees winning • A subset of these involves real money gambling The other side doesn‟t know you‟re cheating • The perfect theft! • In case you keep low profile, of course Also takes care of Virtual Keyboards!
Screen Scraping More than one way to get it done • Which way to protect? Cannot be hermetically monitored No attention • Various programs use screen capturing to display advanced visual effects The new cat-n-mouse game
Screen Scraping POC
Final Thoughts
Thank you!

Recommended

The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystemamiable_indian
 
Money Mule Thesis_Brenda Arevalo
Money Mule Thesis_Brenda ArevaloMoney Mule Thesis_Brenda Arevalo
Money Mule Thesis_Brenda ArevaloBrenda C. Arevalo
 
Ajeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasAjeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasUISGCON
 
Mules
MulesMules
MulesLindsay Galvin
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
The Quiet Rise of Account Takeover
The Quiet Rise of Account TakeoverThe Quiet Rise of Account Takeover
The Quiet Rise of Account TakeoverIMMUNIO
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeRafel Ivgi
 
Internet scams
Internet scamsInternet scams
Internet scamsSurashree Sahasrabudhe
 

Recommended

The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystemamiable_indian
 
Money Mule Thesis_Brenda Arevalo
Money Mule Thesis_Brenda ArevaloMoney Mule Thesis_Brenda Arevalo
Money Mule Thesis_Brenda ArevaloBrenda C. Arevalo
 
Ajeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasAjeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasUISGCON
 
Mules
MulesMules
MulesLindsay Galvin
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
The Quiet Rise of Account Takeover
The Quiet Rise of Account TakeoverThe Quiet Rise of Account Takeover
The Quiet Rise of Account TakeoverIMMUNIO
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeRafel Ivgi
 
Internet scams
Internet scamsInternet scams
Internet scamsSurashree Sahasrabudhe
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Sec Tor Towards A More Secure Online Banking
Sec Tor Towards A More Secure Online BankingSec Tor Towards A More Secure Online Banking
Sec Tor Towards A More Secure Online BankingNick Owen
 
Cybercrime
CybercrimeCybercrime
Cybercrimedeepika28g
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerSteve Poole
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareFelipe Prado
 
Day 2
Day 2Day 2
Day 2sefreed
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersAlbert Hui
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
 
Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)Jay Visavadiya
 
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionLunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionTransUnion
 
Reboot Money
Reboot MoneyReboot Money
Reboot MoneyPelle Braendgaard
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!Halo Metrics
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsVi Tính Hoàng Nam
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud ComputingMitesh Katira
 
Online banking trojans
Online banking trojansOnline banking trojans
Online banking trojansAndre N. Klingsheim
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Fraud in bank
Fraud in bankFraud in bank
Fraud in bankPawanKumarJha7
 
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHackito Ergo Sum
 
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHackito Ergo Sum
 

More Related Content

Similar to HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash

Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Sec Tor Towards A More Secure Online Banking
Sec Tor Towards A More Secure Online BankingSec Tor Towards A More Secure Online Banking
Sec Tor Towards A More Secure Online BankingNick Owen
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerSteve Poole
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareFelipe Prado
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersAlbert Hui
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
 
Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)Jay Visavadiya
 
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionLunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionTransUnion
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!Halo Metrics
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsVi Tính Hoàng Nam
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud ComputingMitesh Katira
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 

Similar to HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash (20)

Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Sec Tor Towards A More Secure Online Banking
Sec Tor Towards A More Secure Online BankingSec Tor Towards A More Secure Online Banking
Sec Tor Towards A More Secure Online Banking
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
 
Day 2
Day 2Day 2
Day 2
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New Frontiers
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
 
Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)
 
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionLunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
 
Reboot Money
Reboot MoneyReboot Money
Reboot Money
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card frauds
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 
Online banking trojans
Online banking trojansOnline banking trojans
Online banking trojans
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Fraud in bank
Fraud in bankFraud in bank
Fraud in bank
 

More from Hackito Ergo Sum

HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHackito Ergo Sum
 
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHackito Ergo Sum
 
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profitHES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profitHackito Ergo Sum
 
HES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHackito Ergo Sum
 
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHackito Ergo Sum
 
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHackito Ergo Sum
 
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHackito Ergo Sum
 
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARFHES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARFHackito Ergo Sum
 
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor PerspectiveHES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor PerspectiveHackito Ergo Sum
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...Hackito Ergo Sum
 
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X SandboxHES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X SandboxHackito Ergo Sum
 
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7Hackito Ergo Sum
 
HES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet YouHES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet YouHackito Ergo Sum
 

More from Hackito Ergo Sum (13)

HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
 
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
 
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profitHES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
 
HES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you can
 
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
 
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
 
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
 
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARFHES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
 
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor PerspectiveHES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X SandboxHES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
 
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
 
HES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet YouHES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet You
 

Recently uploaded

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash

  • 1. Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash Yuval Vadim Polevoy – Hackito Ergo Sum 2011
  • 2. Agenda A bit of nostalgia Listening to the wind of change Fraudsters going brutal Security industry catching up Fraudsters prepare to take the next leap
  • 3. Geek Viruses My virus beats your virus! Naïve exploitation of poorly written systems Fun oriented Developed by „Basement Dwellers‟ in spare time No financial gain
  • 4. Business Viruses – Brave New World Fun turns to profit Financially oriented: • Clickers • Espionage • Ransomeware • Financial Crimeware Developed by underground companies as a fully commercial software
  • 5. Financial Crimeware Basic Idea: • Obtain login credentials • “Keep it secret – keep it safe!” – Gandalf The Gray • Login using stolen data • Buy / sell stocks • Pay your bills • Transfer some cash to your grandma
  • 6. Getting From A to B Phishing Pharming
  • 7. Getting From A to B Phishing Pharming
  • 8. Getting From A to B Phishing Pharming
  • 9. Getting From A to B - cont Field injection
  • 10. Getting From A to B - cont Field injection
  • 11. Simple, right? WRONG! Detection: • Each action is logged • Bills have names • And so do bank accounts
  • 12. Simple, right? WRONG! Prevention: • User profiling • Device Profiling • Timing Tests • Geo positioning • Two-factor authentication • Drop-point shutdown
  • 13. Simple, right? WRONG! Technology: • Bot • Infecting correct victims • Obtaining and maintaining a drop-point: • DNS • Storage • Uptime
  • 14. War it is! Small transfers Short distance transfers – branch and/or location Mules Bullet-proof hosting Socks Fast-flux
  • 15. Mules Unsuspecting 3rd party doing the dirty work Setup phony company webpage Hire people to “cash out” the stolen money • Either transfer cash via Cash wiring services etc OR • Buy goods and ship them over OR • Login to online gambling sites and “loose”
  • 16. Mules - cont Mules cannot be punished Two steps plan for successful “cashing out”: • Have more Mules than Bots • Come up with creative and untraceable way to transfer cash / goods
  • 17. Mules - cont 1,925 applied
  • 20. Two-Factor Authentication First secret considered to be compromised Second secret on a decoupled medium Internet Math: User knows it + User has Trojan = I knows it! I, for one, welcome our new Man-In-The-Browser (MITB) Overlords
  • 21. MITB Usage Spot user-initiated money transfer Replace destination Bank Account with your Account / Mule‟s Account Sit back and let the user do all the authentication for you • (Have a beer!)
  • 22. MITB Advanced Usage Spot user-requested history view Replace „hijacked‟ transfers with their original destination Open an iframe in the background, Initiate money transfers on your own • If encountered two-factor authentication – relay it to the user
  • 23. Operation Overview Bot Infection campaign Drop-point Bot-plugins Hiring Mules Managing Mules Establishing covert channels for “cashing out” Maintaining Fast-Flux - Optional
  • 24. Required Skill Set Low-level programmer Spammer / 0-day researcher Hosting owner Javascript programmer HR recruiter E-commerce expert IT specialist - Optional Simple, right?
  • 25. War it is, Take II Security industry catching up Keyboard sniffers are tackled with Virtual On-Screen keyboards MITB getting a lot of attention • Obfuscating documents to prevent HTML injections • High-logic tests to determine the origin of the request
  • 26. Divide and Conquer Obviously not a one-man-gig Function based approach • Or is it „outsourcing‟? A multi-stage cross-border sting operation • Now Hiring: VP of Operations for an international money stealing venture In Soviet Russia, criminals cyber you • The Al Capone of the Digital Age
  • 31. Screen, the Final Frontier
  • 32. Screen, the Final Frontier
  • 33. Russ ZeuS Hamilton A wide range of online games where „seeing‟ the opponents screen guarantees winning • A subset of these involves real money gambling The other side doesn‟t know you‟re cheating • The perfect theft! • In case you keep low profile, of course Also takes care of Virtual Keyboards!
  • 34. Screen Scraping More than one way to get it done • Which way to protect? Cannot be hermetically monitored No attention • Various programs use screen capturing to display advanced visual effects The new cat-n-mouse game