SlideShare a Scribd company logo

nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis

n|u - The Open Security Community
n|u - The Open Security Community

Cyber crime 101: Cost of cyber crime, trends and analysis by Shashidhar C.N & Simran Gambhi

Technology
1 of 37
Download to read offline
Cybercrime – A Tech View & Alternative Perspective 26th February 2011 C N Shashidhar & Simran Gambhir http://null.co.in/ http://nullcon.net/
Cybercrime 101 – A Technology view 26th February 2011 C N Shashidhar http://in.linkedin.com/in/cnshashidhara http://null.co.in/ http://nullcon.net/
The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb. United Nations Interregional Crime & Justice Research Institute, UNICRI – Italy Every new technology opens the door to new criminal approaches Phrack mag, Issue# 64, Article# 13, “Anonymous” http://null.co.in/ http://nullcon.net/ 3
Hackers – Hacker Profiling Project • Wannabe (Lamers) - I wud luv to be a hacker type • Script Kiddies – rely on scripts & programs written by others • Cracker – Technically skilled with malicious intentions • Ethical Hacker – Highly skilled with good intentions – law abiding • QPS (Quiet Paranoid Skilled hacker) – Operate alone – Whitehats / Blackhats • Cyber Warrior/Mercenary – Hacker for hire • Industrial Spy Hacker • Govt. Agent Hacker • Military Hacker – IW specialists 4
Underground Economy Biz Model - 1 6
Underground Economy Biz Model 7
Org Chart of Underground Economy Biz 8
Underground Economy Biz model - 2 9
Cyber Crime Biz model • C2C model – Criminal to Criminal • Cyber crime is the No. 1 criminal activity overtaking drugs in the US in 2009 • Organized as Corporate Biz model –Highly sophisticated syndicates • Russian mafia using business partners & rewarding top performers • Crime as a Service • Crimeware • Carding • Spam • Phishing & Bank frauds – ATM skimming • Pharma scams • Pornography • Criminal ISPs • Counterfeiting • Virtual money • Money Laundering 10
Crime as a Service • Crimeware • Bots, Trojans, Key loggers & Viruses • Zeus Banking trojan/botnet – Customized & delivered as SAAS ; full blown version - $ 700 USD ; • TJ Maxx & Heartland systems attacks – 1 Bln card details compromised - Albert Gonzalez • RBS Worldpay hack – 9.5 $mln USD loss – 4 hackers – Viktor Pleshchuk of St Petersburg arrested in March 2010. Others involved – Sergie Tsurikov of Tallin, Estonia, Oleg Covelin of Chisinau, Moldova & Hacker 3 • Identity theft • Complete Identities for sale – Address, SSN, Bank A/c, Credit Card info – Price $ 1 to $50 per identity, guaranteed Service Level Agreements • Application theft – Using fake identity to open accounts • Account takeover – Masquerade as real owner of account & ask for change in mailing address • Carding – Verifying validity of card data • Spam – Unsolicited mails • Phishing – Emails to user for reset of banking pin • Bank frauds – ATM skimming (video) • Pharma scams • Pornography • Counterfeiting • Virtual money / Digital Cash • eGold • Yandex • Webmoney • Money Laundering 11
Cyber Crime & Infrastructure • 2001 – 2005 – Shadowcrew – Founded in 2002 by Seth Sanders (Kidd), Kim Taylor (MacGyver) & Albert Gonzalez (CumbaJohnny). 4000 members internationally. Carding site busted by US Secret Service in 2004 – Cha0 – Cagatay Evyapan - Turkish – Biggest ATM Skimmer ever – Arrested Sept 2008 12
Cyber Crime & Infrastructure • 2001 – 2005 • Dark Market – The Facebook for Fraudsters • Founded in 2004 by Renukanth Subramaniam (JiLsi), Marcus Keller (Matrix001) & Max Ray Butler (MaxVision & Iceman) – Carders Market – 86 $ mln business – Infiltrated by FBI agent Keith Mularski & shut down in 2008 – JiLsi worked as a Pizza Hut despatch courier by day & used the Java Bean internet café at Wembley as his office for operating on DarkMarket forum. Carried the OS on a USB stick to avoid leaving trails • DarkMarket price list • Trusted vendors on DarkMarket offered a smorgasbord of personal data, viruses, and card- cloning kits at knockdown prices. Going rates were: • Dumps Data from magnetic stripes on batches of 10 cards. Standard cards: $50. Gold/platinum: $80. Corporate: $180. • Card verification values Information needed for online transactions. $3-$10 depending on quality. • Full information/change of billing Information needed for opening or taking over account details. $150 for account with $10,000 balance. $300 for one with $20,000 balance. • Skimmer Device to read card data. Up to $7,000. • Bank logins 2% of available balance. • Credit card images Both sides of card. $30 each. • Embossed card blanks $50 each. • Holograms $5 per 100. • Hire of botnet Software robots used in spam attacks. $50 a day. 13
Cyber Crime & Infrastructure Login page of Darkmarket.ws 14
Cyber Crime & Infrastructure User who is interested in buying access to 3000-4000 infected machines a week. 15
Cyber Crime & Infrastructure "Get more $$$ for your logs" - this user is advertising cashing services for various banks, used to steal money from online bank accounts. Credentials for these accounts have been stolen via keyloggers. 16
Cyber Crime & Infrastructure Distributed-denial-of-service attacks for sale. "This is a great deal on DDOS attacks and cannot be beat by anyone!" 200 "dove" stickers for $1500. "Dove stickers" are VISA credit card holograms. 17
Cyber Crime & Infrastructure • Russian Business Network – Verisign – “Baddest of the Bad” • RBN–2$ bln (08) & 150$ mln rev (06-07) ; Criminal ISP • Bullet proof hosting • Owned by Flyman – nephew of Russian politician • Located at #12, Levashovskiv prospect, 197110, St Petersburg, Russia • Tracked by Law Enforcement agencies • Recruit skilled hackers in Russia for creating malware & exploit 0 days • Mysteriously disappeared on 4th Nov 2007 – Believed to be operating under different names • Google maps image of RBN location 18
Cyber Crime & Infrastructure RBN Group Companies Too Coin Software MicronNet Credolink Eltel SBT Luglink RBN ConnectCom RBN Oinsinvest Eltel2 AkiMon Deltasys Linkey Nevacon Rustelecom Silvernet 19
Cyber Crime & Infrastructure • Russian Business Network 20
Cyber Crime & Infrastructure Russian Business Network 21
Cyber Crime & Infrastructure • 2005 to Now • Innovative Marketing Inc • Founded by Daniel Sundin & Sam Jain in 2002 at Belize & later moved to Kiev, Ukraine • Pirated music, software, pornography & Viagra • Disbanded in 2008 but operating under different names 22
Cyber Crime & Infrastructure • 2011 ATM Fraud • http://www.nbcchicago.com/news/local-beat/atm-thefts-116435289.html 23
Cloud Cloud increasingly being used by cyber criminals By way of example, O’Connor said cyber criminals could use the Cloud to secretly store and distribute child abuse material for commercial purposes. Legitimate businesses may well be turning to the Cloud in increasing numbers, but so too are illegitimate business, according to the Minister for Home Affairs and Justice, Brendan O'Connor. In a speech, given at the International Association of Privacy Professionals Annual Conference in Sydney, O'Connor said cyber criminals were increasingly exploiting the Cloud to achieve their own aims. "Cyber criminals can not only steal data from Clouds, they can also hide data in Clouds," he said. "Rogue Cloud service providers based in countries with lax cybercrime laws can provide confidential hosting and data storage services, which facilitates the storage and distribution of criminal data, avoiding detection by law enforcement agencies. 24
Cyber Crime Protection • Regulatory framework to combat Cyber Crime – UN & NATO leading the way now • Stricter laws to combat Cyber Crime – No safe havens • Long term responses – Coordination & Harmonization of efforts at National & International levels • User awareness & education – Public / Private partnership • Switch to banks offering secure services & tell them • Genuine Software • Patch regularly • Use effective Anti Virus • Use a personal firewall • Use common sense when transacting online / ATMs 25
Carding 26
Credits http://www.freedomfromfearmagazine.org & Raoul Chiesa, UNICRI Italy http://www.freedomfromfearmagazine.org/index.php?option=com_content&view=arti cle&id=302:hackers-profiling-who-are-the-attackers&catid=50:issue-7&Itemid=161 http://www.fortiguard.com/analysis/zeusanalysis.html http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1514783,00.html http://www.bizeul.org/files/RBN_study.pdf http://www.oswmag.com/article/cloud-increasingly-being-used-cyber- criminals&urlhash=A93h&goback=.gmp_1864210.gde_1864210_member_36651911 http://theeuropean-magazine.com/83-chiesa-raoul/84-cybercrime-and- cyberwar&urlhash=_uFM&goback=.gmp_2677290.gde_2677290_member_39400172 http://www.wired.com/threatlevel/tag/carding/ Fatal System Error by Joseph Menn http://www.guardian.co.uk/technology/2010/jan/1 http://null.co.in 4/darkmarket-online-fraud-trial-wembley http://www.wired.com/threatlevel/2010/03/alleged-rbs-hacker-arrested http://www.youtube.com/watch?v=AY_SPP1loFs http://www.youtube.com/watch?v=aUyiUAx4NxY 27
Cyber Crime An Alternate Perspective simran@dn.gs Nullcon Goa – 26th of Feb 2011
The Definition A crime is a breach of law for which the governing authority can prescribe a conviction and subsequent punishment
Some Facts: Cyber Crime is… Often with faceless but real “victims” Costs “real” money BIG Business
A Perspective Cyber Crime is “BAD”
Legality vs Morality
A Market Need Hawala is illegal in many countries around the world Hawala provides a means to an end for millions of people (people the “legal” systems do not know how to serve!)
Honesty and Transparency
A Revolution
Don’t Believe The Hype
Think outside the box Ask Yourself “Why?”

Recommended

Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatNTT Innovation Institute Inc.
 
Importance of cyber crime security
Importance of cyber crime security Importance of cyber crime security
Importance of cyber crime security Pavan Kuls
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
CYBERCRIMES AND DUE DILIGENCE
CYBERCRIMES AND DUE DILIGENCECYBERCRIMES AND DUE DILIGENCE
CYBERCRIMES AND DUE DILIGENCEanthony4web
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeTarseam Singh
 
cyber crime
cyber crimecyber crime
cyber crimepriya sehgal
 

Recommended

Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatNTT Innovation Institute Inc.
 
Importance of cyber crime security
Importance of cyber crime security Importance of cyber crime security
Importance of cyber crime security Pavan Kuls
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
CYBERCRIMES AND DUE DILIGENCE
CYBERCRIMES AND DUE DILIGENCECYBERCRIMES AND DUE DILIGENCE
CYBERCRIMES AND DUE DILIGENCEanthony4web
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeTarseam Singh
 
cyber crime
cyber crimecyber crime
cyber crimepriya sehgal
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeAditya Kokadwar
 
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexShivamSharma909
 
Cyber crime and Security
Cyber crime and SecurityCyber crime and Security
Cyber crime and SecurityGreater Noida Institute Of Technology
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
Cyber security-presentation
Cyber security-presentationCyber security-presentation
Cyber security-presentationMuhammadHossen
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidPhil Agcaoili
 
Cybercrime Research Paper
Cybercrime Research PaperCybercrime Research Paper
Cybercrime Research PaperWhitney Bolton
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeNirali Shah
 
C3 Cyber
C3 CyberC3 Cyber
C3 CyberDeepak Kumar (D3)
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Cyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldCyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldSOURAV CHANDRA
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
Cyber security basics
Cyber security basics Cyber security basics
Cyber security basics Rohit Srivastava
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeRajat Jain
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarVishwadeep Badgujar
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeSanket Gogoi
 
Cyberlaw
CyberlawCyberlaw
Cyberlawambadesuhas
 
Screening children and young people for risk of re-offending: A Discussion of...
Screening children and young people for risk of re-offending: A Discussion of...Screening children and young people for risk of re-offending: A Discussion of...
Screening children and young people for risk of re-offending: A Discussion of...robine
 
A Case Study of Cyberbullying in Justin Bieber Fandom
A Case Study of Cyberbullying in Justin Bieber FandomA Case Study of Cyberbullying in Justin Bieber Fandom
A Case Study of Cyberbullying in Justin Bieber FandomGina Marcello, Ph.D.
 

More Related Content

What's hot

The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexShivamSharma909
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
Cyber security-presentation
Cyber security-presentationCyber security-presentation
Cyber security-presentationMuhammadHossen
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidPhil Agcaoili
 
Cybercrime Research Paper
Cybercrime Research PaperCybercrime Research Paper
Cybercrime Research PaperWhitney Bolton
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Cyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldCyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldSOURAV CHANDRA
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarVishwadeep Badgujar
 

What's hot (20)

Cyber crime
Cyber crimeCyber crime
Cyber crime
 
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity index
 
Cyber crime and Security
Cyber crime and SecurityCyber crime and Security
Cyber crime and Security
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
Cyber security-presentation
Cyber security-presentationCyber security-presentation
Cyber security-presentation
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
 
Cybercrime Research Paper
Cybercrime Research PaperCybercrime Research Paper
Cybercrime Research Paper
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Cyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldCyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's world
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
 
Cyber security basics
Cyber security basics Cyber security basics
Cyber security basics
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep Badgujar
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
 

Viewers also liked

Screening children and young people for risk of re-offending: A Discussion of...
Screening children and young people for risk of re-offending: A Discussion of...Screening children and young people for risk of re-offending: A Discussion of...
Screening children and young people for risk of re-offending: A Discussion of...robine
 
A Case Study of Cyberbullying in Justin Bieber Fandom
A Case Study of Cyberbullying in Justin Bieber FandomA Case Study of Cyberbullying in Justin Bieber Fandom
A Case Study of Cyberbullying in Justin Bieber FandomGina Marcello, Ph.D.
 
Parental Awareness of Cyber Bullying
Parental Awareness of Cyber BullyingParental Awareness of Cyber Bullying
Parental Awareness of Cyber BullyingFallan Butler
 
Teenage pregnancy
Teenage pregnancyTeenage pregnancy
Teenage pregnancyTra Etty
 
Cyber Bullying
Cyber BullyingCyber Bullying
Cyber BullyingQuirky Kid
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017Ramiro Cid
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity PredictionsPaloAltoNetworks
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017NRC
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boardsPaul McGillicuddy
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityDipesh Waghela
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptMOE515253
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 
Research Study about Bullying
Research Study about BullyingResearch Study about Bullying
Research Study about BullyingDarlene Enderez
 

Viewers also liked (17)

Screening children and young people for risk of re-offending: A Discussion of...
Screening children and young people for risk of re-offending: A Discussion of...Screening children and young people for risk of re-offending: A Discussion of...
Screening children and young people for risk of re-offending: A Discussion of...
 
A Case Study of Cyberbullying in Justin Bieber Fandom
A Case Study of Cyberbullying in Justin Bieber FandomA Case Study of Cyberbullying in Justin Bieber Fandom
A Case Study of Cyberbullying in Justin Bieber Fandom
 
SXSW 2012 WeeWorld Presentation
SXSW 2012 WeeWorld PresentationSXSW 2012 WeeWorld Presentation
SXSW 2012 WeeWorld Presentation
 
Parental Awareness of Cyber Bullying
Parental Awareness of Cyber BullyingParental Awareness of Cyber Bullying
Parental Awareness of Cyber Bullying
 
Teenage pregnancy
Teenage pregnancyTeenage pregnancy
Teenage pregnancy
 
Cyber Bullying
Cyber BullyingCyber Bullying
Cyber Bullying
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
2017 Cybersecurity Predictions
2017 Cybersecurity Predictions2017 Cybersecurity Predictions
2017 Cybersecurity Predictions
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boards
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Final na final thesis
Final na final thesisFinal na final thesis
Final na final thesis
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 
Research Study about Bullying
Research Study about BullyingResearch Study about Bullying
Research Study about Bullying
 

Similar to nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis

Cybercriminals focus on Cryptocurrency
Cybercriminals focus on CryptocurrencyCybercriminals focus on Cryptocurrency
Cybercriminals focus on CryptocurrencyAhmad El Tawil
 
Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)Jay Visavadiya
 
Cyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraCyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraVanshit Malhotra
 
CYBERCRIME AND MONEY LAUNDERING
CYBERCRIME AND MONEY LAUNDERINGCYBERCRIME AND MONEY LAUNDERING
CYBERCRIME AND MONEY LAUNDERINGJyotisheklingji
 
History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrimeOnline
 
Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8Ajeet Choudhary
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?Pierluigi Paganini
 
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...Investments Network marcus evans
 
Dc214 sn orgcrime (1)
Dc214 sn orgcrime (1)Dc214 sn orgcrime (1)
Dc214 sn orgcrime (1)Khushi Angle
 
Cyber crimes Challenges in Global and Oman
Cyber crimes Challenges in Global and OmanCyber crimes Challenges in Global and Oman
Cyber crimes Challenges in Global and OmanMubarak Al Hadadi
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its securityAshwini Awatare
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its securityAshwini Awatare
 
Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Parag Deodhar
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber SecuritySazed Salman
 
Webinar: Popüler black marketler
Webinar: Popüler black marketlerWebinar: Popüler black marketler
Webinar: Popüler black marketlerBGA Cyber Security
 

Similar to nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis (20)

Recent PCI Hacks
Recent PCI HacksRecent PCI Hacks
Recent PCI Hacks
 
Cybercriminals focus on Cryptocurrency
Cybercriminals focus on CryptocurrencyCybercriminals focus on Cryptocurrency
Cybercriminals focus on Cryptocurrency
 
Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)
 
Cyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraCyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit Malhotra
 
Godfather 2.0
Godfather 2.0Godfather 2.0
Godfather 2.0
 
CYBERCRIME AND MONEY LAUNDERING
CYBERCRIME AND MONEY LAUNDERINGCYBERCRIME AND MONEY LAUNDERING
CYBERCRIME AND MONEY LAUNDERING
 
History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrime
 
Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
 
Dc214 sn orgcrime (1)
Dc214 sn orgcrime (1)Dc214 sn orgcrime (1)
Dc214 sn orgcrime (1)
 
Cyber crimes Challenges in Global and Oman
Cyber crimes Challenges in Global and OmanCyber crimes Challenges in Global and Oman
Cyber crimes Challenges in Global and Oman
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its security
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
 
Webinar: Popüler black marketler
Webinar: Popüler black marketlerWebinar: Popüler black marketler
Webinar: Popüler black marketler
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis

  • 1. Cybercrime – A Tech View & Alternative Perspective 26th February 2011 C N Shashidhar & Simran Gambhir http://null.co.in/ http://nullcon.net/
  • 2. Cybercrime 101 – A Technology view 26th February 2011 C N Shashidhar http://in.linkedin.com/in/cnshashidhara http://null.co.in/ http://nullcon.net/
  • 3. The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb. United Nations Interregional Crime & Justice Research Institute, UNICRI – Italy Every new technology opens the door to new criminal approaches Phrack mag, Issue# 64, Article# 13, “Anonymous” http://null.co.in/ http://nullcon.net/ 3
  • 4. Hackers – Hacker Profiling Project • Wannabe (Lamers) - I wud luv to be a hacker type • Script Kiddies – rely on scripts & programs written by others • Cracker – Technically skilled with malicious intentions • Ethical Hacker – Highly skilled with good intentions – law abiding • QPS (Quiet Paranoid Skilled hacker) – Operate alone – Whitehats / Blackhats • Cyber Warrior/Mercenary – Hacker for hire • Industrial Spy Hacker • Govt. Agent Hacker • Military Hacker – IW specialists 4
  • 5.
  • 8. Org Chart of Underground Economy Biz 8
  • 10. Cyber Crime Biz model • C2C model – Criminal to Criminal • Cyber crime is the No. 1 criminal activity overtaking drugs in the US in 2009 • Organized as Corporate Biz model –Highly sophisticated syndicates • Russian mafia using business partners & rewarding top performers • Crime as a Service • Crimeware • Carding • Spam • Phishing & Bank frauds – ATM skimming • Pharma scams • Pornography • Criminal ISPs • Counterfeiting • Virtual money • Money Laundering 10
  • 11. Crime as a Service • Crimeware • Bots, Trojans, Key loggers & Viruses • Zeus Banking trojan/botnet – Customized & delivered as SAAS ; full blown version - $ 700 USD ; • TJ Maxx & Heartland systems attacks – 1 Bln card details compromised - Albert Gonzalez • RBS Worldpay hack – 9.5 $mln USD loss – 4 hackers – Viktor Pleshchuk of St Petersburg arrested in March 2010. Others involved – Sergie Tsurikov of Tallin, Estonia, Oleg Covelin of Chisinau, Moldova & Hacker 3 • Identity theft • Complete Identities for sale – Address, SSN, Bank A/c, Credit Card info – Price $ 1 to $50 per identity, guaranteed Service Level Agreements • Application theft – Using fake identity to open accounts • Account takeover – Masquerade as real owner of account & ask for change in mailing address • Carding – Verifying validity of card data • Spam – Unsolicited mails • Phishing – Emails to user for reset of banking pin • Bank frauds – ATM skimming (video) • Pharma scams • Pornography • Counterfeiting • Virtual money / Digital Cash • eGold • Yandex • Webmoney • Money Laundering 11
  • 12. Cyber Crime & Infrastructure • 2001 – 2005 – Shadowcrew – Founded in 2002 by Seth Sanders (Kidd), Kim Taylor (MacGyver) & Albert Gonzalez (CumbaJohnny). 4000 members internationally. Carding site busted by US Secret Service in 2004 – Cha0 – Cagatay Evyapan - Turkish – Biggest ATM Skimmer ever – Arrested Sept 2008 12
  • 13. Cyber Crime & Infrastructure • 2001 – 2005 • Dark Market – The Facebook for Fraudsters • Founded in 2004 by Renukanth Subramaniam (JiLsi), Marcus Keller (Matrix001) & Max Ray Butler (MaxVision & Iceman) – Carders Market – 86 $ mln business – Infiltrated by FBI agent Keith Mularski & shut down in 2008 – JiLsi worked as a Pizza Hut despatch courier by day & used the Java Bean internet café at Wembley as his office for operating on DarkMarket forum. Carried the OS on a USB stick to avoid leaving trails • DarkMarket price list • Trusted vendors on DarkMarket offered a smorgasbord of personal data, viruses, and card- cloning kits at knockdown prices. Going rates were: • Dumps Data from magnetic stripes on batches of 10 cards. Standard cards: $50. Gold/platinum: $80. Corporate: $180. • Card verification values Information needed for online transactions. $3-$10 depending on quality. • Full information/change of billing Information needed for opening or taking over account details. $150 for account with $10,000 balance. $300 for one with $20,000 balance. • Skimmer Device to read card data. Up to $7,000. • Bank logins 2% of available balance. • Credit card images Both sides of card. $30 each. • Embossed card blanks $50 each. • Holograms $5 per 100. • Hire of botnet Software robots used in spam attacks. $50 a day. 13
  • 14. Cyber Crime & Infrastructure Login page of Darkmarket.ws 14
  • 15. Cyber Crime & Infrastructure User who is interested in buying access to 3000-4000 infected machines a week. 15
  • 16. Cyber Crime & Infrastructure "Get more $$$ for your logs" - this user is advertising cashing services for various banks, used to steal money from online bank accounts. Credentials for these accounts have been stolen via keyloggers. 16
  • 17. Cyber Crime & Infrastructure Distributed-denial-of-service attacks for sale. "This is a great deal on DDOS attacks and cannot be beat by anyone!" 200 "dove" stickers for $1500. "Dove stickers" are VISA credit card holograms. 17
  • 18. Cyber Crime & Infrastructure • Russian Business Network – Verisign – “Baddest of the Bad” • RBN–2$ bln (08) & 150$ mln rev (06-07) ; Criminal ISP • Bullet proof hosting • Owned by Flyman – nephew of Russian politician • Located at #12, Levashovskiv prospect, 197110, St Petersburg, Russia • Tracked by Law Enforcement agencies • Recruit skilled hackers in Russia for creating malware & exploit 0 days • Mysteriously disappeared on 4th Nov 2007 – Believed to be operating under different names • Google maps image of RBN location 18
  • 19. Cyber Crime & Infrastructure RBN Group Companies Too Coin Software MicronNet Credolink Eltel SBT Luglink RBN ConnectCom RBN Oinsinvest Eltel2 AkiMon Deltasys Linkey Nevacon Rustelecom Silvernet 19
  • 20. Cyber Crime & Infrastructure • Russian Business Network 20
  • 21. Cyber Crime & Infrastructure Russian Business Network 21
  • 22. Cyber Crime & Infrastructure • 2005 to Now • Innovative Marketing Inc • Founded by Daniel Sundin & Sam Jain in 2002 at Belize & later moved to Kiev, Ukraine • Pirated music, software, pornography & Viagra • Disbanded in 2008 but operating under different names 22
  • 23. Cyber Crime & Infrastructure • 2011 ATM Fraud • http://www.nbcchicago.com/news/local-beat/atm-thefts-116435289.html 23
  • 24. Cloud Cloud increasingly being used by cyber criminals By way of example, O’Connor said cyber criminals could use the Cloud to secretly store and distribute child abuse material for commercial purposes. Legitimate businesses may well be turning to the Cloud in increasing numbers, but so too are illegitimate business, according to the Minister for Home Affairs and Justice, Brendan O'Connor. In a speech, given at the International Association of Privacy Professionals Annual Conference in Sydney, O'Connor said cyber criminals were increasingly exploiting the Cloud to achieve their own aims. "Cyber criminals can not only steal data from Clouds, they can also hide data in Clouds," he said. "Rogue Cloud service providers based in countries with lax cybercrime laws can provide confidential hosting and data storage services, which facilitates the storage and distribution of criminal data, avoiding detection by law enforcement agencies. 24
  • 25. Cyber Crime Protection • Regulatory framework to combat Cyber Crime – UN & NATO leading the way now • Stricter laws to combat Cyber Crime – No safe havens • Long term responses – Coordination & Harmonization of efforts at National & International levels • User awareness & education – Public / Private partnership • Switch to banks offering secure services & tell them • Genuine Software • Patch regularly • Use effective Anti Virus • Use a personal firewall • Use common sense when transacting online / ATMs 25
  • 26. Carding 26
  • 27. Credits http://www.freedomfromfearmagazine.org & Raoul Chiesa, UNICRI Italy http://www.freedomfromfearmagazine.org/index.php?option=com_content&view=arti cle&id=302:hackers-profiling-who-are-the-attackers&catid=50:issue-7&Itemid=161 http://www.fortiguard.com/analysis/zeusanalysis.html http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1514783,00.html http://www.bizeul.org/files/RBN_study.pdf http://www.oswmag.com/article/cloud-increasingly-being-used-cyber- criminals&urlhash=A93h&goback=.gmp_1864210.gde_1864210_member_36651911 http://theeuropean-magazine.com/83-chiesa-raoul/84-cybercrime-and- cyberwar&urlhash=_uFM&goback=.gmp_2677290.gde_2677290_member_39400172 http://www.wired.com/threatlevel/tag/carding/ Fatal System Error by Joseph Menn http://www.guardian.co.uk/technology/2010/jan/1 http://null.co.in 4/darkmarket-online-fraud-trial-wembley http://www.wired.com/threatlevel/2010/03/alleged-rbs-hacker-arrested http://www.youtube.com/watch?v=AY_SPP1loFs http://www.youtube.com/watch?v=aUyiUAx4NxY 27
  • 28. Cyber Crime An Alternate Perspective simran@dn.gs Nullcon Goa – 26th of Feb 2011
  • 29. The Definition A crime is a breach of law for which the governing authority can prescribe a conviction and subsequent punishment
  • 30. Some Facts: Cyber Crime is… Often with faceless but real “victims” Costs “real” money BIG Business
  • 33. A Market Need Hawala is illegal in many countries around the world Hawala provides a means to an end for millions of people (people the “legal” systems do not know how to serve!)
  • 37. Think outside the box Ask Yourself “Why?”