Charla impartida por Mikel Gastesi y Dani Creus, de S21sec en el evento Asegúr@IT Camp 3, dicho evento tuvo lugar en El Escorial los días 21, 22 y 23 de octubre de 2011.
2. * [ Persona(je)s ]
Autores:
Dani Creus / Mikel Gastesi
Editores:
[S21sec ] + [i64]
Gracias a :
Chema Alonso
David Barroso
Asegura IT Camp III - 2011
3. * [ Sobre qué… ]
Fraude != e-crime
e-crime != Fraude
Fraude bancario FRAUDE
Asegura IT Camp III - 2011
4. * [ El libro … ]
• Visión global del fraude on-line.
• Objetivos…Un PC, ¡qué jugoso!
• Organización del ecosistema.
• Underground.
• Malware orientado a fraude.
• DEMO TIME!
•Ejemplo real
Asegura IT Camp III - 2011
7. * [ Objetivo : PC ]
Windows Windows Windows Windows
2011 Linux Mac Móviles
7 Vista 2003 XP
Septiembre 42.2% 5.6% 0.8% 36.2% 5.1% 8.6% 0.9%
Agosto 40.4% 5.9% 0.8% 38.0% 5.2% 8.2% 0.9%
Julio 39.1% 6.3% 0.9% 39.1% 5.3% 7.8% 1.0%
Junio 37.8% 6.7% 0.9% 39.7% 5.2% 8.1% 0.9%
Mayo 36.5% 7.1% 0.9% 40.7% 5.1% 8.3% 0.8%
Abril 35.9% 7.6% 0.9% 40.9% 5.1% 8.3% 0.8%
AseguraIT Camp III 2011
9. * [ Ecosistema : Infraestructuras]
•Botnets:
•Supervivencia = Ocultación o Fortificación del C&C
•Bullet Proof Hosting
•Arquitecturas de red que oculten el C&C
AseguraIT Camp III 2011
12. * [ Ecosistema : Infraestructuras]
•Bloquear IPs
•Descargas de un solo uso
•Protocolos de comunicación
propios
•Detección AV
•Falsear hash
•Demo!
•…
Tricks, tricks tricks
AseguraIT Camp III 2011
36. * [ Mercados… ]
The only limit is your imagination! Originals designs can be designed from any country worldwide, and in any language of your
choice... from Scuba instructor, Warranty, Security, Massage Therapist, Auto Mechanic Instructor, Business License, Award, Real
Estate, Degree and Diploma Certificates. Various Degrees, Ordained Minister, Royalty Titles, Kung Fu Master, Club Member,
Library, Student, Identity, Insurance, Permit, Scuba Diver, International Driver, Frequent Flyer, Novelty Id Cards, Fake Driver
License, Driver Permits, Security Social Card, Ski Lift Card, New Identity, Membership cards, CIA, DEA, FBI, Private Detective,
Bondsman, Bounty Hunter, Casino, Press, Access Cards and much more...or virtually any kind of product you desire.
AseguraIT Camp III 2011
47. * [Carding]
El arte de manipular/usar/robar * bancarias
Virtual Carding VS Real Carding…
V/MC/AMEX : CVV1/CVC1/CID
CID/CVV2/CVC2/Manual CID
AseguraIT Camp III 2011