SlideShare a Scribd company logo

HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash

Hackito Ergo Sum
Hackito Ergo Sum
Technology
1 of 37
Download to read offline
Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash Yuval Vadim Polevoy – Hackito Ergo Sum 2011
Agenda A bit of nostalgia Listening to the wind of change Fraudsters going brutal Security industry catching up Fraudsters prepare to take the next leap
Geek Viruses My virus beats your virus! Naïve exploitation of poorly written systems Fun oriented Developed by „Basement Dwellers‟ in spare time No financial gain
Business Viruses – Brave New World Fun turns to profit Financially oriented: • Clickers • Espionage • Ransomeware • Financial Crimeware Developed by underground companies as a fully commercial software
Financial Crimeware Basic Idea: • Obtain login credentials • “Keep it secret – keep it safe!” – Gandalf The Gray • Login using stolen data • Buy / sell stocks • Pay your bills • Transfer some cash to your grandma
Getting From A to B Phishing Pharming
Getting From A to B Phishing Pharming
Getting From A to B Phishing Pharming
Getting From A to B - cont Field injection
Getting From A to B - cont Field injection
Simple, right? WRONG! Detection: • Each action is logged • Bills have names • And so do bank accounts
Simple, right? WRONG! Prevention: • User profiling • Device Profiling • Timing Tests • Geo positioning • Two-factor authentication • Drop-point shutdown
Simple, right? WRONG! Technology: • Bot • Infecting correct victims • Obtaining and maintaining a drop-point: • DNS • Storage • Uptime
War it is! Small transfers Short distance transfers – branch and/or location Mules Bullet-proof hosting Socks Fast-flux
Mules Unsuspecting 3rd party doing the dirty work Setup phony company webpage Hire people to “cash out” the stolen money • Either transfer cash via Cash wiring services etc OR • Buy goods and ship them over OR • Login to online gambling sites and “loose”
Mules - cont Mules cannot be punished Two steps plan for successful “cashing out”: • Have more Mules than Bots • Come up with creative and untraceable way to transfer cash / goods
Mules - cont 1,925 applied
Mules - cont
Mules - cont
Two-Factor Authentication First secret considered to be compromised Second secret on a decoupled medium Internet Math: User knows it + User has Trojan = I knows it! I, for one, welcome our new Man-In-The-Browser (MITB) Overlords
MITB Usage Spot user-initiated money transfer Replace destination Bank Account with your Account / Mule‟s Account Sit back and let the user do all the authentication for you • (Have a beer!)
MITB Advanced Usage Spot user-requested history view Replace „hijacked‟ transfers with their original destination Open an iframe in the background, Initiate money transfers on your own • If encountered two-factor authentication – relay it to the user
Operation Overview Bot Infection campaign Drop-point Bot-plugins Hiring Mules Managing Mules Establishing covert channels for “cashing out” Maintaining Fast-Flux - Optional
Required Skill Set Low-level programmer Spammer / 0-day researcher Hosting owner Javascript programmer HR recruiter E-commerce expert IT specialist - Optional Simple, right?
War it is, Take II Security industry catching up Keyboard sniffers are tackled with Virtual On-Screen keyboards MITB getting a lot of attention • Obfuscating documents to prevent HTML injections • High-logic tests to determine the origin of the request
Divide and Conquer Obviously not a one-man-gig Function based approach • Or is it „outsourcing‟? A multi-stage cross-border sting operation • Now Hiring: VP of Operations for an international money stealing venture In Soviet Russia, criminals cyber you • The Al Capone of the Digital Age
Criminals Cyber You
Outsourcing Bots
Outsourcing Drop Points
Fraud “Customer Care”
Screen, the Final Frontier
Screen, the Final Frontier
Russ ZeuS Hamilton A wide range of online games where „seeing‟ the opponents screen guarantees winning • A subset of these involves real money gambling The other side doesn‟t know you‟re cheating • The perfect theft! • In case you keep low profile, of course Also takes care of Virtual Keyboards!
Screen Scraping More than one way to get it done • Which way to protect? Cannot be hermetically monitored No attention • Various programs use screen capturing to display advanced visual effects The new cat-n-mouse game
Screen Scraping POC
Final Thoughts
Thank you!

Recommended

The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystem
amiable_indian
 
Money Mule Thesis_Brenda Arevalo
Money Mule Thesis_Brenda ArevaloMoney Mule Thesis_Brenda Arevalo
Money Mule Thesis_Brenda Arevalo
Brenda C. Arevalo
 
Ajeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasAjeet Singh - The FBI Overseas
Ajeet Singh - The FBI Overseas
UISGCON
 
Mules
MulesMules
Mules
Lindsay Galvin
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
umme ayesha
 
The Quiet Rise of Account Takeover
The Quiet Rise of Account TakeoverThe Quiet Rise of Account Takeover
The Quiet Rise of Account Takeover
IMMUNIO
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Rafel Ivgi
 
Internet scams
Internet scamsInternet scams
Internet scams
Surashree Sahasrabudhe
 

Recommended

The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystem
amiable_indian
 
Money Mule Thesis_Brenda Arevalo
Money Mule Thesis_Brenda ArevaloMoney Mule Thesis_Brenda Arevalo
Money Mule Thesis_Brenda Arevalo
Brenda C. Arevalo
 
Ajeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasAjeet Singh - The FBI Overseas
Ajeet Singh - The FBI Overseas
UISGCON
 
Mules
MulesMules
Mules
Lindsay Galvin
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
umme ayesha
 
The Quiet Rise of Account Takeover
The Quiet Rise of Account TakeoverThe Quiet Rise of Account Takeover
The Quiet Rise of Account Takeover
IMMUNIO
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Rafel Ivgi
 
Internet scams
Internet scamsInternet scams
Internet scams
Surashree Sahasrabudhe
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
Avishek Datta
 
Sec Tor Towards A More Secure Online Banking
Sec Tor Towards A More Secure Online BankingSec Tor Towards A More Secure Online Banking
Sec Tor Towards A More Secure Online Banking
Nick Owen
 
Cybercrime
CybercrimeCybercrime
Cybercrime
deepika28g
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
Steve Poole
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
Felipe Prado
 
Day 2
Day 2Day 2
Day 2
sefreed
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Steve Poole
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New Frontiers
Albert Hui
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Steve Poole
 
Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)
Jay Visavadiya
 
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionLunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
TransUnion
 
Reboot Money
Reboot MoneyReboot Money
Reboot Money
Pelle Braendgaard
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
Keshab Nath
 
Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!
Halo Metrics
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card frauds
Vi Tính Hoàng Nam
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
Mitesh Katira
 
Online banking trojans
Online banking trojansOnline banking trojans
Online banking trojans
Andre N. Klingsheim
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
Ben Boyd
 
Fraud in bank
Fraud in bankFraud in bank
Fraud in bank
PawanKumarJha7
 
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
Hackito Ergo Sum
 
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
Hackito Ergo Sum
 

More Related Content

Similar to HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash

Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
Steve Poole
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Steve Poole
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New Frontiers
Albert Hui
 
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionLunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
TransUnion
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
Keshab Nath
 

Similar to HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash (20)

Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Sec Tor Towards A More Secure Online Banking
Sec Tor Towards A More Secure Online BankingSec Tor Towards A More Secure Online Banking
Sec Tor Towards A More Secure Online Banking
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
 
Day 2
Day 2Day 2
Day 2
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New Frontiers
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
 
Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)Legal (Types of Cyber Crime)
Legal (Types of Cyber Crime)
 
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionLunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
 
Reboot Money
Reboot MoneyReboot Money
Reboot Money
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card frauds
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 
Online banking trojans
Online banking trojansOnline banking trojans
Online banking trojans
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Fraud in bank
Fraud in bankFraud in bank
Fraud in bank
 

More from Hackito Ergo Sum

HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
Hackito Ergo Sum
 
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
Hackito Ergo Sum
 
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profitHES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
Hackito Ergo Sum
 
HES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you can
Hackito Ergo Sum
 
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
Hackito Ergo Sum
 
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
Hackito Ergo Sum
 
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
Hackito Ergo Sum
 
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARFHES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
Hackito Ergo Sum
 
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor PerspectiveHES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
Hackito Ergo Sum
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
Hackito Ergo Sum
 
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X SandboxHES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
Hackito Ergo Sum
 
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
Hackito Ergo Sum
 
HES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet YouHES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet You
Hackito Ergo Sum
 

More from Hackito Ergo Sum (13)

HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
 
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
 
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profitHES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
 
HES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you can
 
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
 
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
 
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
 
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARFHES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
 
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor PerspectiveHES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X SandboxHES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
 
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
 
HES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet YouHES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet You
 

Recently uploaded

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Recently uploaded (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 

HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash

  • 1. Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash Yuval Vadim Polevoy – Hackito Ergo Sum 2011
  • 2. Agenda A bit of nostalgia Listening to the wind of change Fraudsters going brutal Security industry catching up Fraudsters prepare to take the next leap
  • 3. Geek Viruses My virus beats your virus! Naïve exploitation of poorly written systems Fun oriented Developed by „Basement Dwellers‟ in spare time No financial gain
  • 4. Business Viruses – Brave New World Fun turns to profit Financially oriented: • Clickers • Espionage • Ransomeware • Financial Crimeware Developed by underground companies as a fully commercial software
  • 5. Financial Crimeware Basic Idea: • Obtain login credentials • “Keep it secret – keep it safe!” – Gandalf The Gray • Login using stolen data • Buy / sell stocks • Pay your bills • Transfer some cash to your grandma
  • 6. Getting From A to B Phishing Pharming
  • 7. Getting From A to B Phishing Pharming
  • 8. Getting From A to B Phishing Pharming
  • 9. Getting From A to B - cont Field injection
  • 10. Getting From A to B - cont Field injection
  • 11. Simple, right? WRONG! Detection: • Each action is logged • Bills have names • And so do bank accounts
  • 12. Simple, right? WRONG! Prevention: • User profiling • Device Profiling • Timing Tests • Geo positioning • Two-factor authentication • Drop-point shutdown
  • 13. Simple, right? WRONG! Technology: • Bot • Infecting correct victims • Obtaining and maintaining a drop-point: • DNS • Storage • Uptime
  • 14. War it is! Small transfers Short distance transfers – branch and/or location Mules Bullet-proof hosting Socks Fast-flux
  • 15. Mules Unsuspecting 3rd party doing the dirty work Setup phony company webpage Hire people to “cash out” the stolen money • Either transfer cash via Cash wiring services etc OR • Buy goods and ship them over OR • Login to online gambling sites and “loose”
  • 16. Mules - cont Mules cannot be punished Two steps plan for successful “cashing out”: • Have more Mules than Bots • Come up with creative and untraceable way to transfer cash / goods
  • 17. Mules - cont 1,925 applied
  • 20. Two-Factor Authentication First secret considered to be compromised Second secret on a decoupled medium Internet Math: User knows it + User has Trojan = I knows it! I, for one, welcome our new Man-In-The-Browser (MITB) Overlords
  • 21. MITB Usage Spot user-initiated money transfer Replace destination Bank Account with your Account / Mule‟s Account Sit back and let the user do all the authentication for you • (Have a beer!)
  • 22. MITB Advanced Usage Spot user-requested history view Replace „hijacked‟ transfers with their original destination Open an iframe in the background, Initiate money transfers on your own • If encountered two-factor authentication – relay it to the user
  • 23. Operation Overview Bot Infection campaign Drop-point Bot-plugins Hiring Mules Managing Mules Establishing covert channels for “cashing out” Maintaining Fast-Flux - Optional
  • 24. Required Skill Set Low-level programmer Spammer / 0-day researcher Hosting owner Javascript programmer HR recruiter E-commerce expert IT specialist - Optional Simple, right?
  • 25. War it is, Take II Security industry catching up Keyboard sniffers are tackled with Virtual On-Screen keyboards MITB getting a lot of attention • Obfuscating documents to prevent HTML injections • High-logic tests to determine the origin of the request
  • 26. Divide and Conquer Obviously not a one-man-gig Function based approach • Or is it „outsourcing‟? A multi-stage cross-border sting operation • Now Hiring: VP of Operations for an international money stealing venture In Soviet Russia, criminals cyber you • The Al Capone of the Digital Age
  • 31. Screen, the Final Frontier
  • 32. Screen, the Final Frontier
  • 33. Russ ZeuS Hamilton A wide range of online games where „seeing‟ the opponents screen guarantees winning • A subset of these involves real money gambling The other side doesn‟t know you‟re cheating • The perfect theft! • In case you keep low profile, of course Also takes care of Virtual Keyboards!
  • 34. Screen Scraping More than one way to get it done • Which way to protect? Cannot be hermetically monitored No attention • Various programs use screen capturing to display advanced visual effects The new cat-n-mouse game