SlideShare uma empresa Scribd logo

Defending Netflix from Abuse

Jason Chan
Jason Chan

My talk from Facebook's Spam Fighting at Scale 2016 conference.

Tecnologia
1 de 43
Engineering Director, Cloud Security Jason Chan Defending Netflix from Abuse
> 86 million members > 190 countries > 125 million hours of streaming per day ~35% of US Internet traffic at peak Netflix Statistics
Some Abuse-Related Background
Simplifiers • No user-generated content • No ads on service • Limited member-to-member interactions • No directly extractable value Abuse @ Netflix • Use value of accounts • Account fungibility • Device ecosystem • Language diversity • Payments complexity • Usage patterns Complicators
“What is the Netflix password?”
• Consumer friendly • 30 day free trial • Easy to cancel • Excellent consumer experience can create potential for abuse Netflix Service
• Who will convert from free trial to paid? • Financial projections • How will members behave? • Content planning • User experience, product enhancements Key Questions Driving Anti-Abuse
1. Obtain Netflix accounts (without paying) 2. Monetize • Primarily via resale • Secondarily as bait/lure Adversary Actions Goals • Free trial fraud (fake accounts) • Account takeover (ATO) Methods
Free Trial Fraud
• Payments is a primary abuse differentiator (vs. free services) • Payment method is required @ signup • Global payments infrastructure and operations is complex • Loopholes and unexpected failure modes occur regularly • Adversaries search for and exploit these failures • So, fake account management is largely a payments fraud problem Free Trial Fraud
Free Trial Fraud: Control Approach Initial Assessment (Client to Site) • VPN/proxy analysis • Device fingerprinting • Global merchant data analysis • Internal threat intel analysis Signup (Payment Validation) • Method of payment checks • Business rules (e.g. trial eligibility) • Risk-dependent auth Post-Signup (Activity Analysis) • BIN anomalies • CS contacts • Account behaviors (e.g. cross-border streaming)
• Detect and disable within 30 days post signup (free trial period) • Continue to shrink the detect-to-disable period • Keep data clean • Reduce adversary opportunity to monetize Free Trial Fraud – Control Objectives
Account Takeover
• 3rd party breaches (password reuse) • Phishing • Malware • “Friendly” compromise ATO – Traditional Causes
Obtain Credentials Use Publish Sell Change Unable to Access Unusual Activity Password Reset Compromise Member Impact Resolution Self Resolution Contact CS Cancel Account Detection, Action, & Measurement ATO Lifecycle
• Account validators and traffic analysis • Detect “credential stuffing” • Credential dumps (pastebin, 3rd party) • Customer service contacts • Predictive model Detecting Account Takeover
• To better identify ATO population, we began with cred dumps • Hypothesis – Members in cred dumps who contact CS exhibit acute signs of compromise • Built classifier to segregate these accounts, and ranked features of impacted accounts • Apply to broader member population • Additional revisions and models created to fine tune Modeling ATO
Abuse Monetization and Markets
General Internet
Video
Social
Auctions and Forums
Typical Outcomes for Resale “Customers”
Disrupting Monetization
• Discovery and takedowns • scumblr and partners • Complicated by language • Collaboration • e.g. eBay LVIS (Licensing Verification and Information System) and VeRO (Verified Rights Owner) • e.g. ThreatExchange (WIP) Monetization Controls
Darkweb
• Monitor and analyze • Cost • Resellers • Overall supply • Controlled purchases • Analyze origins • Upstream intel Darkweb “Controls”
Questions? chan@netflix.com

Recomendados

How to identify credit card fraud
How to identify credit card fraudHow to identify credit card fraud
How to identify credit card fraudHenley Walls
 
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...PROIDEA
 
Accepting Online Credit Card Payments Review
Accepting Online Credit Card Payments ReviewAccepting Online Credit Card Payments Review
Accepting Online Credit Card Payments RevieweCorner Pty Ltd
 
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliancee-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
e-Know Your Transaction (e-KYT) Solution for Financial Crime ComplianceVarun Mittal
 
Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...ZTech Proje
 
Hackathon - London Blockchain Week 2018
Hackathon - London Blockchain Week 2018Hackathon - London Blockchain Week 2018
Hackathon - London Blockchain Week 2018Softjourn, Inc.
 
Graphs for Finance - A technological background
Graphs for Finance - A technological backgroundGraphs for Finance - A technological background
Graphs for Finance - A technological backgroundNeo4j
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and SecurityJason Chan
 

Recomendados

How to identify credit card fraud
How to identify credit card fraudHow to identify credit card fraud
How to identify credit card fraudHenley Walls
 
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...PROIDEA
 
Accepting Online Credit Card Payments Review
Accepting Online Credit Card Payments ReviewAccepting Online Credit Card Payments Review
Accepting Online Credit Card Payments RevieweCorner Pty Ltd
 
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliancee-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
e-Know Your Transaction (e-KYT) Solution for Financial Crime ComplianceVarun Mittal
 
Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...ZTech Proje
 
Hackathon - London Blockchain Week 2018
Hackathon - London Blockchain Week 2018Hackathon - London Blockchain Week 2018
Hackathon - London Blockchain Week 2018Softjourn, Inc.
 
Graphs for Finance - A technological background
Graphs for Finance - A technological backgroundGraphs for Finance - A technological background
Graphs for Finance - A technological backgroundNeo4j
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and SecurityJason Chan
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security AutomationJason Chan
 
Careers in Security
Careers in SecurityCareers in Security
Careers in SecurityJason Chan
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services SecurityJason Chan
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security AutomationJason Chan
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityJason Chan
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleJason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud SecurityJason Chan
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at NetflixJason Chan
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ NetflixJason Chan
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application SecurityJason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveJason Chan
 
Culture
CultureCulture
CultureReed Hastings
 
Laracon Online: Grid and Flexbox
Laracon Online: Grid and FlexboxLaracon Online: Grid and Flexbox
Laracon Online: Grid and FlexboxRachel Andrew
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooAlex Stamos
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedJason Chan
 
Analyze System and Code Interactions
Analyze System and Code InteractionsAnalyze System and Code Interactions
Analyze System and Code InteractionsQualcomm Developer Network
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesJason Chan
 
Ibm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalIbm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalaspyker
 
Faster Payments on the Blockchain
Faster Payments on the BlockchainFaster Payments on the Blockchain
Faster Payments on the BlockchainKaren Hsu
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity gppcpa
 

Mais conteúdo relacionado

Destaque

The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security AutomationJason Chan
 
Careers in Security
Careers in SecurityCareers in Security
Careers in SecurityJason Chan
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services SecurityJason Chan
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security AutomationJason Chan
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityJason Chan
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleJason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud SecurityJason Chan
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at NetflixJason Chan
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ NetflixJason Chan
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application SecurityJason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveJason Chan
 
Laracon Online: Grid and Flexbox
Laracon Online: Grid and FlexboxLaracon Online: Grid and Flexbox
Laracon Online: Grid and FlexboxRachel Andrew
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooAlex Stamos
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedJason Chan
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesJason Chan
 
Ibm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalIbm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalaspyker
 

Destaque (20)

The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security Automation
 
Careers in Security
Careers in SecurityCareers in Security
Careers in Security
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security Automation
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud Security
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ Netflix
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application Security
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
 
Culture
CultureCulture
Culture
 
Laracon Online: Grid and Flexbox
Laracon Online: Grid and FlexboxLaracon Online: Grid and Flexbox
Laracon Online: Grid and Flexbox
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
 
Analyze System and Code Interactions
Analyze System and Code InteractionsAnalyze System and Code Interactions
Analyze System and Code Interactions
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
 
Ibm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalIbm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinal
 

Semelhante a Defending Netflix from Abuse

Faster Payments on the Blockchain
Faster Payments on the BlockchainFaster Payments on the Blockchain
Faster Payments on the BlockchainKaren Hsu
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity gppcpa
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2Sam Bowne
 
CFO Half-Day Conference
CFO Half-Day ConferenceCFO Half-Day Conference
CFO Half-Day Conferencegppcpa
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsSam Bowne
 
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its CustomersHow Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its CustomersBrian Griffith
 
4 Ways AI Can Help Your Small Business
4 Ways AI Can Help Your Small Business4 Ways AI Can Help Your Small Business
4 Ways AI Can Help Your Small BusinessKeita Broadwater
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptxdotco
 
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...Neo4j
 
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...Emagia
 
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...ALG Systems (АЛЖ Системс)
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business CaseHitachi ID Systems, Inc.
 
E Commerce: Its role and development
E Commerce: Its role and developmentE Commerce: Its role and development
E Commerce: Its role and developmentAnubha Rastogi
 
ppt on e crime management system
ppt on e crime management systemppt on e crime management system
ppt on e crime management systemKrishna Kinkar Jha
 
Blockchain and the investment industry stack
Blockchain and the investment industry stackBlockchain and the investment industry stack
Blockchain and the investment industry stackDavid Taylor
 
Using Technology in Your Law Practice - MO SASF
Using Technology in Your Law Practice - MO SASFUsing Technology in Your Law Practice - MO SASF
Using Technology in Your Law Practice - MO SASFDowney Law Group LLC
 
Innovations in AP for Community Association Management
Innovations in AP for Community Association ManagementInnovations in AP for Community Association Management
Innovations in AP for Community Association ManagementAndrea Drennen
 

Semelhante a Defending Netflix from Abuse (20)

Faster Payments on the Blockchain
Faster Payments on the BlockchainFaster Payments on the Blockchain
Faster Payments on the Blockchain
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
 
CFO Half-Day Conference
CFO Half-Day ConferenceCFO Half-Day Conference
CFO Half-Day Conference
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
 
DigitalKYC_Modules.pdf
DigitalKYC_Modules.pdfDigitalKYC_Modules.pdf
DigitalKYC_Modules.pdf
 
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its CustomersHow Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
 
CAAT_Outa_Bag
CAAT_Outa_BagCAAT_Outa_Bag
CAAT_Outa_Bag
 
4 Ways AI Can Help Your Small Business
4 Ways AI Can Help Your Small Business4 Ways AI Can Help Your Small Business
4 Ways AI Can Help Your Small Business
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptx
 
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
 
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
 
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business Case
 
E Commerce: Its role and development
E Commerce: Its role and developmentE Commerce: Its role and development
E Commerce: Its role and development
 
ppt on e crime management system
ppt on e crime management systemppt on e crime management system
ppt on e crime management system
 
Blockchain and the investment industry stack
Blockchain and the investment industry stackBlockchain and the investment industry stack
Blockchain and the investment industry stack
 
Chanchal ODSC-fraud-2017
Chanchal ODSC-fraud-2017Chanchal ODSC-fraud-2017
Chanchal ODSC-fraud-2017
 
Using Technology in Your Law Practice - MO SASF
Using Technology in Your Law Practice - MO SASFUsing Technology in Your Law Practice - MO SASF
Using Technology in Your Law Practice - MO SASF
 
Innovations in AP for Community Association Management
Innovations in AP for Community Association ManagementInnovations in AP for Community Association Management
Innovations in AP for Community Association Management
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Último (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Defending Netflix from Abuse

  • 1. Engineering Director, Cloud Security Jason Chan Defending Netflix from Abuse
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. > 86 million members > 190 countries > 125 million hours of streaming per day ~35% of US Internet traffic at peak Netflix Statistics
  • 7.
  • 9. Simplifiers • No user-generated content • No ads on service • Limited member-to-member interactions • No directly extractable value Abuse @ Netflix • Use value of accounts • Account fungibility • Device ecosystem • Language diversity • Payments complexity • Usage patterns Complicators
  • 10. “What is the Netflix password?”
  • 11. • Consumer friendly • 30 day free trial • Easy to cancel • Excellent consumer experience can create potential for abuse Netflix Service
  • 12. • Who will convert from free trial to paid? • Financial projections • How will members behave? • Content planning • User experience, product enhancements Key Questions Driving Anti-Abuse
  • 13. 1. Obtain Netflix accounts (without paying) 2. Monetize • Primarily via resale • Secondarily as bait/lure Adversary Actions Goals • Free trial fraud (fake accounts) • Account takeover (ATO) Methods
  • 15. • Payments is a primary abuse differentiator (vs. free services) • Payment method is required @ signup • Global payments infrastructure and operations is complex • Loopholes and unexpected failure modes occur regularly • Adversaries search for and exploit these failures • So, fake account management is largely a payments fraud problem Free Trial Fraud
  • 16. Free Trial Fraud: Control Approach Initial Assessment (Client to Site) • VPN/proxy analysis • Device fingerprinting • Global merchant data analysis • Internal threat intel analysis Signup (Payment Validation) • Method of payment checks • Business rules (e.g. trial eligibility) • Risk-dependent auth Post-Signup (Activity Analysis) • BIN anomalies • CS contacts • Account behaviors (e.g. cross-border streaming)
  • 17. • Detect and disable within 30 days post signup (free trial period) • Continue to shrink the detect-to-disable period • Keep data clean • Reduce adversary opportunity to monetize Free Trial Fraud – Control Objectives
  • 19. • 3rd party breaches (password reuse) • Phishing • Malware • “Friendly” compromise ATO – Traditional Causes
  • 20. Obtain Credentials Use Publish Sell Change Unable to Access Unusual Activity Password Reset Compromise Member Impact Resolution Self Resolution Contact CS Cancel Account Detection, Action, & Measurement ATO Lifecycle
  • 21. • Account validators and traffic analysis • Detect “credential stuffing” • Credential dumps (pastebin, 3rd party) • Customer service contacts • Predictive model Detecting Account Takeover
  • 22. • To better identify ATO population, we began with cred dumps • Hypothesis – Members in cred dumps who contact CS exhibit acute signs of compromise • Built classifier to segregate these accounts, and ranked features of impacted accounts • Apply to broader member population • Additional revisions and models created to fine tune Modeling ATO
  • 25. Video
  • 26.
  • 27.
  • 29.
  • 30.
  • 31.
  • 33.
  • 34.
  • 35. Typical Outcomes for Resale “Customers”
  • 36.
  • 37.
  • 39. • Discovery and takedowns • scumblr and partners • Complicated by language • Collaboration • e.g. eBay LVIS (Licensing Verification and Information System) and VeRO (Verified Rights Owner) • e.g. ThreatExchange (WIP) Monetization Controls
  • 41.
  • 42. • Monitor and analyze • Cost • Resellers • Overall supply • Controlled purchases • Analyze origins • Upstream intel Darkweb “Controls”