Insights into the Cybercrime Ecosystem

2,210 views

Published on

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,210
On SlideShare
0
From Embeds
0
Number of Embeds
26
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • “We didn’t just get the command and control servers; with Mariposa we got the guys behind it. The problem is that we can take down the botnet but the criminals are still out there and can start a new botnet – that happens most of the times.” said Luis Corrons, technical director at PandaLabs.
  • Only the hackers who perform break-ins and thefts, and the financial operators are clearly criminal.
  • Drive-by downloads
  • Investopedia Dictionary defines money laundering as “the process of creating the appearance that large amounts of money obtained from serious crimes, such as drug trafficking or terrorist activity, originated from a legitimate source.”

    According to the International Monetary Fund (IMF), money laundering transactions are almost beyond imagination – 2 percent to 5 percent of global Gross Domestic Product.

    Necessary element of any criminal activity undertaken for profit.

    placement -> layering -> integration
  • Smurfing, a subset of structuring, the practice of executing financial transactions in a specific pattern calculated to avoid the creation of certain records and reports required by law (Bank Secrecy Act (BSA)).
  • Nigeria scam? Sometimes you actually do receive the money.
  • Insights into the Cybercrime Ecosystem

    1. 1. INSIGHTS INTO THE CYBERCRIME ECOSYSTEM Albert Hui GREM, GCIA, GCIH, GCFA, CISA
    2. 2. WHO AM I?  Member of: • Digital Phishnet • Association of Certified Fraud Examiners • SANS Advisory Board  Former incident analyst / researcher at top-tier retail, commercial, and investment banks.  Former government security auditor.  Now a security ronin.
    3. 3. JURISDICTION ARBITRAGE Cybercrime is borderless; cyber law enforcement is not.
    4. 4. TEN YEARS AGO Copyright © 2010 Albert Hui (CC) BY-NC-SA 4
    5. 5. TODAY Copyright © 2010 Albert Hui (CC) BY-NC-SA 5
    6. 6. TODAY Copyright © 2010 Albert Hui (CC) BY-NC-SA 6 Photofromhttp://krebsonsecurity.com
    7. 7. TODAY Copyright © 2010 Albert Hui (CC) BY-NC-SA 7 “In Spain, it is not a crime to own and operate a botnet or distribute malware,” Capt. Lorenzana told Krebsonsecurity in March. “So even if we manage to prove they are using a botnet, we will need to prove they also were stealing identities and other things, and that is where our lines of investigation are focusing right now.”
    8. 8. BUSINESS FUNCTION SPECIALIZATION Scale up the business.
    9. 9. CYBERCRIME ECOSYSTEM Copyright © 2010 Albert Hui (CC) BY-NC-SA 9 Security Researchers Malware Writers publish / sell exploits Script Kiddies sell malwares / exploit kits Packer / Crypter Developer Sell packers / crypters sell / publish / make known of vulnerabilities / techniques Hackers pay per install P2P File Downloaders / Web Surfers (Victims) spread malwares Crack Programmer Software Pirates supply software steal accounts (e.g. QQ, game, credit card numbers, e-banking logins) sell accounts / zombies Accounts / Zombies Resellers Spammers, Virtual Asset Resellers, Personal Info Resellers Fraudsters sell accounts sell credit card numbers / e-banking logins Money Launderers Money Mules Bulletproof Hosting buy hosting services Botnet Operators Sell zombies sell botnet Traffic Resellers
    10. 10. WHY SPECIALIZE?  Scale up  Legitimize most business activities Copyright © 2010 Albert Hui (CC) BY-NC-SA 10
    11. 11. PAY-PER-INSTALL Copyright © 2010 Albert Hui (CC) BY-NC-SA 11
    12. 12. INSTALL SERVICE Copyright © 2010 Albert Hui (CC) BY-NC-SA 12
    13. 13. EXPLOIT KIT Copyright © 2010 Albert Hui (CC) BY-NC-SA 13
    14. 14. CRYPTER Copyright © 2010 Albert Hui (CC) BY-NC-SA 14
    15. 15. DOWNLOADER Copyright © 2010 Albert Hui (CC) BY-NC-SA 15
    16. 16. SEO Copyright © 2010 Albert Hui (CC) BY-NC-SA 16
    17. 17. DOORWAY PAGE Copyright © 2010 Albert Hui (CC) BY-NC-SA 17
    18. 18. CASH IN Realizing financial gains
    19. 19. SPAMMING  Spamming ads  Spamming scam emails  Spamming phishing emails  Spam-assisted pump and dump Copyright © 2010 Albert Hui (CC) BY-NC-SA 19
    20. 20. BOTNET  Leasing out botnets (leave dirty jobs to the buyers)  Why people pay for botnets? • Orchestrate click frauds • Cyber extortion rackets using DDoS • Distribute more sinister malwares (e.g. Zeus, Torpig, Silent Banker) Copyright © 2010 Albert Hui (CC) BY-NC-SA 20
    21. 21. CAPITALIZING ACCOUNTS  Selling in-game items  Selling game accounts  Selling personal information (for telemarketing / defrauding) Copyright © 2010 Albert Hui (CC) BY-NC-SA 21
    22. 22. VIRTUAL CURRENCIES  WoW gold, Linden Dollar, Q幣, etc. Copyright © 2010 Albert Hui (CC) BY-NC-SA 22
    23. 23. MONEY LAUNDERING
    24. 24. WASH THY MONEY CLEAN Copyright © 2010 Albert Hui (CC) BY-NC-SA 24
    25. 25. STORED-VALUE CARDS  Prepaid credit cards  Merchant gift cards Copyright © 2010 Albert Hui (CC) BY-NC-SA 25
    26. 26. SAFE HAVENS  Online gambling sites  Offshore financial services Copyright © 2010 Albert Hui (CC) BY-NC-SA 26
    27. 27. ONLINE AUCTIONS  Money laundering via product purchase (洗寶) Copyright © 2010 Albert Hui (CC) BY-NC-SA 27
    28. 28. SMURFING Copyright © 2010 Albert Hui (CC) BY-NC-SA 28 $ $ $ $ $ $ $ $ $ $ $ $ $ $ $$
    29. 29. MONEY MULE Copyright © 2010 Albert Hui (CC) BY-NC-SA 29
    30. 30. BUSINESS ETHICS OF THE UNDERWORLD
    31. 31. SHAVING  Many PPIs are accused of shaving Copyright © 2010 Albert Hui (CC) BY-NC-SA 31
    32. 32. PHISHING Copyright © 2010 Albert Hui (CC) BY-NC-SA 32
    33. 33. LOOK BEHIND YOUR BACK Copyright © 2010 Albert Hui (CC) BY-NC-SA 33
    34. 34. LOOK BEHIND YOUR BACK Copyright © 2010 Albert Hui (CC) BY-NC-SA 34
    35. 35. THANK YOU! albert.hui@gmail.com Copyright © 2010 Albert Hui (CC) BY-NC-SA 35

    ×