• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash
 

HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash

on

  • 1,088 views

 

Statistics

Views

Total Views
1,088
Views on SlideShare
1,088
Embed Views
0

Actions

Likes
0
Downloads
100
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And Exciting Ways To Steal Your Cash Presentation Transcript

    • Money Is In The Eye Of The Beholder:New And Exciting Ways To Steal YourCash Yuval Vadim Polevoy – Hackito Ergo Sum 2011
    • Agenda A bit of nostalgia Listening to the wind of change Fraudsters going brutal Security industry catching up Fraudsters prepare to take the next leap
    • Geek Viruses My virus beats your virus! Naïve exploitation of poorly written systems Fun oriented Developed by „Basement Dwellers‟ in spare time No financial gain
    • Business Viruses – Brave New World Fun turns to profit Financially oriented: • Clickers • Espionage • Ransomeware • Financial Crimeware Developed by underground companies as a fully commercial software
    • Financial Crimeware Basic Idea: • Obtain login credentials • “Keep it secret – keep it safe!” – Gandalf The Gray • Login using stolen data • Buy / sell stocks • Pay your bills • Transfer some cash to your grandma
    • Getting From A to B Phishing Pharming
    • Getting From A to B Phishing Pharming
    • Getting From A to B Phishing Pharming
    • Getting From A to B - cont Field injection
    • Getting From A to B - cont Field injection
    • Simple, right? WRONG! Detection: • Each action is logged • Bills have names • And so do bank accounts
    • Simple, right? WRONG! Prevention: • User profiling • Device Profiling • Timing Tests • Geo positioning • Two-factor authentication • Drop-point shutdown
    • Simple, right? WRONG! Technology: • Bot • Infecting correct victims • Obtaining and maintaining a drop-point: • DNS • Storage • Uptime
    • War it is! Small transfers Short distance transfers – branch and/or location Mules Bullet-proof hosting Socks Fast-flux
    • Mules Unsuspecting 3rd party doing the dirty work Setup phony company webpage Hire people to “cash out” the stolen money • Either transfer cash via Cash wiring services etc OR • Buy goods and ship them over OR • Login to online gambling sites and “loose”
    • Mules - cont Mules cannot be punished Two steps plan for successful “cashing out”: • Have more Mules than Bots • Come up with creative and untraceable way to transfer cash / goods
    • Mules - cont 1,925 applied
    • Mules - cont
    • Mules - cont
    • Two-Factor Authentication First secret considered to be compromised Second secret on a decoupled medium Internet Math: User knows it + User has Trojan = I knows it! I, for one, welcome our new Man-In-The-Browser (MITB) Overlords
    • MITB Usage Spot user-initiated money transfer Replace destination Bank Account with your Account / Mule‟s Account Sit back and let the user do all the authentication for you • (Have a beer!)
    • MITB Advanced Usage Spot user-requested history view Replace „hijacked‟ transfers with their original destination Open an iframe in the background, Initiate money transfers on your own • If encountered two-factor authentication – relay it to the user
    • Operation Overview Bot Infection campaign Drop-point Bot-plugins Hiring Mules Managing Mules Establishing covert channels for “cashing out” Maintaining Fast-Flux - Optional
    • Required Skill Set Low-level programmer Spammer / 0-day researcher Hosting owner Javascript programmer HR recruiter E-commerce expert IT specialist - Optional Simple, right?
    • War it is, Take II Security industry catching up Keyboard sniffers are tackled with Virtual On-Screen keyboards MITB getting a lot of attention • Obfuscating documents to prevent HTML injections • High-logic tests to determine the origin of the request
    • Divide and Conquer Obviously not a one-man-gig Function based approach • Or is it „outsourcing‟? A multi-stage cross-border sting operation • Now Hiring: VP of Operations for an international money stealing venture In Soviet Russia, criminals cyber you • The Al Capone of the Digital Age
    • Criminals Cyber You
    • Outsourcing Bots
    • Outsourcing Drop Points
    • Fraud “Customer Care”
    • Screen, the Final Frontier
    • Screen, the Final Frontier
    • Russ ZeuS Hamilton A wide range of online games where „seeing‟ the opponents screen guarantees winning • A subset of these involves real money gambling The other side doesn‟t know you‟re cheating • The perfect theft! • In case you keep low profile, of course Also takes care of Virtual Keyboards!
    • Screen Scraping More than one way to get it done • Which way to protect? Cannot be hermetically monitored No attention • Various programs use screen capturing to display advanced visual effects The new cat-n-mouse game
    • Screen Scraping POC
    • Final Thoughts
    • Thank you!