Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
INSIGHTS INTO THE
CYBERCRIME ECOSYSTEM
Albert Hui GREM, GCIA, GCIH, GCFA, CISA
WHO AM I?
 Member of:
• Digital Phishnet
• Association of Certified Fraud Examiners
• SANS Advisory Board
 Former incide...
JURISDICTION
ARBITRAGE
Cybercrime is borderless; cyber law enforcement is not.
TEN YEARS AGO
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
4
TODAY
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
5
TODAY
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
6
Photofromhttp://krebsonsecurity.com
TODAY
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
7
“In Spain, it is not a crime to own and operate a
botnet or distribute m...
BUSINESS FUNCTION
SPECIALIZATION
Scale up the business.
CYBERCRIME ECOSYSTEM
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
9
Security
Researchers Malware
Writers
publish /
sell explo...
WHY SPECIALIZE?
 Scale up
 Legitimize most business activities
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
10
PAY-PER-INSTALL
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
11
INSTALL SERVICE
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
12
EXPLOIT KIT
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
13
CRYPTER
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
14
DOWNLOADER
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
15
SEO
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
16
DOORWAY PAGE
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
17
CASH IN
Realizing financial gains
SPAMMING
 Spamming ads
 Spamming scam emails
 Spamming phishing emails
 Spam-assisted pump and dump
Copyright © 2010 A...
BOTNET
 Leasing out botnets (leave dirty jobs to the buyers)
 Why people pay for botnets?
• Orchestrate click frauds
• C...
CAPITALIZING ACCOUNTS
 Selling in-game items
 Selling game accounts
 Selling personal information (for telemarketing / ...
VIRTUAL CURRENCIES
 WoW gold, Linden Dollar, Q幣,
etc.
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
22
MONEY LAUNDERING
WASH THY MONEY CLEAN
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
24
STORED-VALUE CARDS
 Prepaid credit cards
 Merchant gift cards
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
25
SAFE HAVENS
 Online gambling sites
 Offshore financial services
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
26
ONLINE AUCTIONS
 Money laundering via product purchase (洗寶)
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
27
SMURFING
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
28
$
$ $
$
$
$
$
$
$
$
$
$
$
$
$$
MONEY MULE
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
29
BUSINESS ETHICS OF
THE UNDERWORLD
SHAVING
 Many PPIs are accused of shaving
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
31
PHISHING
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
32
LOOK BEHIND YOUR BACK
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
33
LOOK BEHIND YOUR BACK
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
34
THANK YOU!
albert.hui@gmail.com
Copyright © 2010 Albert Hui
(CC) BY-NC-SA
35
Upcoming SlideShare
Loading in …5
×

Insights into the Cybercrime Ecosystem

2,469 views

Published on

  • Be the first to comment

Insights into the Cybercrime Ecosystem

  1. 1. INSIGHTS INTO THE CYBERCRIME ECOSYSTEM Albert Hui GREM, GCIA, GCIH, GCFA, CISA
  2. 2. WHO AM I?  Member of: • Digital Phishnet • Association of Certified Fraud Examiners • SANS Advisory Board  Former incident analyst / researcher at top-tier retail, commercial, and investment banks.  Former government security auditor.  Now a security ronin.
  3. 3. JURISDICTION ARBITRAGE Cybercrime is borderless; cyber law enforcement is not.
  4. 4. TEN YEARS AGO Copyright © 2010 Albert Hui (CC) BY-NC-SA 4
  5. 5. TODAY Copyright © 2010 Albert Hui (CC) BY-NC-SA 5
  6. 6. TODAY Copyright © 2010 Albert Hui (CC) BY-NC-SA 6 Photofromhttp://krebsonsecurity.com
  7. 7. TODAY Copyright © 2010 Albert Hui (CC) BY-NC-SA 7 “In Spain, it is not a crime to own and operate a botnet or distribute malware,” Capt. Lorenzana told Krebsonsecurity in March. “So even if we manage to prove they are using a botnet, we will need to prove they also were stealing identities and other things, and that is where our lines of investigation are focusing right now.”
  8. 8. BUSINESS FUNCTION SPECIALIZATION Scale up the business.
  9. 9. CYBERCRIME ECOSYSTEM Copyright © 2010 Albert Hui (CC) BY-NC-SA 9 Security Researchers Malware Writers publish / sell exploits Script Kiddies sell malwares / exploit kits Packer / Crypter Developer Sell packers / crypters sell / publish / make known of vulnerabilities / techniques Hackers pay per install P2P File Downloaders / Web Surfers (Victims) spread malwares Crack Programmer Software Pirates supply software steal accounts (e.g. QQ, game, credit card numbers, e-banking logins) sell accounts / zombies Accounts / Zombies Resellers Spammers, Virtual Asset Resellers, Personal Info Resellers Fraudsters sell accounts sell credit card numbers / e-banking logins Money Launderers Money Mules Bulletproof Hosting buy hosting services Botnet Operators Sell zombies sell botnet Traffic Resellers
  10. 10. WHY SPECIALIZE?  Scale up  Legitimize most business activities Copyright © 2010 Albert Hui (CC) BY-NC-SA 10
  11. 11. PAY-PER-INSTALL Copyright © 2010 Albert Hui (CC) BY-NC-SA 11
  12. 12. INSTALL SERVICE Copyright © 2010 Albert Hui (CC) BY-NC-SA 12
  13. 13. EXPLOIT KIT Copyright © 2010 Albert Hui (CC) BY-NC-SA 13
  14. 14. CRYPTER Copyright © 2010 Albert Hui (CC) BY-NC-SA 14
  15. 15. DOWNLOADER Copyright © 2010 Albert Hui (CC) BY-NC-SA 15
  16. 16. SEO Copyright © 2010 Albert Hui (CC) BY-NC-SA 16
  17. 17. DOORWAY PAGE Copyright © 2010 Albert Hui (CC) BY-NC-SA 17
  18. 18. CASH IN Realizing financial gains
  19. 19. SPAMMING  Spamming ads  Spamming scam emails  Spamming phishing emails  Spam-assisted pump and dump Copyright © 2010 Albert Hui (CC) BY-NC-SA 19
  20. 20. BOTNET  Leasing out botnets (leave dirty jobs to the buyers)  Why people pay for botnets? • Orchestrate click frauds • Cyber extortion rackets using DDoS • Distribute more sinister malwares (e.g. Zeus, Torpig, Silent Banker) Copyright © 2010 Albert Hui (CC) BY-NC-SA 20
  21. 21. CAPITALIZING ACCOUNTS  Selling in-game items  Selling game accounts  Selling personal information (for telemarketing / defrauding) Copyright © 2010 Albert Hui (CC) BY-NC-SA 21
  22. 22. VIRTUAL CURRENCIES  WoW gold, Linden Dollar, Q幣, etc. Copyright © 2010 Albert Hui (CC) BY-NC-SA 22
  23. 23. MONEY LAUNDERING
  24. 24. WASH THY MONEY CLEAN Copyright © 2010 Albert Hui (CC) BY-NC-SA 24
  25. 25. STORED-VALUE CARDS  Prepaid credit cards  Merchant gift cards Copyright © 2010 Albert Hui (CC) BY-NC-SA 25
  26. 26. SAFE HAVENS  Online gambling sites  Offshore financial services Copyright © 2010 Albert Hui (CC) BY-NC-SA 26
  27. 27. ONLINE AUCTIONS  Money laundering via product purchase (洗寶) Copyright © 2010 Albert Hui (CC) BY-NC-SA 27
  28. 28. SMURFING Copyright © 2010 Albert Hui (CC) BY-NC-SA 28 $ $ $ $ $ $ $ $ $ $ $ $ $ $ $$
  29. 29. MONEY MULE Copyright © 2010 Albert Hui (CC) BY-NC-SA 29
  30. 30. BUSINESS ETHICS OF THE UNDERWORLD
  31. 31. SHAVING  Many PPIs are accused of shaving Copyright © 2010 Albert Hui (CC) BY-NC-SA 31
  32. 32. PHISHING Copyright © 2010 Albert Hui (CC) BY-NC-SA 32
  33. 33. LOOK BEHIND YOUR BACK Copyright © 2010 Albert Hui (CC) BY-NC-SA 33
  34. 34. LOOK BEHIND YOUR BACK Copyright © 2010 Albert Hui (CC) BY-NC-SA 34
  35. 35. THANK YOU! albert.hui@gmail.com Copyright © 2010 Albert Hui (CC) BY-NC-SA 35

×