the evolution of ecrime and the remote banking channels presentation to the rhul msc information...
TRANSCRIPT
![Page 1: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/1.jpg)
The evolution of eCrime and the remote banking channels
Presentation to the RHUL MSc Information Security Summer School
9 September 2013
Dom Lucas
![Page 2: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/2.jpg)
Overview
Setting the Scene
Attacks & Exploits
Monetising the attack
The bigger picture
![Page 3: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/3.jpg)
Setting the Scene
![Page 4: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/4.jpg)
What is eCrime?
![Page 5: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/5.jpg)
Organised Crime
![Page 6: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/6.jpg)
Remote banking?
![Page 7: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/7.jpg)
What is being attacked?
![Page 8: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/8.jpg)
Why?
In economic terms
Wider Market Base.
Greater ROI.
Cost/Benefit Model.
In criminal terms
I rob banks ‘cos that’s where the money is
Willie Sutton c1930
![Page 9: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/9.jpg)
Attacks & Exploits
![Page 10: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/10.jpg)
Phishing
![Page 11: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/11.jpg)
Phishing Explained
1. Attacker creates / hijacks website
2. Phishing email sent
3. Victim directed to phishing site
4. Phished Credentials forwarded to Drop server
5. Creds forwarded to phisher
6. Creds traded on online forums
7. Phishers use credentials to access genuine accounts
![Page 12: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/12.jpg)
Phishing evolved
MITM/Real-time Phishing Capture & use victim 2-FA pass code in real time thus defeating
multi factor authentication.
HTML form attachment Doesn't require a phishing a site and so evades traditional phishing
takedown.
Vhishing & Smishing Use of traditional social engineering techniques to gather credentials
Use of VOIP technology to spoof & evade detection
![Page 13: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/13.jpg)
Malware
![Page 14: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/14.jpg)
Malware
ZEUS
Spyeye
Citadel
Carberp
ICE IX
Shylock
![Page 15: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/15.jpg)
Attack vectors
www.XXX.com
![Page 16: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/16.jpg)
Monetising the attack
![Page 17: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/17.jpg)
Beneficiaries/Money Mules
Continues to be the Bottleneck
lots of credentials not enough mule
accounts
Money Mule categories
The professionals
The unsuspecting/duped
Developments
Pre-Paid card accounts- lack of KYC
Fake online businesses
International Payments (SEPA)
International fraud payments to mule
accounts across the EU.
Job offer
We have found your resume at Monster.com
and would like to
suggest you a "Transfer manager" vacancy.
We have thoroughly studied your resume and
are happy to inform you that your skills
completely meet our requirements for this
position.
Our company buy, sell, and exchange digital
currencies, like E-gold and E-bullion.
![Page 18: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/18.jpg)
Putting it all together
![Page 19: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/19.jpg)
Crime as a Service
![Page 20: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/20.jpg)
Op HighRoller
Customised Zeus / Spyeye variant.
Automated.
Checked balance.
High net-worth accounts >e200,000.
Targeted over 60 institutions
Global network of mules.
![Page 21: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/21.jpg)
The Wider Picture
![Page 22: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/22.jpg)
Global View
![Page 23: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/23.jpg)
Future Challenges
![Page 24: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/24.jpg)
Things to think about
![Page 25: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/25.jpg)
The next generation….
![Page 26: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/26.jpg)
Don’t underestimate the adversary
![Page 27: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/27.jpg)
Maintain situational awareness
![Page 28: The evolution of eCrime and the remote banking channels Presentation to the RHUL MSc Information Security Summer School 9 September 2013 Dom Lucas](https://reader035.vdocuments.net/reader035/viewer/2022070400/56649f115503460f94c23f6e/html5/thumbnails/28.jpg)
Questions?