BRIDGING BARRIERS:
LEGAL
AND
TECHNICAL
OF
CYBERCRIME CASES
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
AGENDA
Fraud Ecosystem
Crimeware You Can Afford
Wildfire Infection
The Shift in Threats
From amateur virus writers to organized
money making professionals !
Virus
Worm
Internet Trojan
(MITM / MITB)
Phishing
Spyware
Spam
2005
2000
2003
2004
2010
Mobile
Threats
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
The Enemy has Changed
Script Kiddies
Chen-Ing Hau,
24
(author of CIH virus)
Joseph McElroy, 16
(Hacked into Nuclear US Lab)
Jeffrey Lee Parson, 18
Professionals
Ehud Tenenbaum
The Analyzer
Albert Gonzalez
TJX Hacker
Andrew Schwarmkoff
Russian phishing mob
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Technical
Infrastructure
Cash Out
Fraudster
Fraud Eco System
Harves-ng
Fraudster
Opera-onal
Infrastructure
Communication
Fraud forum / chat room
User Account
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Air Parcel Express: Truly Global
High Grade Trojans
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Trojans
Drop
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
AGENDA
Fraud Ecosystem
Crimeware You Can Afford
Wildfire Infection
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Zeus 2.0
Most popular Trojan Kit ($3,000)
Feature
Zeus 2.0
Polymorphism
HTML Injec-ons
MITB capability
Documenta-on
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Next Frontier: Mobile Trojans
Man-in-the-Mobile – SMS Bypassing
`
U s er
$
B ank
Phishing for mobille
(account ID/pwd)
Hacker capture
credentials
Login attempt
One Time Password
(OTP)
Sent
OTP Forwarding
Successful Login
Trojan Infrastructure
Command & Control
Bot-Herder
Infection / Update
Drop Zone
Bulletproof hosting,
unlimited
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
AGENDA
Fraud Ecosystem
Crimeware You Can Afford
Wildfire Infection
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Cost of infection and hosting
AGENDA
Fraud Ecosystem
Crimeware You Can Afford
Wildfire Infection
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
Advanced Persistent Threats
Cybercrime Reborn
1980-2010
2010-2020
Aurora (Jan 2010)
Defense, Critical Infrastructure,
Media, Finance, Internet
Night Dragon (Feb 2011)
Advanced Persistent Threats
35
Endorsed by: Organizer:
People First, Performance Now
Ministry od Science, Technology and Innovation
