The evolution of eCrime and the remote banking channels
Presentation to the RHUL MSc Information Security Summer School
9 September 2013
Dom Lucas
Overview
Setting the Scene
Attacks & Exploits
Monetising the attack
The bigger picture
Setting the Scene
What is eCrime?
Organised Crime
Remote banking?
What is being attacked?
Why?
In economic terms
Wider Market Base.
Greater ROI.
Cost/Benefit Model.
In criminal terms
I rob banks ‘cos that’s where the money is
Willie Sutton c1930
Attacks & Exploits
Phishing
Phishing Explained
1. Attacker creates / hijacks website
2. Phishing email sent
3. Victim directed to phishing site
4. Phished Credentials forwarded to Drop server
5. Creds forwarded to phisher
6. Creds traded on online forums
7. Phishers use credentials to access genuine accounts
Phishing evolved
MITM/Real-time Phishing Capture & use victim 2-FA pass code in real time thus defeating
multi factor authentication.
HTML form attachment Doesn't require a phishing a site and so evades traditional phishing
takedown.
Vhishing & Smishing Use of traditional social engineering techniques to gather credentials
Use of VOIP technology to spoof & evade detection
Malware
Malware
ZEUS
Spyeye
Citadel
Carberp
ICE IX
Shylock
Attack vectors
www.XXX.com
Monetising the attack
Beneficiaries/Money Mules
Continues to be the Bottleneck
lots of credentials not enough mule
accounts
Money Mule categories
The professionals
The unsuspecting/duped
Developments
Pre-Paid card accounts- lack of KYC
Fake online businesses
International Payments (SEPA)
International fraud payments to mule
accounts across the EU.
Job offer
We have found your resume at Monster.com
and would like to
suggest you a "Transfer manager" vacancy.
We have thoroughly studied your resume and
are happy to inform you that your skills
completely meet our requirements for this
position.
Our company buy, sell, and exchange digital
currencies, like E-gold and E-bullion.
Putting it all together
Crime as a Service
Op HighRoller
Customised Zeus / Spyeye variant.
Automated.
Checked balance.
High net-worth accounts >e200,000.
Targeted over 60 institutions
Global network of mules.
The Wider Picture
Global View
Future Challenges
Things to think about
The next generation….
Don’t underestimate the adversary
Maintain situational awareness
Questions?