and banks - Domain pulse

Transcription

and banks - Domain pulse
@
The alternative business case
How the Good versus the Bad may turn Ugly
Erik de Jong
GOVCERT.NL
@
You’ve guessed it...
your coffee
GOVCERT.NL?
The Good
The Bad
The Ugly
main part
What do we do?
you
... I’m between you and your coffee
@
What’s in a name: GOVCERT.NL
GOV =
C
=
E
=
R
=
T
=
.
NL =
Government
Computer
Emergency
Response
Team
Netherlands
What do CERTs do?
... And where do they come from?
@
your coffee
The Good
The Bad
The Ugly
What do we do?
you
@
Once upon a time...
The internet was about sharing information
Open architectures, open systems
Peers among peers, implicit trust
The internet was a friendly place
@
Over time...
“Ordinary people” accessed the internet
Business presented themselves
Strangers among strangers, no trust
The internet became just like real life
@
your coffee
The Bad
The Ugly
Solutions?
you
@
The evolution of nasty things
worms
crime
visibility and malicious intent
(slammer, blaster)
cybercrime highly
profitable
visibi
lity
Phishing
mass-mailers
(I love you, bugbear)
‘marketing’ (illegally
collecting data)
fame and glory
Identity theft
t
ten
n
i
s
u
o
Malici
time
@
your coffee
The Ugly
What do we do?
you
@
Damage
technology is everywhere
The ugly stuff
Spam and scams, phishing
extortion (dDoS threat), click fraud
data trading, botnet renting,
Supporting ‘technologies’
bots and botnets
office files, 0-days and rootkits
PEBKAC
@
Spam and scams
The ugly stuff
Spam and scams
Phishing
Extortion
Click fraud
Small % of victims will still generate profit
Spam first, produce later
419-scammers
Profit?
Rich kids in Lagos
Some spam kings are milionairs
@
Phishing
Victims: end users and businesses
English, but also German!
Only ‘a few’ clicks needed
Profit?
’Rocky Group’ targeted numerous
banks. One security firm
estimates their ‘proceedings’ at
at least US$ 70 million in 9 months.
The ugly stuff
Spam and scams
Phishing
Extortion
Click fraud
@
Extortion
Uses, for example, dDoS attacks
Hard to counter
‘Tangible’ results
Profit?
Charge protection money
The ugly stuff
Spam and scams
Phishing
Extortion
Click fraud
@
The ugly stuff
Spam and scams
Phishing
Extortion
Click fraud
Click fraud
Websites that like to receive traffic
Website with sponsored links
Clic
k
k
c
li
C
Click
Click
k
Clic
Profit
@
Damage
technology is everywhere
The ugly stuff
Spam and scams, phishing
extortion (dDoS threat), click fraud
data trading, botnet renting,
Supporting ‘technologies’
bots and botnets
office files, 0-days and rootkits
PEBKAC
@
Bots - and botnets
• autonomous program
• performs actions without user intervention
• good or bad?
– in the security world: bot = mostly bad
• modular
– keyloggers, backdoors, packet sniffers
– update functionality
• large number of bots under one control = botnet
• controlled via “Internet Relay Chat” (IRC)
• used for malicious / criminal purposes
@
What could a bot get?
•
•
•
•
•
•
•
Hundreds of banks
eBay
PayPal
Hotmail / MSN Messenger
Airlines / Various travel agencies
Several Universities
Yahoo! / Google Mail / Webmail in general
• Including .gov.cn, .gov.ae, .gov.in, etc
• Medical Transcription Services / Online pharmacies
/ Hospitals
• Online games / Poker / Betting
• Online dating / sex sites
• ... & much more.
@
bots – love banks… and banks…
Mellat Bank :: Internet Banking
1st Source Bank :: InfoSource Online
1st Tech Online Banking
4.2 Sydbanks NetBank
STATE BANK OF INDIA
Safe Banking With SBI
idbi bank
ABN AMRO Bank Car Loan
ANADOLUBANK Trading
ANZ Internet Banking
ASB BANK FastNet : Sign On
Absa Internet Banking
Academy Bank, N.A.
Addison Avenue Online Banking
Akbank
Alm. Brand Netbank
AmSouth Internet Banking
Amagerbanken.net
America First Credit Union Web Access Internet
Banking
Anmeldung Standard
Artisans' Bank
BCA Internet Banking
BMO Bank of Montreal Online Banking
BNCR
BPS
Banca On Line
Banco di Napoli
Bank Linth
Bank One Online
Bank Pekao SA
Bank of America Asia Ltd.
Bank of America
Bank of Ireland
Bank of Oklahoma
Bank of Utah
Bank of the West
BankAtlantic
BankCard Services Net Access: Log In
BankNET Power
BankSA Internet Banking Logon Page
Barclays IBank
Barre Savings Bank Online Banking
Berliner Sparkasse
BusinessWeb Banking
CITIBANK Japan
Carolina First Bank Login
Chevy Chase Bank Online Banking
Citibank
Citizens Bank Online
City National Bank
Commerzbank OnlineBanking plus
Commonwealth Bank Group
Community 1st Credit Union
Community State Bank
DAB bank AG Login
@
… and banks … and a few more
DBS Singapore
DaimlerChrysler Bank. Die Bank, die bewegt.
Denison State Bank
Deutsche Bank
Dresdner Bank
ELBA Electronic Banking
EthikBank
Farm Bureau Credit Union
Fifth Third Bank
First Kansas Bank & Trust Company
First National Bank
First National Bank / Bryan
First National Bank of Durango
First PREMIER Bank Gold Card
First Utah Bank
FirstBank
FirstBank Southwest Internet Banking Sign On
FirstMerit
HDFC Bank
HSBC Bank Brasil S.A.
HSBC Bank USA, N.A. Internet Banking: LOG
HSBC Internet Banking
Hagerstown Trust Online Banking Logon
Hancock Bank
Handelsbanken
Hannoversche Volksbank
Heartland Bank Online Log In
Heimabanki SPRON
Heritage Bank
Hibernia National Bank
Huntington Online Banking
HypoVereinsbank
IBC Bank Online: Login
ICICI Bank
ING
INTRUST Personal OnLine Banking
IWBANK
IWBank SpA TradinGear
IndymacBank SSL VPN
Internet Banking: log, on, secure, online, free: HSBC
Bank UK
Jyske Bank
Key Bank
Kiwibank internet banking
Kookmin Bank
Kreissparkasse K?ln: S
La Salle Bank: Personal Finance
Lake Michigan Credit Union
Latvijas Banka
Log on to Citibank Online
Logan Bank & Trust
MB Financial Bank
Merchants and Farmers Bank
MetaStock Professional
Nedbank
Nedbank NetBank Internet Banking
@
… ehh… did I mention banks?
Northwest Savings Bank
Nossa Caixa Net Banking
Oberbank eBanking
Office Bank Safra
Ohio Valley Bank: Welcome to Ohio Valley Bank
PNC Bank Account Link
PREMIER Bankcard, Inc.
PSD OnlineBanking
Postbank Callback
Public Bank Berhad Internet Banking
Qantas Staff Credit Union Online Banking
RBC Financial Group
Rabo Telebankieren
Rabobank
Raiffeisenbank Baisweil
Raiffeisenbank Dietfurt/Altm. eG
Raiffeisenbank Haldenwang eG
Raiffeisenbank Schierling
Rockwood Bank Online Banking
SEB InternetBanking & Ordering
SSK Magdeburg
STATE BANK OF INDIA :: INDIA's LARGEST BANK
Santander Direkt Bank
Saxo Bank
Shanghai Commercial Bank Ltd.
Southside Bank Secure Online Banking Sign On
Sparkasse Zollernalb
Spielbank Wiesbaden
St.George Internet Banking Logon Page
Standard Bank of South Africa Limited
Standard Chartered Bank Hong Kong Limited
SunTrust Online Banking
TCF Bank
The Laredo National Bank
U.S. Bank Internet Banking
UOB Personal Internet Banking
UTI Bank
Union Bank on the Web
Unizan Bank, National Association
Vancity and Citizens Bank Account View
Welcome to Family Horizons Credit Union's Home
Banking Site!
Welcome to First Community Credit Union Online
Banking
Welcome to First State Bank of Wyoming's Online
Banking
Welcome to Grand Haven Bank's Internet Banking
Welcome to Heritage Bank of Florida
Welcome to Katahdin Trust Company's Online Banking
Welcome to M&T Online Banking
Welcome to Maybank2u.com Online Financial Services
Welcome to NetLink Internet Banking
Wells Fargo Financial Bank: Online Payment Services
Westpac Online banking
Willkommen bei der Volksbank Halle/Westf. eG
Wing Lung NET Banking
Zenith Bank > Internet Banking Login
@
Office files
•Attacks through Office files died?
•Great attack vector: e-mail always works
•Tricks users into opening files
•By means of 0-day attacks
•Also targeted attacks
@
Pebkac
“Problem Exists Between Keyboard And Chair”
@
Damage
technology is everywhere
The ugly stuff
Spam and scams, phishing
extortion (dDoS threat), click fraud
data trading, botnet renting,
Supporting ‘technologies’
bots and botnets
office files, 0-days and rootkits
PEBKAC
@
Damage
technology is everywhere
The ugly stuff
Spam and scams, phishing
extortion (dDoS threat), click fraud
data trading, botnet renting,
Supporting ‘technologies’
bots and botnets
office files, 0-days and rootkits
PEBKAC
@
Damage
technology is everywhere
“In this case, the impact of the botnet could have been
deadly,” said United States Attorney John McKay.”
“the government alleges that Maxwell and his coconspirators earned $100,000 in fraudulent payments”
“These disruptions affected the hospital’s systems in
numerous ways: doors to the operating rooms did not
open, pagers did not work and computers in the
intensive care unit shut down.”
@
your coffee
What do we do?
you
@
@
reaction: work together with law enforcement
Damage
technology is everywhere
The ugly stuff
Spam and scams, phishing
extortion (dDoS threat), click fraud
data trading, botnet renting,
defense: technical arms race
Supporting ‘technologies’
bots and botnets
office files, 0-days and rootkits
PEBKAC
@
“Concluding the first prosecution of its kind in the United
States, a wellknown member of the "botmaster underground"
was sentenced this afternoon to nearly five years in
prison for profiting from his use of botnets”
“Ancheta admitted generating for himself and an unindicted
co-conspirator more than $107,000 in advertising affiliate
proceeds by downloading adware to more than 400,000
infected computers that he controlled.”
“Judge Klausner said: "Your worst enemy is your own
intellectual arrogance that somehow the world cannot touch
you on this.”
@
Thank you!
Erik de Jong
erik.dejong@govcert.nl