and banks - Domain pulse
Transcription
and banks - Domain pulse
@ The alternative business case How the Good versus the Bad may turn Ugly Erik de Jong GOVCERT.NL @ You’ve guessed it... your coffee GOVCERT.NL? The Good The Bad The Ugly main part What do we do? you ... I’m between you and your coffee @ What’s in a name: GOVCERT.NL GOV = C = E = R = T = . NL = Government Computer Emergency Response Team Netherlands What do CERTs do? ... And where do they come from? @ your coffee The Good The Bad The Ugly What do we do? you @ Once upon a time... The internet was about sharing information Open architectures, open systems Peers among peers, implicit trust The internet was a friendly place @ Over time... “Ordinary people” accessed the internet Business presented themselves Strangers among strangers, no trust The internet became just like real life @ your coffee The Bad The Ugly Solutions? you @ The evolution of nasty things worms crime visibility and malicious intent (slammer, blaster) cybercrime highly profitable visibi lity Phishing mass-mailers (I love you, bugbear) ‘marketing’ (illegally collecting data) fame and glory Identity theft t ten n i s u o Malici time @ your coffee The Ugly What do we do? you @ Damage technology is everywhere The ugly stuff Spam and scams, phishing extortion (dDoS threat), click fraud data trading, botnet renting, Supporting ‘technologies’ bots and botnets office files, 0-days and rootkits PEBKAC @ Spam and scams The ugly stuff Spam and scams Phishing Extortion Click fraud Small % of victims will still generate profit Spam first, produce later 419-scammers Profit? Rich kids in Lagos Some spam kings are milionairs @ Phishing Victims: end users and businesses English, but also German! Only ‘a few’ clicks needed Profit? ’Rocky Group’ targeted numerous banks. One security firm estimates their ‘proceedings’ at at least US$ 70 million in 9 months. The ugly stuff Spam and scams Phishing Extortion Click fraud @ Extortion Uses, for example, dDoS attacks Hard to counter ‘Tangible’ results Profit? Charge protection money The ugly stuff Spam and scams Phishing Extortion Click fraud @ The ugly stuff Spam and scams Phishing Extortion Click fraud Click fraud Websites that like to receive traffic Website with sponsored links Clic k k c li C Click Click k Clic Profit @ Damage technology is everywhere The ugly stuff Spam and scams, phishing extortion (dDoS threat), click fraud data trading, botnet renting, Supporting ‘technologies’ bots and botnets office files, 0-days and rootkits PEBKAC @ Bots - and botnets • autonomous program • performs actions without user intervention • good or bad? – in the security world: bot = mostly bad • modular – keyloggers, backdoors, packet sniffers – update functionality • large number of bots under one control = botnet • controlled via “Internet Relay Chat” (IRC) • used for malicious / criminal purposes @ What could a bot get? • • • • • • • Hundreds of banks eBay PayPal Hotmail / MSN Messenger Airlines / Various travel agencies Several Universities Yahoo! / Google Mail / Webmail in general • Including .gov.cn, .gov.ae, .gov.in, etc • Medical Transcription Services / Online pharmacies / Hospitals • Online games / Poker / Betting • Online dating / sex sites • ... & much more. @ bots – love banks… and banks… Mellat Bank :: Internet Banking 1st Source Bank :: InfoSource Online 1st Tech Online Banking 4.2 Sydbanks NetBank STATE BANK OF INDIA Safe Banking With SBI idbi bank ABN AMRO Bank Car Loan ANADOLUBANK Trading ANZ Internet Banking ASB BANK FastNet : Sign On Absa Internet Banking Academy Bank, N.A. Addison Avenue Online Banking Akbank Alm. Brand Netbank AmSouth Internet Banking Amagerbanken.net America First Credit Union Web Access Internet Banking Anmeldung Standard Artisans' Bank BCA Internet Banking BMO Bank of Montreal Online Banking BNCR BPS Banca On Line Banco di Napoli Bank Linth Bank One Online Bank Pekao SA Bank of America Asia Ltd. Bank of America Bank of Ireland Bank of Oklahoma Bank of Utah Bank of the West BankAtlantic BankCard Services Net Access: Log In BankNET Power BankSA Internet Banking Logon Page Barclays IBank Barre Savings Bank Online Banking Berliner Sparkasse BusinessWeb Banking CITIBANK Japan Carolina First Bank Login Chevy Chase Bank Online Banking Citibank Citizens Bank Online City National Bank Commerzbank OnlineBanking plus Commonwealth Bank Group Community 1st Credit Union Community State Bank DAB bank AG Login @ … and banks … and a few more DBS Singapore DaimlerChrysler Bank. Die Bank, die bewegt. Denison State Bank Deutsche Bank Dresdner Bank ELBA Electronic Banking EthikBank Farm Bureau Credit Union Fifth Third Bank First Kansas Bank & Trust Company First National Bank First National Bank / Bryan First National Bank of Durango First PREMIER Bank Gold Card First Utah Bank FirstBank FirstBank Southwest Internet Banking Sign On FirstMerit HDFC Bank HSBC Bank Brasil S.A. HSBC Bank USA, N.A. Internet Banking: LOG HSBC Internet Banking Hagerstown Trust Online Banking Logon Hancock Bank Handelsbanken Hannoversche Volksbank Heartland Bank Online Log In Heimabanki SPRON Heritage Bank Hibernia National Bank Huntington Online Banking HypoVereinsbank IBC Bank Online: Login ICICI Bank ING INTRUST Personal OnLine Banking IWBANK IWBank SpA TradinGear IndymacBank SSL VPN Internet Banking: log, on, secure, online, free: HSBC Bank UK Jyske Bank Key Bank Kiwibank internet banking Kookmin Bank Kreissparkasse K?ln: S La Salle Bank: Personal Finance Lake Michigan Credit Union Latvijas Banka Log on to Citibank Online Logan Bank & Trust MB Financial Bank Merchants and Farmers Bank MetaStock Professional Nedbank Nedbank NetBank Internet Banking @ … ehh… did I mention banks? Northwest Savings Bank Nossa Caixa Net Banking Oberbank eBanking Office Bank Safra Ohio Valley Bank: Welcome to Ohio Valley Bank PNC Bank Account Link PREMIER Bankcard, Inc. PSD OnlineBanking Postbank Callback Public Bank Berhad Internet Banking Qantas Staff Credit Union Online Banking RBC Financial Group Rabo Telebankieren Rabobank Raiffeisenbank Baisweil Raiffeisenbank Dietfurt/Altm. eG Raiffeisenbank Haldenwang eG Raiffeisenbank Schierling Rockwood Bank Online Banking SEB InternetBanking & Ordering SSK Magdeburg STATE BANK OF INDIA :: INDIA's LARGEST BANK Santander Direkt Bank Saxo Bank Shanghai Commercial Bank Ltd. Southside Bank Secure Online Banking Sign On Sparkasse Zollernalb Spielbank Wiesbaden St.George Internet Banking Logon Page Standard Bank of South Africa Limited Standard Chartered Bank Hong Kong Limited SunTrust Online Banking TCF Bank The Laredo National Bank U.S. Bank Internet Banking UOB Personal Internet Banking UTI Bank Union Bank on the Web Unizan Bank, National Association Vancity and Citizens Bank Account View Welcome to Family Horizons Credit Union's Home Banking Site! Welcome to First Community Credit Union Online Banking Welcome to First State Bank of Wyoming's Online Banking Welcome to Grand Haven Bank's Internet Banking Welcome to Heritage Bank of Florida Welcome to Katahdin Trust Company's Online Banking Welcome to M&T Online Banking Welcome to Maybank2u.com Online Financial Services Welcome to NetLink Internet Banking Wells Fargo Financial Bank: Online Payment Services Westpac Online banking Willkommen bei der Volksbank Halle/Westf. eG Wing Lung NET Banking Zenith Bank > Internet Banking Login @ Office files •Attacks through Office files died? •Great attack vector: e-mail always works •Tricks users into opening files •By means of 0-day attacks •Also targeted attacks @ Pebkac “Problem Exists Between Keyboard And Chair” @ Damage technology is everywhere The ugly stuff Spam and scams, phishing extortion (dDoS threat), click fraud data trading, botnet renting, Supporting ‘technologies’ bots and botnets office files, 0-days and rootkits PEBKAC @ Damage technology is everywhere The ugly stuff Spam and scams, phishing extortion (dDoS threat), click fraud data trading, botnet renting, Supporting ‘technologies’ bots and botnets office files, 0-days and rootkits PEBKAC @ Damage technology is everywhere “In this case, the impact of the botnet could have been deadly,” said United States Attorney John McKay.” “the government alleges that Maxwell and his coconspirators earned $100,000 in fraudulent payments” “These disruptions affected the hospital’s systems in numerous ways: doors to the operating rooms did not open, pagers did not work and computers in the intensive care unit shut down.” @ your coffee What do we do? you @ @ reaction: work together with law enforcement Damage technology is everywhere The ugly stuff Spam and scams, phishing extortion (dDoS threat), click fraud data trading, botnet renting, defense: technical arms race Supporting ‘technologies’ bots and botnets office files, 0-days and rootkits PEBKAC @ “Concluding the first prosecution of its kind in the United States, a wellknown member of the "botmaster underground" was sentenced this afternoon to nearly five years in prison for profiting from his use of botnets” “Ancheta admitted generating for himself and an unindicted co-conspirator more than $107,000 in advertising affiliate proceeds by downloading adware to more than 400,000 infected computers that he controlled.” “Judge Klausner said: "Your worst enemy is your own intellectual arrogance that somehow the world cannot touch you on this.” @ Thank you! Erik de Jong erik.dejong@govcert.nl