becoming the 6 million dollar man
play

Becoming the 6-million-dollar Man Gunter Ollmann, VP Research - PowerPoint PPT Presentation

Aug 17, 2022 •573 likes •1.38k views

Becoming the 6-million-dollar Man Gunter Ollmann, VP Research gollmann@damballa.com About Gunter Ollmann VP of Research, Damballa Inc. Board of Advisors, IOActive Inc. Brief Bio: Been in IT industry for two decades Built

  1. Becoming the 6-million-dollar Man Gunter Ollmann, VP Research gollmann@damballa.com

  2. About • Gunter Ollmann – VP of Research, Damballa Inc. – Board of Advisors, IOActive Inc. • Brief Bio: – Been in IT industry for two decades – Built and run international pentest teams, R&D groups and consulting practices around the world. – Formerly Chief Security Strategist for IBM, Director of X-Force for ISS, Professional Services Director for NGS Software, Head of Attack Services EMEA, etc. – Frequent writer, columnist and blogger with lots of whitepapers… • http://blog.damballa.com & http://technicalinfodotnet.blogspot.com/ Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann

  3. Southpark Disclaimer 7/18/2010 4

  4. 7/18/2010 5

  5. • What this talk is… – Understanding the profession – Demystifying a sophisticated threat – Examining monetization models • What this talk isn’t… – A “how to” guide on building a better botnet – Being a better criminal 7/18/2010 6

  6. BOTNETS – are not as scary as you may think… 7/18/2010 7

  7. A collection of A piece of “art” “bits and pieces” 7/18/2010 8

  8. Key stages to becoming a millionaire • Build a business plan, • Execute the business plan, • Avoid attention, • Retire early. Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 9

  9. How much of a criminal? • Different countries, different laws… – Botnets may not be illegal – Building/distributing malware may not be illegal • Building botnets for fun & profit – Don’t need to be hard -core criminal – Tools, guides, how- to’s, vendors, sponsors, etc. – It’s a “business like any other” Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 10

  10. A Newbie Botmasters code • Don't get caught – Take extreme care when setting things up – Don't start any bad habits from the beginning – Mistakes & leaks at the beginning are fatal • Don't to criminal harm – Don't want to start a war nor be involved in deeply political events – Don't want to case any deaths – Don't want to get in bed with organized crime (as customers = ok) Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 11

  11. Key things to remember • Resilience is damned important – Triple modular redundancy (TMR) • Botnets are the tool – Don't blame the tool! • Show me the money! – Cashless ecosystems are ok… – …but you can’t retire with them • Want to be rich! – But want to retire rich; not in jail! Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 12

  12. Connecting to the CnC (1) • Separate work from pleasure – Dedicated laptop(s) for building and running the botnet business • (Un)traceability – Change MAC addresses regularly – Different Web browsers and turned off cookie caching. – Use a (patched) base install machine • Encrypt all CnC traffic – Asymmetric keys = much preferred. Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 13

  13. Connecting to the CnC (2) • Deniability is important - – Open WiFi is your friend – Locations that don't have CCTV • Don't connect directly - Ever! – Anonymous proxy and TOR networks are preferred • Hiding in the masses – Academic networks + libraries Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 14

  14. Botnet CnC Connections • Free WiFi access points – Physical location changes • Change the MAC address Apple Stores Atlanta Bread Company Barnes & Noble Border Books Caribou Coffee Hooters Krystal Restaurants McDonalds Office Depot Panera Bread Company Staples Starbucks Etc. Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 15

  15. The Money Framework • Don’t want initial “seed money” traced – Rebate cards and systems • Deniability and no trace back – Visa rebate cards vs gift cards • Theft not necessary initially • Payment for initial services – Domain, NS, hosting, proxy, etc. – Toolkits, plug-ins, exploit packs, contractors Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 16

  16. Transaction Laundering Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 17

  17. Foreign Bank Accounts • Create foreign banking accounts – "In person" account creation = less evidence – May need a physical address • In threes… – Swiss numbered account • Minimum balance to open the account (plus fees) – Cayman Island Account – Panama Bearer Share Corporation account • Bilateral agreements covering fraud – Disclosure of owner details – want to stay away from the fraud aspect • Most accounts include – Credit cards – online banking Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 18

  18. Retirement Planning? • • • • Afghanistan Chad Madagascar Somalia • • • • Algeria China Marshall Islands Sudan • • • • Andorra Comoros Mali Syria • • • • Angola Cote d' Ivoire Maldives Togo • • • • Armenia Congo Mauritania Tunisia • • • • Bahrain Djibouti Mongolia Uganda • • • • Bangladesh Equatorial Guinea Morocco United Arab Emirates • • • Bosnia and Ethiopia Mozambique • Herzegovina Vanuatu • • Gabon Nepal • • Bhutan Vietnam • • Guinea Niger • • Botswana Yemen • • Guinea Bissau Oman • • Brunei Zaire • • Indonesia Philippines • • Burkina Faso Zimbabwe • • Iran Qatar • • Burundi (Plus some more…) • • Ivory Coast Russian Federation • Cambodia • • Jordan Rwanda • Cameroon • • Kuwait Samoa • Cape Verde • • Laos Sao Tome e Principe • Central African • • Lebanon Saudi Arabia Republic • • Libya Senegal aka. non-extradition contries (with the USA) Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 19

  19. A Business Plan • 12 month plan – loaded to the back end - increase profit percentage • Goal of earning $6million within a year – Must be profitable – Don't want to be in Jail – Would prefer to have a robust business • have higher revenue (and profits) in Year 2. • 12 month plan/target – Q1 - $400k - 10% ($40k - $13.3kpm) – Q2 - $800k - 15% ($120k - $40kpm) – Q3 - $1.6m -20% ($320k - $106kpm) – Q4 - $3m - 25% ($750 - $250kpm) – $1.23m profit "tax free” Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 20

  20. Courage? • Getting started in the criminal botnet business isn’t for the feint-hearted. Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 21

  21. The First Botnet • “Off the shelf” DIY botnet construction kit – Zeus, SpyEye, Butterfly, etc. • Seeding torrents & newsgroups – Anonymous submission – Very difficult to trackback – Doesn't rely upon – Natural propagation & infection • Dynamic DNS for CnC – Free and anonymous Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 22

  22. Simple Hierarchical CnC Structure • Multiple CnC servers – Bot agent communications over HTTP – Service paid via reward/rebate cards • First botnet(s) = PoC – Validating principles – Default agent functions – password/identity theft Botmaster Free WiFi Anonymity CnC’s Bots Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 23

  23. Underground Newbie Reputation • Need to build a reputation… – Peer recognition and "trust" is key • Initially rely upon other people vouching – Activity on various hacker/botnet forums • Could use translators to hide identity origins …but probably too much effort – Offer a lot of data/tools for free • Work to establish professional reputation • Value often based upon "freshness" of data • How to pay – Non-revocable money transfers – Volumes of stolen credentials – Segments of a botnet Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 24

  24. Ratings & Reputations 2

  25. Evolution of the “standard” bot agent • As the botnet grows, new demands… – More bots, more spreading – more detection • Malware doing slightly more – Pull back stored personal data – Keylogging etc. – Harvesting more data that may be saleable - email addresses etc. • Malware components become more important – Spend some money on additional functionality – Add a few more malware components that will be installed with the standard deployment – Do some serial variants - with quality control – Release a new variant every day Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 26

  26. Build to Sell 7/18/2010 27

  27. Build to Sell • Important factors in “build to sell” models – Structure of the botnet – Past use/abuse of the botnet – Location of the botnet victims – Robustness of malware agent – Reputation in seller forums • Pre-processing of botnets – Splitting and clustering of related victims – Harvesting of system and user information – Synchronizing malware and CnC channel Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CQRS explained with a million dollar idea What are we going to do? The million dollar idea

CQRS explained with a million dollar idea What are we going to do? The million dollar idea

CQRS explained with a million dollar idea What are we going to do? The million dollar idea Command and query segregation Command and query responsibility segregation Code structure Disclaimer: when (not) to use The million

409 views • 12 slides
The Real Estate Million Dollar Question: Who Will Sell Next? The Real Estate Million

The Real Estate Million Dollar Question: Who Will Sell Next? The Real Estate Million

The Real Estate Million Dollar Question: Who Will Sell Next? The Real Estate Million Dollar Question: Who Will Sell Next? Marketing Without Data = Guessing Most agents develop business by cultivating a specific set of properties in a

413 views • 19 slides
Million Dollar Tradie Number ers s Works kshop 1 16/06/2016 The e Problem blem 2

Million Dollar Tradie Number ers s Works kshop 1 16/06/2016 The e Problem blem 2

16/06/2016 Million Dollar Tradie Number ers s Works kshop 1 16/06/2016 The e Problem blem 2 16/06/2016 The e Op Oppo portunity tunity 3 16/06/2016 4 16/06/2016 5 16/06/2016 The Million Dollar Tradie System For a Profitable,

831 views • 40 slides
THE MILLION DOLLAR QUESTON: WHAT IS BREAK -EVEN AND VIABILITY FOR DIFFERENT FOOD HUB MODELS?

THE MILLION DOLLAR QUESTON: WHAT IS BREAK -EVEN AND VIABILITY FOR DIFFERENT FOOD HUB MODELS?

An NGFN An NGFN Webinar binar THE MILLION DOLLAR QUESTON: WHAT IS BREAK -EVEN AND VIABILITY FOR DIFFERENT FOOD HUB MODELS? March 19, 2015 Presentation Outline Technical Orientation Welcome Jeff Farbman Wallace Center at Winrock

779 views • 59 slides
Budget Crisis For the fifth year in a row the City of Ithaca is facing a multi-million dollar

Budget Crisis For the fifth year in a row the City of Ithaca is facing a multi-million dollar

Budget Crisis For the fifth year in a row the City of Ithaca is facing a multi-million dollar budget deficit When I took office in January the projected deficit for 2013 was $3 million Closing the gap Past Budgets Tax levy

525 views • 25 slides
Farming Secrets of a Million Dollar Agent About Us Branch Office of Keller Williams since

Farming Secrets of a Million Dollar Agent About Us Branch Office of Keller Williams since

Farming Secrets of a Million Dollar Agent About Us Branch Office of Keller Williams since 2010, with Re/Max prior Closed 579 Transactions in 2011, and over 400 in 2012. Have received numerous awards and are currently #1 KW Team

558 views • 40 slides
EXPERIENCE SCOTTSDALE BRANDING SCOTTSDALE 9 MILLION VISITORS Every dollar invested in

EXPERIENCE SCOTTSDALE BRANDING SCOTTSDALE 9 MILLION VISITORS Every dollar invested in

EXPERIENCE SCOTTSDALE BRANDING SCOTTSDALE 9 MILLION VISITORS Every dollar invested in Experience Scottsdale directly generates $67 in visitor spending and $3 in local tax revenue for the benefit of Scottsdale residents. DOWNTOWN THANK YOU

816 views • 20 slides
The Problem blem 1 9/23/2016 The Opp ppor ortu tunity nity 2 9/23/2016 Million Dollar

The Problem blem 1 9/23/2016 The Opp ppor ortu tunity nity 2 9/23/2016 Million Dollar

9/23/2016 Modul dule e 1 How To Operate erate When n Trades desmen en Are As Scar arce As Hens Teeth Team Workshop The Problem blem 1 9/23/2016 The Opp ppor ortu tunity nity 2 9/23/2016 Million Dollar Tradie System 4

613 views • 22 slides
MILLION DOLLAR TRADIE SYSTEMS BOOTCAMP MODU DULE LE 1 SYST STEMS MS MINDSE DSET 1

MILLION DOLLAR TRADIE SYSTEMS BOOTCAMP MODU DULE LE 1 SYST STEMS MS MINDSE DSET 1

19/04/2017 MILLION DOLLAR TRADIE SYSTEMS BOOTCAMP MODU DULE LE 1 SYST STEMS MS MINDSE DSET 1 19/04/2017 THE E PROBL BLEM EM 2 19/04/2017 THE E OPPORTUNITY ORTUNITY 3 19/04/2017 4 19/04/2017 High End Builders Relationship

601 views • 45 slides
Dollar Cost Averaging DCA: invest gradually in equal dollar amounts, rather than investing the

Dollar Cost Averaging DCA: invest gradually in equal dollar amounts, rather than investing the

Why Dollar Cost Averaging Doesnt Work - And Why Investors Use It Anyway Simon Hayley Cass Business School Dollar Cost Averaging DCA: invest gradually in equal dollar amounts, rather than investing the desired total in one lump sum.

413 views • 13 slides
Its Everything CD-level returns. in One Place Access to multi-million-dollar FDIC

Its Everything CD-level returns. in One Place Access to multi-million-dollar FDIC

2 CDARS is the smartest, most secure, and convenient way to invest in large-dollar, FDIC-insured CDs. Why is that? With the CDARS service, you can have it all. Its Everything CD-level returns. in One Place Access to

480 views • 14 slides
Distributed Snapshot One-dollar bank 2 (2,0) (1,2) 1 0 (0,1) Let a $1 coin circulate in a

Distributed Snapshot One-dollar bank 2 (2,0) (1,2) 1 0 (0,1) Let a $1 coin circulate in a

Distributed Snapshot One-dollar bank 2 (2,0) (1,2) 1 0 (0,1) Let a $1 coin circulate in a network of a million banks. How can someone count the total $ in circulation? If not counted properly, then one may think the total $ in

393 views • 28 slides
Split-Dollar Life Insurance Arrangements: Exciting Estate Planning Opportunities What Allows

Split-Dollar Life Insurance Arrangements: Exciting Estate Planning Opportunities What Allows

Split-Dollar Life Insurance Arrangements: Exciting Estate Planning Opportunities What Allows Split-Dollar to Function So Well Presented by: Richard L. Harris, CLU AEP TEP Split-Dollar Basics CONSIDER THIS: Take a dollar bill and cut it in

663 views • 23 slides
Tax Credit Basics Tax credits provide a dollar for dollar offset to a taxpayers tax

Tax Credit Basics Tax credits provide a dollar for dollar offset to a taxpayers tax

Tax Credit Basics Tax credits provide a dollar for dollar offset to a taxpayers tax liability A $100 tax credit reduces taxes by $100; thus a $1 of tax credit today is worth $1 to an investor Tax credit calculations include:

390 views • 6 slides
High Dollar Taste on a Low Dollar Budget Steve Pritchard UNL Extension Educator Special

High Dollar Taste on a Low Dollar Budget Steve Pritchard UNL Extension Educator Special

High Dollar Taste on a Low Dollar Budget Steve Pritchard UNL Extension Educator Special Acknowledgement Chris Calkins & Dennis Burson The Beef Carcass Chuck 30% Rib 10% Loin 17% Round 23% Brisket, Plate & Flank 20% Cheap Chuck

249 views • 21 slides
$1 $10 Bil 0 Billion 35, 35,00 000 New Jobs New Capital Investment Since 2017 $1.87 Billion

$1 $10 Bil 0 Billion 35, 35,00 000 New Jobs New Capital Investment Since 2017 $1.87 Billion

$1 $10 Bil 0 Billion 35, 35,00 000 New Jobs New Capital Investment Since 2017 $1.87 Billion Surplus $1.87 Billion $425 Million SURPLUS DOLLAR RETURNED TO TAXPAYERS. $250 Million $160 Million $2.5 Billion Tax Cut Annual Additional

748 views • 39 slides
Biogeography Introduction to Evolution and Scientific Inquiry Dr. Stephanie J. Spielman;

Biogeography Introduction to Evolution and Scientific Inquiry Dr. Stephanie J. Spielman;

Biogeography Introduction to Evolution and Scientific Inquiry Dr. Stephanie J. Spielman; spielman@rowan.edu Biogeography Biogeography is the study of the geographic distribution of species and the processes which give rise to these

338 views • 20 slides
Socio-Economic Status Index for a Non-Homogenous Society with Distinct Sets of Variables in

Socio-Economic Status Index for a Non-Homogenous Society with Distinct Sets of Variables in

Constructing a Socio-Economic Status Index for a Non-Homogenous Society with Distinct Sets of Variables in Multiple Correspondence Analysis Sugnet Lubbe & Sheetal Silal University of Cape Town, South Africa Nil J le Roux Stellenbosch

413 views • 18 slides
5 th Avenue City Council Workshop August 28, 2017 Tonights Agenda Background & Project

5 th Avenue City Council Workshop August 28, 2017 Tonights Agenda Background & Project

5 th Avenue City Council Workshop August 28, 2017 Tonights Agenda Background & Project Overview 5 th Avenue Opportunity Sites Land Use Considerations Traffic and Parking Transit Utility Considerations RFQ Process

962 views • 42 slides
Core Principles of Financial Management Webinar 1 1 Who Is Our Primary Audience? Our

Core Principles of Financial Management Webinar 1 1 Who Is Our Primary Audience? Our

Core Principles of Financial Management Webinar 1 1 Who Is Our Primary Audience? Our primary audience is grantees and sub- recipients of five Multifamily Housing grant programs: Assisted Living Conversion Program Congregate

713 views • 36 slides
Web 2.0 A Security Nightmare? SSL and Webapps Webmontag Karlsruhe, 29.5.2006 Hanno Bck,

Web 2.0 A Security Nightmare? SSL and Webapps Webmontag Karlsruhe, 29.5.2006 Hanno Bck,

Web 2.0 A Security Nightmare? SSL and Webapps Webmontag Karlsruhe, 29.5.2006 Hanno Bck, http://www.hboeck.de/ Web 2.0 for everyone? Web 2.0 applications should be available for the common user Blog in 1 minute, Get your own

254 views • 11 slides
Paraphrasing HANDOUT 02 - ACADEMIC WRITING INTRODUCTION Writing an academic essay is one

Paraphrasing HANDOUT 02 - ACADEMIC WRITING INTRODUCTION Writing an academic essay is one

Sourced by M J Paraphrasing HANDOUT 02 - ACADEMIC WRITING INTRODUCTION Writing an academic essay is one assignment needed by students in higher educations. In higher education. Students are strongly prohibited to copy-paste others work such

504 views • 6 slides
Interactive Foreground Segmentation in Images and Videos Suyog Jain 1 Foreground Segmentation

Interactive Foreground Segmentation in Images and Videos Suyog Jain 1 Foreground Segmentation

2/9/2017 Interactive Foreground Segmentation in Images and Videos Suyog Jain 1 Foreground Segmentation Generate pixel level foreground masks for objects in a given image or video 2 1 2/9/2017 Why is Foreground Segmentation useful?

416 views • 25 slides
Fixed-Target Program at STAR Daniel Cebra University of California, Davis Daniel Cebra Probing

Fixed-Target Program at STAR Daniel Cebra University of California, Davis Daniel Cebra Probing

Experimental Results on Hadron Production: Reviewing the AGS and the Fixed-Target Program at STAR Daniel Cebra University of California, Davis Daniel Cebra Probing dense baryonic matter with hadrons Slide 1 of 41 Slide 1 of 41 Daniel Cebra

1.07k views • 105 slides

More recommend