black market botnets black market botnets
play

Black Market Botnets Black Market Botnets Nathan Friess Friess - PowerPoint PPT Presentation

Aug 18, 2022 •332 likes •570 views

Black Market Botnets Black Market Botnets Nathan Friess Friess Nathan John Aycock Aycock John Ryan Vogt Ryan Vogt Department of Computer Science Department of Computer Science University of Calgary University of Calgary Canada Canada

  1. Black Market Botnets Black Market Botnets Nathan Friess Friess Nathan John Aycock Aycock John Ryan Vogt Ryan Vogt Department of Computer Science Department of Computer Science University of Calgary University of Calgary Canada Canada

  2. Botnets: Current Scenario : Current Scenario Botnets � Infect computers Infect computers � � Spam attachments/links, drive Spam attachments/links, drive- -by downloads by downloads � � Control victim Control victim � � Spam Spam botnets botnets � � Gather data Gather data � � Key loggers, monitor network traffic Key loggers, monitor network traffic �

  3. “Interesting Interesting” ” Data Data “ � Identity: Passwords, PINs, SSN Identity: Passwords, PINs, SSN � � Financial: Credit Cards, Tax Returns Financial: Credit Cards, Tax Returns � � Corporate Secrets Corporate Secrets � � Design Documentation, Schematics Design Documentation, Schematics � � Financial Reports Financial Reports � � Personal Secrets Personal Secrets � � Latest gossip on celebrities Latest gossip on celebrities � � Illegal Files, Terrorist Plans Illegal Files, Terrorist Plans �

  4. Our Prediction Our Prediction � More types of data will be stolen and used More types of data will be stolen and used � for profit for profit

  5. Our Prediction Our Prediction � More types of data will be stolen and used More types of data will be stolen and used � for profit for profit

  6. The Business Case The Business Case Passwords Credit Cards Volume Celebrity Secrets Trade Secrets Love Letters ??? Available Data

  7. Gozi: A First Step : A First Step Gozi � February 2007 February 2007 � � Monitor HTTP POST requests (even SSL) Monitor HTTP POST requests (even SSL) � � Upload POST data to central server Upload POST data to central server � � Customers search for data (based on web Customers search for data (based on web � site, form fields, etc.) and pay to download site, form fields, etc.) and pay to download � Doesn Doesn’ ’t upload local files t upload local files � � Limited searching capabilities Limited searching capabilities �

  8. Black Market Botnets Black Market Botnets ��������� ������ ���������

  9. Black Market Botnets Black Market Botnets ��������� ������ ������ ��������� Basic Architecture

  10. Black Market Botnets Black Market Botnets ��������� ������ ������ ������ ��������� ������ Basic Architecture

  11. Black Market Botnets Black Market Botnets ��������� “Bunnies” ������ ������ ������ ��������� ������ Basic Architecture

  12. Black Market Botnets Black Market Botnets ��������� ������ ������ ������ ��������� ������ Basic Architecture

  13. Black Market Botnets Black Market Botnets ��������� ������ ������ ��������� Advanced Architecture

  14. Black Market Botnets Black Market Botnets ��������� ������� ������ ������� ������ ��������� Advanced Architecture

  15. Black Market Botnets Black Market Botnets ��������� ������� ������ ������� ������ ��������� Advanced Architecture

  16. Black Market Botnets Black Market Botnets ��������� ������� ������ ������� ������ ��������� Advanced Architecture

  17. Interesting Document Interesting Document Indicators Indicators � Document Types: .TAX Document Types: .TAX � � Financial Data: Spreadsheets Financial Data: Spreadsheets � � Specific Vocabulary: Specific Vocabulary: � Technical Terms, Poetry Technical Terms, Poetry � Activity: Recently Edited, Viewed Activity: Recently Edited, Viewed �

  18. Auction Infrastructure Auction Infrastructure � eBay eBay � � Hide document fragments Hide document fragments � using steganography steganography using � Legitimate cover for fund Legitimate cover for fund � transfer transfer � Don Don’ ’t really need to ship a physical product t really need to ship a physical product � � Existing model: drug trafficking Existing model: drug trafficking �

  19. Additional Markets Additional Markets � Victims pay Victims pay botmaster botmaster to not publish to not publish � documents: Bidding Wars documents: Bidding Wars � Pre Pre- -seed seed botnet botnet with customer queries with customer queries � � Allow customers to write scripts to search Allow customers to write scripts to search � for specific data for specific data

  20. Defenses Defenses � Avoid being infected Avoid being infected � � Limit document exposure Limit document exposure � � Keep archived files offline Keep archived files offline � � Hide documents using Hide documents using steganography steganography �

  21. Defenses Defenses � Digital Rights Management Digital Rights Management � � Investigate leaks Investigate leaks � � Fingerprint documents, trace back to Fingerprint documents, trace back to � infected computer infected computer � Follow money trail, trace back to Follow money trail, trace back to botmaster botmaster � � Actively attack document gathering Actively attack document gathering � � Insert useless documents into Insert useless documents into botnet botnet �

  22. Conclusions Conclusions � Valuable data is available in Valuable data is available in botnets botnets � � It is already possible to connect data and It is already possible to connect data and � customers customers � A black market for data can exist, even if A black market for data can exist, even if � botmasters don don’ ’t know what is in demand t know what is in demand botmasters

  23. Black Market Botnets Black Market Botnets Nathan Friess Friess Nathan John Aycock Aycock John Ryan Vogt Ryan Vogt Department of Computer Science Department of Computer Science University of Calgary University of Calgary Canada Canada

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr hrea eats ts of inte of intern rnet et Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets?

722 views • 35 slides
Botnets CS 598: Advanced Internet Presented by: Imranul Hoque How to Study Botnets? Passive

Botnets CS 598: Advanced Internet Presented by: Imranul Hoque How to Study Botnets? Passive

Botnets CS 598: Advanced Internet Presented by: Imranul Hoque How to Study Botnets? Passive analysis Study spam e-mail, DNS queries by bot-infected machines, DNS blacklists, analyze network traffic, etc. Infiltration Todays

686 views • 15 slides
NECST laboratory BOTNETS FUNDING ETC. . @syssecproject SysSec Project:

NECST laboratory BOTNETS FUNDING ETC. . @syssecproject SysSec Project:

PHOENIX & CERBERUS We haz botnets! #Honeynet2014 Stefano Schiavoni, Edoardo Colombo Federico Maggi Lorenzo Cavallaro Stefano Zanero Politecnico Di Milano & Royal Hollway, University of London NECST laboratory BOTNETS FUNDING ETC.

1.28k views • 107 slides
BOTNETS GRAD SEC NOV 21 2017 TODAYS PAPERS BOTNETS Collection of compromised machines

BOTNETS GRAD SEC NOV 21 2017 TODAYS PAPERS BOTNETS Collection of compromised machines

BOTNETS GRAD SEC NOV 21 2017 TODAYS PAPERS BOTNETS Collection of compromised machines (bots) under unified control of an attacker (botmaster) Method of compromise decoupled from method of control Launch a worm/virus, etc.:

790 views • 16 slides
Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic

Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic

Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic Giroire Nina Taft Eve Schooler Mascotte project I3S (CNRS, Univ. of Nice) Intel Labs INRIA Sophia Antipolis Botnets: Why care? Botnet

888 views • 46 slides
Growth and Scalability Joe Black "product/market fit means being in a good market with a

Growth and Scalability Joe Black "product/market fit means being in a good market with a

Growth and Scalability Joe Black "product/market fit means being in a good market with a Product that can satisfy that market" -Marc Andreesen Andreessen has always been a multi-stage investment firm, but really the opportunity

454 views • 10 slides
Botnets: a Growing Threat Increasing awareness, but there is a dearth of hard facts especially

Botnets: a Growing Threat Increasing awareness, but there is a dearth of hard facts especially

Studying Spamming Botnets Using BotLab Arvind Krishnamurthy Joint work with: John John, Alex Moshchuk, Steve Gribble University of Washington Botnets: a Growing Threat Increasing awareness, but there is a dearth of hard facts especially

291 views • 15 slides
Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats

Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats

Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats threats of of interne internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot

379 views • 27 slides
The Cross-Market Spillover of Shocks through Multi-Market Banks Jose Berrospide, Lamont Black and

The Cross-Market Spillover of Shocks through Multi-Market Banks Jose Berrospide, Lamont Black and

The Cross-Market Spillover of Shocks through Multi-Market Banks Jose Berrospide, Lamont Black and William Keeton Federal Reserve Board and FRB of Kansas City Bocconi University Symposium October 10, 2011 The views expressed do not necessarily

722 views • 26 slides
the global market challenges Sergey Feofilov UkrAgroConsult 16 Th International Black Sea Grain

the global market challenges Sergey Feofilov UkrAgroConsult 16 Th International Black Sea Grain

Black Sea region facing the global market challenges Sergey Feofilov UkrAgroConsult 16 Th International Black Sea Grain Conference April 10-11, 2019 yiv Disclaimer Past performance is no guarantee of future results. The opinions

399 views • 36 slides
ON THE AFRICAN AMERICAN/BLACK MARKET Natalie Kates Antonieta Echezura Fernando Rodriguez

ON THE AFRICAN AMERICAN/BLACK MARKET Natalie Kates Antonieta Echezura Fernando Rodriguez

ON THE AFRICAN AMERICAN/BLACK MARKET Natalie Kates Antonieta Echezura Fernando Rodriguez Defining the African American/Black Market The U.S. Census defines African Americans/Blacks as people who have origins in, or are descendents from,

371 views • 19 slides
Botnets Secret Puppetry With Computers Balaji Prasad T.K ( bpt@email.arizona.edu ) Nupur

Botnets Secret Puppetry With Computers Balaji Prasad T.K ( bpt@email.arizona.edu ) Nupur

Botnets Secret Puppetry With Computers Balaji Prasad T.K ( bpt@email.arizona.edu ) Nupur Maheshwari ( nupurm@email.arizona.edu ) Department of Computer Science University of Arizona April 22, 2012 What are Botnets? 1 Technical Overview 2

895 views • 37 slides
Spamming Botnets: Signatures and Characteris5cs Xie et al.

Spamming Botnets: Signatures and Characteris5cs Xie et al.

Spamming Botnets: Signatures and Characteris5cs Xie et al. Presented by Kyle Mar5n <kyle.mar5n@knights.ucf.edu> The Problems Botnets The Problems

823 views • 36 slides
RUSSIAN BLACK MARKET sh-3.2# whoami Alan Kakareka, CISSP, GSNA, GSEC, CEH, MCP, MCDST, Net+,

RUSSIAN BLACK MARKET sh-3.2# whoami Alan Kakareka, CISSP, GSNA, GSEC, CEH, MCP, MCDST, Net+,

INSIGHT INTO RUSSIAN BLACK MARKET sh-3.2# whoami Alan Kakareka, CISSP, GSNA, GSEC, CEH, MCP, MCDST, Net+, Sec+ MS MIS @FIU CTO and founder of Demyo, Inc. Demyo, Inc. AND I ENJOY GREEN LETTERS ON BLACK BACKGROUND Demyo, Inc. WHAT

646 views • 32 slides
Botnets Some slides taken from David Choffnes, Northeastern

Botnets Some slides taken from David Choffnes, Northeastern

Botnets Some slides taken from David Choffnes, Northeastern https://www.justice.gov/usao-cdca/pr/justice-department- announces-court-authorized-efforts-map-and-disrupt-botnet- used-north

707 views • 32 slides
Effective features for detecting Effective features for detecting IRC botnets IRC botnets

Effective features for detecting Effective features for detecting IRC botnets IRC botnets

Effective features for detecting Effective features for detecting IRC botnets IRC botnets Claudio Mazzariello, Carlo Sansone Carlo Sansone Claudio Mazzariello, Dipartimento di Informatica e Sistemistica Dipartimento di Informatica e

614 views • 19 slides
Project General Presentation This project hasreceived funding from the European Unions Horizon

Project General Presentation This project hasreceived funding from the European Unions Horizon

Project General Presentation This project hasreceived funding from the European Unions Horizon 2020 research and innovation programme under grant agreement No 732505 Project Information Project Number: 732505 Project Acronym:

236 views • 10 slides
High Performance Actors Kiki, principal enterprise architect @ Lightbend What we mean by

High Performance Actors Kiki, principal enterprise architect @ Lightbend What we mean by

High Performance Actors Kiki, principal enterprise architect @ Lightbend What we mean by Reactive React to React to React to Users Failures Load Variance Low latency Graceful, Non-catastrophic Responsive in the face of Recovery

987 views • 64 slides
Cassandra Jonathan Ellis Motivation Scaling reads to a relational database is hard

Cassandra Jonathan Ellis Motivation Scaling reads to a relational database is hard

Cassandra Jonathan Ellis Motivation Scaling reads to a relational database is hard Scaling writes to a relational database is virtually impossible and when you do, it usually isn't relational anymore The new face of data

1.08k views • 44 slides
Middleware for Gossip Protocols Michael Chow and Robbert van Renesse Cornell University Mo:va:on

Middleware for Gossip Protocols Michael Chow and Robbert van Renesse Cornell University Mo:va:on

Middleware for Gossip Protocols Michael Chow and Robbert van Renesse Cornell University Mo:va:on Gossip protocols are highly robust Problema:c when an error does occur E.g. Amazon S3 6 hours to fix an otherwise simple problem

635 views • 37 slides
Parent Ambassadors Marketing March 31, 2016 Kurt Lewis Director of Enrollment Marketing

Parent Ambassadors Marketing March 31, 2016 Kurt Lewis Director of Enrollment Marketing

Parent Ambassadors Marketing March 31, 2016 Kurt Lewis Director of Enrollment Marketing Archdiocese of Chicago Office of Catholic Schools 4/6/2016 March 31, 2016 NCEA Convention & Expo l San Diego, CA l March 29-31, 2016 PARENT

688 views • 41 slides
#RP30 Automated Deployment and Scaling of Named Data Networks in Cloud Environments Sean Liao

#RP30 Automated Deployment and Scaling of Named Data Networks in Cloud Environments Sean Liao

#RP30 Automated Deployment and Scaling of Named Data Networks in Cloud Environments Sean Liao Supervisor: Zhiming Zhao 1 Next 20 mins... Some academic(s) arrive to tell us that (once again) they have Fixed the Internet, and (once again) it

737 views • 46 slides
Centre for Housing, Urban and Regional Planning (CHURP) Dr Kristine Peters

Centre for Housing, Urban and Regional Planning (CHURP) Dr Kristine Peters

Centre for Housing, Urban and Regional Planning (CHURP) Dr Kristine Peters Visiting Fellow, Centre for Housing, Urban and Regional Planning Adelaide University, Australia

225 views • 8 slides
ITV plc Interim Results 2009 6 th August 2009 Interim Results 2009 0 Overview Michael Grade

ITV plc Interim Results 2009 6 th August 2009 Interim Results 2009 0 Overview Michael Grade

ITV plc Interim Results 2009 6 th August 2009 Interim Results 2009 0 Overview Michael Grade Interim Results 2009 1 Agenda Overview Michael Grade Financial review Ian Griffiths Operating review and current trading John

720 views • 43 slides

More recommend