trackin acking g th the e
play

Trackin acking g th the e Rus ussi sian n Bus usin ines - PowerPoint PPT Presentation

Sep 20, 2023 •200 likes •554 views

Trackin acking g th the e Rus ussi sian n Bus usin ines ess s Netw twork rk (RBN) Knowing and understanding the RBN is a useful objective, but surely the main goal is to stop them? RBNexploit.blogspot.com Cambridge University

  1. Trackin acking g th the e Rus ussi sian n Bus usin ines ess s Netw twork rk (RBN) Knowing and understanding the RBN is a useful objective, but surely the main goal is to stop them? RBNexploit.blogspot.com Cambridge University Dec/11/2007 1

  2. Background Steve Gibson's keynote Anti-Spyware Coalition's annual public workshop Jun 07 says it all; “ Really, the way we see this problem needs to change. We need to take proactive actions against bot networks. We need research to set up honeypots, get infected, and trace back to the botnet masters. Right now, we're being too reactive, and we need to become more proactive. ”  Wikipedia and a blog (RBNexploit.blogspot.com)  Jart, et .al ? – US, UK, FR, BE, CN, DE, RU, IN, UA, SE  David Bizeul – RBN Study (FR)  InfoSec community, Journalists  Searching for Evil – Prof Ross Anderson & Dr. Richard Clayton RBNexploit.blogspot.com Cambridge University Dec/11/2007 2

  3. Introduction:  Tracking the RBN – why?  RBN – The Usual Suspects – Keyser Soze = RBN the Internet’s bogey man? – Hiding from us or are we hiding from them?  RBN - Deception and the art of “fear”  RBN - Ghost in the machine (the case of Monster.com)  Linguistics  Law enforcement – Prevention or arrests?  How to stop or can we? RBNexploit.blogspot.com Cambridge University Dec/11/2007 3

  4. RBN – Who? 12 Levashovskiy Prospect. 197110 Saint-Petersburg, - RU RBN Operations Ref: Bizeul.org - 11/21/07 Ref: Bizeul.org - 11/21/07 RBNexploit.blogspot.com Cambridge University Dec/11/2007 4

  5. RBN – What? (a)  The Russian Business Network (commonly abbreviated as RBN) is a Russian Internet Service Provider based in St. Petersburg which is notorious for its hosting of illegal and dubious businesses, including; child pornography, phishing and malware distribution sites. -Wikipedia RBNexploit.blogspot.com Cambridge University Dec/11/2007 5

  6. RBN – What? (b)  The RBN is a multi-faceted criminal based internet business, specializing in and in some cases monopolizing personal identity theft for resale and exploitation. It also manages internet services for child pornography, spam, botnets, and malware distribution. The RBN’s physical beginnings were from St. Petersburg Russia but now makes use of partner and affiliate marketing techniques in several countries to provide a method for organized crime to target victims internationally. RBNexploit.blogspot.com Cambridge University Dec/11/2007 6

  7. RBN – What? (c)  RBN = bunch of web savvy, well organized confidence tricksters, thieves and crackers. Responsible for 60% of online crime. Stealing and profiting from Internet user’s personal information. Tabloid version – avoid mythologizing – the RBN is not Keyser Soze, e.g. in Russia, hackers and RBN are generally considered as folk heroes screwing rich and fat westerners out of ill gotten gains. RBNexploit.blogspot.com Cambridge University Dec/11/2007 7

  8. RBN BN - Deception and the cycle of “fear” • Covert • Personal attack • Falsification • Journalistic fear • Misinformation • Russian Mob Deception Fear Criminal Uncertainty success • Immunity • Law enforcement • Self confidence • Academic security • Wealth • Perfection? RBNexploit.blogspot.com Cambridge University Dec/11/2007 8

  9. Requirements Model Ref: David Bizeul RBNexploit.blogspot.com Cambridge University Dec/11/2007 9

  10. Process Model - Victim Ref: David Bizeul RBNexploit.blogspot.com Cambridge University Dec/11/2007 10

  11. RBN – Purpose and attack vectors One word = Fake!  Occam’s Razor – simplest solution is closest to the truth.  Primarily the RBN’s objective to use any and many alternative means to infect a PC and then gain or extort personal information, and if possible hijack / enslave the PC as zombie. RBNexploit.blogspot.com Cambridge University Dec/11/2007 11

  12. RBN = Fakes (1)  Fake – anti-virus / anti-spyware web sites and products – try for free, get your PC really infected, and buy the solution from them, even if you do not buy the “fake” they have already stolen your personal ID.  Fake – PC video codec web sites and products - try for free, get your PC really infected, and buy the solution from them to solve the problem they cause, and become a zombie.  Fake – Advertising from “Double - Click” on large Internet portal web sites - recently; The Economist, MLB (baseball), NFL (ice hockey), CNN, etc. The ads had iFrame injections within to redirect the web site visitor’s Internet browser to fake anti -virus / codec sites. RBNexploit.blogspot.com Cambridge University Dec/11/2007 12

  13. RBN = Fakes (2)  Fake – Bank emails for phishing personal bank ID information (Rock Phish; Bank of India Hack, Australian bank, and others).  Fake – Legitimate administrator access to web servers, web sites and web forums to inject malware into multiple web pages (e.g. 10,000 web sites on iPower web servers, 15,000 plus web sites on Italian web servers (Gromozon) RBNexploit.blogspot.com Cambridge University Dec/11/2007 13

  14. RBN = Fakes (3)  Fake – Job opportunities / offers by email phishing for personal ID (Monster and CareerBuilder hacks)  Fake – Data encryption, only after a payment is made can you unencrypt your data, and risk further ID theft (Ransom ware)  Fake – Web search items in an attempt to direct a web surfer to an exploit based web page (Google). RBNexploit.blogspot.com Cambridge University Dec/11/2007 14

  15. Linguistics – defining the problem Ethnomethodological approach:  Seek to describe the practices and the methods the RBN uses in their actual descriptions of those settings.  A research approach that describes the social practices ("methods") of its research subjects without the commonly accepted practice of evaluating the validity of those practices from an imposed normative standpoint. RBNexploit.blogspot.com Cambridge University Dec/11/2007 15

  16. Ghost in the machine Words, words, words …..  MPack  IcePack  Storm  Torpig/Anserin/Sinowal, Briz, Haxdoor, Gozi/Banksniff  Gromozon, Zlob  Universal code, ZeuS, Zhelatin, Warezov, Bancos aam, Bzub,Gpcode ai All “BadWare” – polymorphic soon? RBNexploit.blogspot.com Cambridge University Dec/11/2007 16

  17. Ghost in the machine – Monster.com The example of the "ongoing" RBN managed attack on Monster.com, CareerBuilder.com and similar.  Obviously a bad ID theft hack and phishing in itself, 2.4 million+ (known of) personal credentials stolen.  A proportion of the credentials stolen are those technical personnel already within governmental law enforcement organizations or applying for such positions  To be realistic do we think that a few of those individuals could not be personally compromised or bribed to divulge access information?  Try this within your organization (examples gained a 20% bad response) . Approach a few of your lower level technical employees as an outsider with say a 250,000 Euro "cash" offer for network access details, how many would accept? RBNexploit.blogspot.com Cambridge University Dec/11/2007 17

  18. Law Enforcement  The burglary analogy  Research - Help or hinder?  Law enforcement’s response to research ( -ve to +ve)  Insurance, the missing link? (HK marine - COMINT)  Speed of response, 3-4 years for a conviction?  Prevention or arrest?  Behind the “8 ball” ? RBNexploit.blogspot.com Cambridge University Dec/11/2007 18

  19. Law enforcement – issues (1) The RBN are much more sophisticated and organized than 1. we usually give them credit for and even more worrying is they are probably better financed due to their illegal operations.  One of our major problems is due to their "highest" level of skills also in COMINT they know what most law enforcement is doing anyway.  They regularly organize associates to test the defenses of governmental and law enforcement servers and have penetrated many. RBNexploit.blogspot.com Cambridge University Dec/11/2007 19

  20. Law enforcement – issues (2) 2.The sudden move by the RBN Nov 7 th 07 was not due to public disclosure, it is simple to show they planned their deceptive move commencing May 07.  Perhaps they knew certain law enforcement was getting close.  More importantly the old RBNetwork and Seychelles connectivity had become more of a liability than an asset.  Improved fast-flux botnet technology.  Probable political purposes. RBNexploit.blogspot.com Cambridge University Dec/11/2007 20

  21. Law enforcement – issues (3) 3.The RBN is monopolistic, as any major criminal or insurgency organization, they do not approve of competition.  It is well known they see hired "money mules" as disposable  Perhaps they will also allow or quietly provide information to law enforcement information via third parties; on minor, localized or maverick players which also takes the heat off them. RBNexploit.blogspot.com Cambridge University Dec/11/2007 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Techn Technologies ologies for Trackin for Tracking g Nanomaterials in Co Nanomaterials in

Techn Technologies ologies for Trackin for Tracking g Nanomaterials in Co Nanomaterials in

Sensors a Sensors and nd Emerging Emerging Techn Technologies ologies for Trackin for Tracking g Nanomaterials in Co Nanomaterials in Complex mplex Matrices Matrices Wunmi Sadik Department of Chemistry State University of New

792 views • 41 slides
The use The use of Eye Tracking acking Technology in Maritim chnology in Maritime e High-Speed

The use The use of Eye Tracking acking Technology in Maritim chnology in Maritime e High-Speed

23.10.2019 Cdr Odd Sveinung Hareide Technical Manager Electronic Navigation Royal Norwegian Navy Navigation Competence Centre The use The use of Eye Tracking acking Technology in Maritim chnology in Maritime e High-Speed Craft Navigation

129 views • 11 slides
The OPERA experiment O scillation P roject with E mulsion t R acking A pparatus Direct search for

The OPERA experiment O scillation P roject with E mulsion t R acking A pparatus Direct search for

The OPERA experiment O scillation P roject with E mulsion t R acking A pparatus Direct search for the oscillation by looking at the appearance of in a pure beam CNGS program OPERA detector and experimental

609 views • 24 slides
H ACKING HIV: C REATING AND A SSESSING A NOVEL CTL- BASED HIV-1 VACCINE Craig Rouskey Immunity

H ACKING HIV: C REATING AND A SSESSING A NOVEL CTL- BASED HIV-1 VACCINE Craig Rouskey Immunity

H ACKING HIV: C REATING AND A SSESSING A NOVEL CTL- BASED HIV-1 VACCINE Craig Rouskey Immunity Project Waag Society, Amsterdam, NL September 9, 2014 C.Rouskey | Immunity Project | Sept. 2014 I MMUNITY P ROJECT Immunity Project is a non-profit

312 views • 27 slides
P owe rPC Xe n Round Peg, Square Hole? Hollis Blanchard Jimi Xenidis B acking: LTC (Hollis)

P owe rPC Xe n Round Peg, Square Hole? Hollis Blanchard Jimi Xenidis B acking: LTC (Hollis)

P owe rPC Xe n Round Peg, Square Hole? Hollis Blanchard Jimi Xenidis B acking: LTC (Hollis) commitment to productizing on Xen Research commitment to using Xen for Virtualization Research Power.org, commitment to PPC based open

713 views • 8 slides
Co Compute mputer r Vision 3: Detection, , Segmentation and and Tr Trac acking king

Co Compute mputer r Vision 3: Detection, , Segmentation and and Tr Trac acking king

Co Compute mputer r Vision 3: Detection, , Segmentation and and Tr Trac acking king CV3DST | Prof. Leal-Taix 1 The The Te Team Lecturers Prof. Dr. Laura Dr. Aljosa Leal-Taix Osep CV3DST | Prof. Leal-Taix 2 Wh What at

703 views • 33 slides
with Process Mining POC Real-tim ime e proc oces ess perfor ormance nce using g Near r

with Process Mining POC Real-tim ime e proc oces ess perfor ormance nce using g Near r

Accelerate Digital T ransformation with Process Mining POC Real-tim ime e proc oces ess perfor ormance nce using g Near r real-tim ime e invent ntory ory trackin cking g Prob oblem em managem nagement nt Process ocess

162 views • 12 slides
The Tower PENN STATE AE SENIOR THESIS PROJECT SHIVAM PATEL|CONSTRUCTION MANAGEMENT OPTION

The Tower PENN STATE AE SENIOR THESIS PROJECT SHIVAM PATEL|CONSTRUCTION MANAGEMENT OPTION

The Tower PENN STATE AE SENIOR THESIS PROJECT SHIVAM PATEL|CONSTRUCTION MANAGEMENT OPTION ADVISOR: DR GANNON The Tower RESEARCH EARCH TOPIC ANALYSIS YSIS # 2 MATERI RIAL AL TRACKIN KING G TECHNOL HNOLOGIES OGIES IMPLEMEN MENTATI

352 views • 24 slides
Constraint Satisf action CS 486/ 686 May 17, 2005 Universit y of Wat erloo 1 CS486/686

Constraint Satisf action CS 486/ 686 May 17, 2005 Universit y of Wat erloo 1 CS486/686

Constraint Satisf action CS 486/ 686 May 17, 2005 Universit y of Wat erloo 1 CS486/686 Lecture Slides (c) 2005 K. Larson and P. Poupart Outline What are CSPs? St andard search and CSPs I mprovement s Backt r acking

826 views • 57 slides
P art icle Filt ers and Their Applicat ions Kaij en Hsiao Henr y de Plinval-Salgues J ason

P art icle Filt ers and Their Applicat ions Kaij en Hsiao Henr y de Plinval-Salgues J ason

P art icle Filt ers and Their Applicat ions Kaij en Hsiao Henr y de Plinval-Salgues J ason Miller Cognit ive Robot ics April 11, 2005 1 Why Part icle Filt ers? Tool f or t r acking t he st at e of a dynamic syst em modeled by a

1.17k views • 99 slides
Smart Sensing RFID Technology Passi sive, Activ ive e RFID, , Barcode code & BLE based

Smart Sensing RFID Technology Passi sive, Activ ive e RFID, , Barcode code & BLE based

Smart Sensing RFID Technology Passi sive, Activ ive e RFID, , Barcode code & BLE based ed Hybri rid d Asset set Trac acking ing syst stem em Smart Sensing RFID Technology and Management Consultancy Every day, our work helps

579 views • 27 slides
Privacy (Section 7.2.5 on Privacy Attacks) sws2 1 [Peter Steiner,1993] 2 myth

Privacy (Section 7.2.5 on Privacy Attacks) sws2 1 [Peter Steiner,1993] 2 myth

Software and Web Security 2 More attacks on Clients: Privacy (Section 7.2.5 on Privacy Attacks) sws2 1 [Peter Steiner,1993] 2 myth reality Welcome user29. (IP address: 131.174.16.131) RU Nijmegen, NL; male german

1.11k views • 58 slides
CS 528 Mobile and Ubiquitous Computing Lecture 9a: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 9a: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 9a: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Announcement Course Evaluations Now online Will be available from Friday, Dec 7 Will also allow students to do

864 views • 50 slides
Exploring the Insecurity of Google Account Registration Protocol via Model Checking Tian Xie,

Exploring the Insecurity of Google Account Registration Protocol via Model Checking Tian Xie,

Exploring the Insecurity of Google Account Registration Protocol via Model Checking Tian Xie, Sihan Wang, Guan-Hua Tu, Chi-Yu Li and Xinyu Lei IEEE Symposium Series on Computational Intelligence (SSCI) 2019 Presentation Outline Background

452 views • 29 slides
Yahoo! Communities Architectures Ian Flint November 9, 2007 1 Agenda What makes Yahoo!

Yahoo! Communities Architectures Ian Flint November 9, 2007 1 Agenda What makes Yahoo!

Yahoo! Communities Architectures Ian Flint November 9, 2007 1 Agenda What makes Yahoo! Yahoo!? Hardware Infrastructure Software Infrastructure Operational Infrastructure Process Examples 2 What makes Yahoo!

478 views • 26 slides
N etwork safeguards are the first protec- tion barrier of IT sys- tem resources against

N etwork safeguards are the first protec- tion barrier of IT sys- tem resources against

ISSA Journal | October 2007 ISSA The Global Voice of Information Security The Principles of Network Security Design By Mariusz Stawowski Deployment of an effective and scalable network security system requires proper designing

320 views • 3 slides
ECOSYSTEM PRODUCTS FUTURE THE ECOSYSTEM TIZEN 2.1 ADDITIONAL HTML5 APIs RICH HOME

ECOSYSTEM PRODUCTS FUTURE THE ECOSYSTEM TIZEN 2.1 ADDITIONAL HTML5 APIs RICH HOME

ECOSYSTEM PRODUCTS FUTURE THE ECOSYSTEM TIZEN 2.1 ADDITIONAL HTML5 APIs RICH HOME SCREEN EXPERIENCE PERFORMANCE OPTIMIZATION MOBILE Tizen 2 New Major Features [Web] WebKit2 based web framework [Web] State-of-the-art

573 views • 35 slides
OpenAFS Status 2012 Nothing and a lot n Derrick Brashear and Jeffrey Altman n The OpenAFS

OpenAFS Status 2012 Nothing and a lot n Derrick Brashear and Jeffrey Altman n The OpenAFS

OpenAFS Status 2012 Nothing and a lot n Derrick Brashear and Jeffrey Altman n The OpenAFS Project n 16 October 2012 Tuesday, October 16, 12 History n OpenAFS 1.6.0 was released on 1 September 2011. Just 3 years late n You

434 views • 31 slides
Workshop Cooperation at Academic Informatics Education across Balkan Countries and Beyond: The

Workshop Cooperation at Academic Informatics Education across Balkan Countries and Beyond: The

Workshop Cooperation at Academic Informatics Education across Balkan Countries and Beyond: The Impact of Informatics to Society Jelsa, Croatia 2 nd 6 th September 2019 ABSTRACTS Contents Costin Bdic , Amelia Bdic, Elinda Kajo Mee,

850 views • 48 slides
!"#$%&'&()#%*"+,+( H2/:;2*20"(I(!$433,#0(

!"#$%&'&()#%*"+,+( H2/:;2*20"(I(!$433,#0(

!"#$%&'&()#%*"+,+( H2/:;2*20"(I(!$433,#0( H2/:;2*20,&%*(%#%*">4/+(84&23:2+4(72/8+(,#$2(/22$+( -.$/%&'#0(,#12/3%'2#(1/23($4.$(/456,/4+(+"#$%&'&(

667 views • 7 slides
Why Antivirus Software whoami IT-Security Consultant Doing pentesting since two years

Why Antivirus Software whoami IT-Security Consultant Doing pentesting since two years

Why Antivirus Software whoami IT-Security Consultant Doing pentesting since two years This talk is based on private research Before that experience as windows/linux/network admin, a little as web developer and so on...

1.06k views • 49 slides
Tulane SPHTM Information Technology (SPHTM-IT) Spring 2020 http://sph.tulane.edu/grit Oscar

Tulane SPHTM Information Technology (SPHTM-IT) Spring 2020 http://sph.tulane.edu/grit Oscar

Tulane SPHTM Information Technology (SPHTM-IT) Spring 2020 http://sph.tulane.edu/grit Oscar Davila Director for IT odavila@tulane.edu Jason Chamberlain- jchambe2@tulane.edu John Gerone gerone@tulane.edu Mir Islam

1k views • 15 slides
Malware and Exploit Enabling Code Information Assurance CS461/ECE422 Fall 2009 Reading

Malware and Exploit Enabling Code Information Assurance CS461/ECE422 Fall 2009 Reading

Malware and Exploit Enabling Code Information Assurance CS461/ECE422 Fall 2009 Reading Material CS Chapter 22 Ken Thompson and Trojans http://cm.bell-labs.com/who/ken/trust.html Worm Anatomy and Model

744 views • 63 slides
Introduction to Security Malware Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning

Introduction to Security Malware Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning

Introduction to Security Malware Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning Objectives By the end of this week, you will be able to: Describe types of malware See certain malware behaviors Scan and analyze malware

883 views • 25 slides

More recommend