fraude online
DESCRIPTION
Charla impartida por Mikel Gastesi y Dani Creus, de S21sec en el evento Asegúr@IT Camp 3, dicho evento tuvo lugar en El Escorial los días 21, 22 y 23 de octubre de 2011.TRANSCRIPT
![Page 1: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/1.jpg)
* [ Fraude Online : Abierto 24 h.]
Dani Creus Mikel Gastesi
![Page 2: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/2.jpg)
* [ Persona(je)s ]
Autores:Dani Creus / Mikel Gastesi
Editores:[S21sec ] + [i64][S21sec ] + [i64]
Gracias a :Chema AlonsoDavid Barroso
Asegura IT Camp III - 2011
![Page 3: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/3.jpg)
* [ Sobre qué… ]
Fraude != e-crimee-crime != Fraudee-crime != FraudeFraude bancario
Asegura IT Camp III - 2011
FRAUDE
![Page 4: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/4.jpg)
* [ El libro … ]
• Visión global del fraude on-line.• Objetivos…Un PC, ¡qué jugoso!• Organización del ecosistema.• Underground.• Underground.• Malware orientado a fraude.• DEMO TIME!•Ejemplo real
Asegura IT Camp III - 2011
![Page 5: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/5.jpg)
* [ Visión global… ]
AseguraIT Camp III 2011
![Page 6: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/6.jpg)
* [ Objetivo : PC ]
![Page 7: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/7.jpg)
* [ Objetivo : PC ]
2011Windows
7
Windows
Vista
Windows
2003
Windows
XPLinux Mac Móviles
Septiembre 42.2% 5.6% 0.8% 36.2% 5.1% 8.6% 0.9%
Agosto 40.4% 5.9% 0.8% 38.0% 5.2% 8.2% 0.9%
AseguraIT Camp III 2011
Julio 39.1% 6.3% 0.9% 39.1% 5.3% 7.8% 1.0%
Junio 37.8% 6.7% 0.9% 39.7% 5.2% 8.1% 0.9%
Mayo 36.5% 7.1% 0.9% 40.7% 5.1% 8.3% 0.8%
Abril 35.9% 7.6% 0.9% 40.9% 5.1% 8.3% 0.8%
![Page 8: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/8.jpg)
* [ Objetivo : Smartphones ]
![Page 9: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/9.jpg)
* [ Ecosistema : Infraestructuras]
AseguraIT Camp III 2011
•Botnets: •Supervivencia = Ocultación o Fortificación del C&C
•Bullet Proof Hosting•Arquitecturas de red que oculten el C&C
![Page 10: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/10.jpg)
* [ Ecosistema : Infraestructuras]
Fast-flux
AseguraIT Camp III 2011
![Page 11: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/11.jpg)
* [ Ecosistema : Infraestructuras]Doble Fast-flux
AseguraIT Camp III 2011
![Page 12: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/12.jpg)
* [ Ecosistema : Infraestructuras]
•Bloquear IPs•Descargas de un solo uso•Protocolos de comunicación propios•Detección AV
AseguraIT Camp III 2011
Tricks, tricks tricks
•Detección AV•Falsear hash
•Demo!•…
![Page 13: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/13.jpg)
* [ Ecosistema : Distribución]
AseguraIT Camp III 2011
![Page 14: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/14.jpg)
* [ Ecosistema : Distribución]
AseguraIT Camp III 2011
![Page 15: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/15.jpg)
* [ Ecosistema : Distribución]
AseguraIT Camp III 2011
![Page 16: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/16.jpg)
* [ Ecosistema : Infección]
AseguraIT Camp III 2011
![Page 17: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/17.jpg)
* [ Ecosistema : Infección]
AseguraIT Camp III 2011
![Page 18: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/18.jpg)
* [ Ecosistema: “Humanos” ]
Especialización
Sofisticación
AseguraIT Camp III 2011
Diversificación
![Page 19: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/19.jpg)
* [ Ecosistema: Roles]
Técnico
Exploit Kits
StealersDevelopers
Soporte
Dealers
Others
…
AseguraIT Camp III 2011
GestiónComercial
Cashiers
Drops
Mules
BossesLeaders…
![Page 20: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/20.jpg)
* [ Fraud Underground]
Definición.Esquemas.Mercado.Comunidades.
AseguraIT Camp III 2011
Comunidades.
Monetización.
CARDING.
![Page 21: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/21.jpg)
* [ Esquemas]
• Spam.• Mundos virtuales• Póker & Casinos.
AseguraIT Camp III 2011
• Póker & Casinos.• Publicidad.
• Otros…
![Page 22: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/22.jpg)
* [ Esquemas : SPAM]
AseguraIT Camp III 2011
Source : m86security
![Page 23: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/23.jpg)
* [ Esquemas : MMORPG]
AseguraIT Camp III 2011
![Page 24: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/24.jpg)
* [ Esquemas : MMORPG]
AseguraIT Camp III 2011
![Page 25: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/25.jpg)
* [ Esquemas : Poker, etc…]
AseguraIT Camp III 2011
![Page 26: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/26.jpg)
* [ Esquemas : Publicidad ]
AseguraIT Camp III 2011
![Page 27: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/27.jpg)
* [ Esquemas : Otros… ]
AseguraIT Camp III 2011
![Page 28: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/28.jpg)
* [ Fraud Underground : Mercado ]
AseguraIT Camp III 2011
![Page 29: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/29.jpg)
* [ Mercados…]
AseguraIT Camp III 2011
![Page 30: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/30.jpg)
* [ Mercados….]
RDP
SPAM
AseguraIT Camp III 2011
Socks
VPN
RDP
![Page 31: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/31.jpg)
* [Mercado…]
AseguraIT Camp III 2011
20.000 BOTS
![Page 32: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/32.jpg)
* [ Mercados…]
AseguraIT Camp III 2011
![Page 33: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/33.jpg)
* [ Underground : Mercado]
AseguraIT Camp III 2011
![Page 34: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/34.jpg)
* [ Mercados… ]
AseguraIT Camp III 2011
![Page 35: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/35.jpg)
* [ Mercados… ]
Censored
Cen
sore
d
AseguraIT Camp III 2011
Censored
Cen
sore
d
![Page 36: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/36.jpg)
* [ Mercados… ]
AseguraIT Camp III 2011
The only limit is your imagination! Originals designs can be designed from any country worldwide, and in any language of your
choice... from Scuba instructor, Warranty, Security, Massage Therapist, Auto Mechanic Instructor, Business License, Award, Real
Estate, Degree and Diploma Certificates. Various Degrees, Ordained Minister, Royalty Titles, Kung Fu Master, Club Member,
Library, Student, Identity, Insurance, Permit, Scuba Diver, International Driver, Frequent Flyer, Novelty Id Cards, Fake Driver
License, Driver Permits, Security Social Card, Ski Lift Card, New Identity, Membership cards, CIA, DEA, FBI, Private Detective,
Bondsman, Bounty Hunter, Casino, Press, Access Cards and much more...or virtually any kind of product you desire.
![Page 37: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/37.jpg)
* [ Mercados… ]
AseguraIT Camp III 2011
![Page 38: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/38.jpg)
* [ Underground : Formación]
AseguraIT Camp III 2011
![Page 39: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/39.jpg)
* [ Underground : Formación]
AseguraIT Camp III 2011
![Page 40: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/40.jpg)
* [Underground : Comunidades]* [Underground : Comunidades]
AseguraIT Camp III 2011
![Page 41: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/41.jpg)
* [ Underground : Comunidades]
AseguraIT Camp III 2011
![Page 42: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/42.jpg)
* [ Underground : Comunidades]
AseguraIT Camp III 2011
![Page 43: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/43.jpg)
* [ Underground : Historia ]
AseguraIT Camp III 2011
![Page 44: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/44.jpg)
* [ Underground : Historia]
AseguraIT Camp III 2011
![Page 45: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/45.jpg)
* [ Underground : Movidas ]
AseguraIT Camp III 2011
![Page 46: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/46.jpg)
* [CARDING ]* [CARDING ]
AseguraIT Camp III 2011
![Page 47: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/47.jpg)
* [Carding]El arte de manipular/usar/robar * bancarias
Virtual Carding VS Real Carding…
AseguraIT Camp III 2011
CID/CVV2/CVC2/Manual CID
V/MC/AMEX : CVV1/CVC1/CID
![Page 48: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/48.jpg)
* [Carding]DUMPZ / DUMPS / TRACKS
AseguraIT Camp III 2011
![Page 49: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/49.jpg)
* [Carding]Skimmers (I)
AseguraIT Camp III 2011
![Page 50: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/50.jpg)
* [Carding]Skimmers (III)
AseguraIT Camp III 2011
![Page 51: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/51.jpg)
* [Carding]Skimmers (III)
AseguraIT Camp III 2011
..15 segundos
![Page 52: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/52.jpg)
* [Carding]Menos sofisticados…
AseguraIT Camp III 2011
![Page 53: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/53.jpg)
* [Carding]Aún menos…
AseguraIT Camp III 2011
![Page 54: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/54.jpg)
* [Carding]¿Y después… ?
AseguraIT Camp III 2011
![Page 55: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/55.jpg)
* [Carding]EMV (Chip and PIN)
AseguraIT Camp III 2011
![Page 56: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/56.jpg)
* [Monetización]
Compra-ventas SubastasDrops
Servicios legítimos Muleros
AseguraIT Camp III 2011
In-store carding
virtual carding
![Page 57: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/57.jpg)
* [ Troyanos bancarios ] …BankpatchSilentBankerSinowalSinowalCarberpSpyEyeZeuS / Zbot…
AseguraIT Camp III 2011
![Page 58: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/58.jpg)
* [ Autenticación ]
Virtual keyboard
Code cardPasswordID +
OTP Token
SMS : mTAN
PasswordID +2FA
AseguraIT Camp III 2011
![Page 59: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/59.jpg)
* [ Malware vs Autenticación ]
Virtual keyboard
Code cardPasswordID +
CAPTURAS DE PANTALLA
PHISHINGKEYLOGGING
PHARMING
OTP Token
SMS : mTAN
PasswordID +MITB
INYECCIÓN DE CÓDIGO
FORM GRABBING
AseguraIT Camp III 2011
![Page 60: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/60.jpg)
Tarjeta de coordenadas* [Robo de credenciales: 2FA ]
pharming, phishing, inyección…AseguraIT Camp III 2011
![Page 61: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/61.jpg)
Token mTAN
* [Robo de credenciales : 2FA]
…MITB, infección del móvil
AseguraIT Camp III 2011
![Page 62: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/62.jpg)
* [ Malware DEMO ]* [ Malware DEMO ]
AseguraIT Camp III 2011
![Page 63: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/63.jpg)
* [ Evolución de ZeuS ]
•Filtrado del código fuente•Ice IX
•ZeuS “v2.3.2.0”•Ramnit
• Además•Murofet
•Murofet v2.0
AseguraIT Camp III 2011
![Page 64: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/64.jpg)
* [ Preguntas ? ]
AseguraIT Camp III 2011
![Page 65: Fraude online](https://reader036.vdocuments.us/reader036/viewer/2022081421/55662082d8b42a61238b4ab9/html5/thumbnails/65.jpg)
* [ Gracias!! ][email protected]@[email protected]