the underground economy 3.0
TRANSCRIPT
![Page 1: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/1.jpg)
![Page 2: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/2.jpg)
2
THE UNDERGROUND ECONOMY 3.0THE NEVERENDING STORY
EDDY WILLEMSSECURITY EVANGELIST DIRECTOR EICAR – AMTSO - LSEC
![Page 3: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/3.jpg)
Over 400.000 new malware samples each day Over 400.000.000 malware ... Invisible: Money Gain => Cybercrime!
THE PROBLEM
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 3
![Page 4: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/4.jpg)
WHAT CYBERCRIMINALS REALLY WANT?
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 4
![Page 5: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/5.jpg)
‘THE TOOL’ OF A CYBERCRIMINAL: BOTNETS
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 5
![Page 6: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/6.jpg)
BOTNET, EVERYTHING WHAT THE CRIMINAL WANT
High Internet Bandwidth- Spam and Phishing- DDoS attacks- The Cloud misuse
Specific money targets (in the cloud)- Emails- Bankaccounts, Paypal, accounts with low authentication
Other money targets (on disk)- Steam accounts- Bitcoin wallets
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 6
![Page 7: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/7.jpg)
HOW DO WE GET INFECTED: THE SECOND LAW (OF WILLEMS)
CBP = TF x HFCBP = Cybersecurity Problem
TF = Technological Factor (malware, mal.links, exploits, etc)HF = Human Factor (fear, curious, naive, money gain, etc)
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 7
![Page 8: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/8.jpg)
PRIVATE DATA: DRIVING FACTOR OF CYBERCRIME!
Email address- Spam- Phishing- Infections
Email accounts- Fraude and misuse contacts- ID Theft- Access to other accounts (Social Media, e-commerce…)
Bank data- Illegal purchases- Online banking fraude
Targeted attacks- Every data can be (mis)used and is interesting to sell: docs(word,xls,ppt,pdf), pics, etc …
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 8
![Page 9: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/9.jpg)
9
ESSENTIAL PLATFORM FOR CYBERCRIME
BLACKMARKET
![Page 10: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/10.jpg)
WHY A BLACKMARKET ?
Know your enemy- Technical Trends- Marketing possibilities- New exploit codes
Information gathering- About detection- Learn about the seller or designer
Measuring the level of threat- Growth of codes- Changes in supply and prices
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 10
![Page 11: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/11.jpg)
BLACKMARKET SYSTEM (BUYING AND/OR SELLING)
Botnet Eco-System
Services:Spam, Phishing,Botnet, Ransom, Spyware, DDoS…
Products:Exploits, Tools,(private) Data,Weapons, Drugs,Illegal ID’s …
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 11
![Page 12: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/12.jpg)
SPECIALISED BLACK MARKETS
To do a proper attack a cybercriminal needs - Knowledge- Data - Tools
Most of them only knows parts of it Everything can be found in the underground forum
and markets if you look carefully
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 12
![Page 13: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/13.jpg)
SOME PLACES IN THE UNDERGROUND
SilkRoad Reloaded DeepBay Pandora Agora And several WebShop…
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 13
![Page 14: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/14.jpg)
WITH DIFFERENT RIGHTS AND PERMISSIONS
Available at Deep Web Access via TOR or I2P Some stuff is free
- Webshops- Large variety
Other stuff isn’t free- Depending on your reputation- A new buyer has to prove himself- All over encrypted email/boards
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 14
![Page 15: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/15.jpg)
PRICING THE TOOLS: PARTS OF MALWARE FOR THE EXPERTS
RAT : Control the System
Stealer : Information gathering and copy
Crypter : tool to encrypt documents, etc automatically
Bot : Total package including several options
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 15
![Page 16: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/16.jpg)
PRICING SERVICES: YOU DON’T NEED TO BE AN EXPERT!
Installation of malware on 1000 machines
Camouflage technique to avoid detection with Antivirus
DDoS : attack per hour/day/week
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 16
![Page 17: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/17.jpg)
17G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015
MARKETING !!! INFOGRAPHICS
![Page 18: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/18.jpg)
18
EVERYTHING FOR EVERY PRICE
SALES ON THE BLACKMARKET
![Page 19: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/19.jpg)
THE PRICE OF (YOUR) PRIVATE DATA ON THE BLACKMARKET
70 $ Complete ID 50 $
Bank Account
0,000075 $
Email Address
0,0005 $
Email account
50 $
Paypal account
50 $
Credit Card
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 19
![Page 20: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/20.jpg)
BUYING/SELLING ON THE BLACKMARKET
E-commerce Credit cards
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 20
![Page 21: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/21.jpg)
BUYING/SELLING ON THE BLACKMARKET
E-commerce Paypal accounts
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 21
![Page 22: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/22.jpg)
BUYING/SELLING ON THE BLACKMARKET
E-commerce Illegal documents and ID’s
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 22
![Page 23: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/23.jpg)
BUYING/SELLING ON THE BLACKMARKET
E-commerce Weapons
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 23
![Page 24: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/24.jpg)
BUYING/SELLING ON THE BLACKMARKET
E-commerce Drugs
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 24
![Page 25: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/25.jpg)
FROM VIRTUAL TO REAL MONEYINJECTING THE MONEY IN THE REAL WORLDMONEY LAUNDERING
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 25
![Page 26: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/26.jpg)
TRANSFORMING FROM VIRTUAL TO REAL MONEY
MONEY MULES:- Transferring money from one account to
another and get a fee (eg. 5% )- Let others use your account to transfer
money and earn money USE PROXY MONEY MULES
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 26
![Page 27: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/27.jpg)
TRANSFORMING FROM VIRTUAL TO REAL MONEY
HOUSE DROPS – DROP ZONES
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 27
![Page 28: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/28.jpg)
TRANSFORMING FROM VIRTUAL TO REAL MONEY
Credit card accounts can be credited with virtual money: withdraw money
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 28
![Page 29: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/29.jpg)
VIRTUAL MONEY: THE NEW WAY
Over 100 virtual money ‘coins’ Used in several ways
- Depending on the marketplace - Depending on the country
Transactions can easily be done Anonymisation of the bank account holder
Virtual money is ideal to start with in these parallel worlds and market places
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 29
![Page 30: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/30.jpg)
TRANSFORMING FROM VIRTUAL TO REAL MONEY
Distribution Network of ATM Bitcoin machines
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 30
![Page 31: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/31.jpg)
TRANSFORMING FROM VIRTUAL TO REAL MONEY
Online gambling industry not really worried
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 31
![Page 32: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/32.jpg)
32
HUMAN AWARENESS IS THE FIRST IMPORTANT SECURITY MEASURESECURITY PACKAGES AT EVERY OS/SYSTEM, UPDATES, BACKUPS, ETC…
TOOLS AGAINST CYBERCRIMINALS
![Page 33: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/33.jpg)
I WAS NOT EXAGERATING ABOUT THE CARS… SOME EXAMPLES
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 33
![Page 34: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/34.jpg)
SOMETIMES …
Original Silk Road Owner : Ross Ulbricht sentenced to life in 2015 (earned 187 Million dollars)
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 34
MOST USEFUL TOOL: ARRESTMENTS ARE SUCCESFUL
![Page 35: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/35.jpg)
THANK YOU!QUESTIONS?
TWITTER: @EDDYWILLEMS
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 35
![Page 36: The underground economy 3.0](https://reader038.vdocuments.us/reader038/viewer/2022102811/58a7ba101a28ab70368b64cb/html5/thumbnails/36.jpg)