Transcript TheDarknetMobsx

The Darknet Mobs
A Brief Assessment of Crime-as-a-Service
“It’s long been said that when botnets first
appeared, they were the first usable forms of
cloud computing. Now with hindsight they fit
the NIST definition of cloud computing very
well and have become rapidly scalable and
on-demand.”
--ORLANDO SCOTT-COWLEY
Cyber Security Strategist
Prediction
“The year of the criminal-as-a-service. Criminal syndicates will look
with increasing interest to cybercrime as an opportunity to differentiate
different illegal activities.
A growing number of threat actors will offer their products and services
to the organized crime causing a significant increase of illegal activities
and the born of well-founded criminal crews.”
-InfoSec
Crime-as-a-Service
• Aliases: Criminal-as-a-Service, Crimeware-as-a-Service, CaaS
• Criminal activity similar to the service-based economy of cloud
computing: On-demand, Scalable
• Rigidly structured communities, described as “mafia style”
• Primarily functions within the Dark Net
• Two Populations:
• Majority are unskilled, low-threat consumers
• Very few are experienced, providing the services
Melissa A. Livengood, CISSP
Courtesy of Real World Security Practitioner
Underground forums
• Heavily moderated
• Participants have designated roles and responsibilities
• Allows forums to police themselves
• Content and users are managed
• Exclusivity
• Often new users must be vouched for by current users
• Often exist in the darknet
• Share information
• Market products and services
Services Offered
• Infrastructure-as-a-Service
• Data-as-a-Service
• Pay-per-install Services
• Hacking-as-a-Service
• Translation Services
• Money Laundering-as-a-Services
Infrastructure-as-a-Service
• Hosting for illicit purposes
• Provides “security, anonymity, resilience and resistance to law enforcement
intervention”
• VPN and proxy services
• Botnet rental (to perform DDoS attacks)
Services
Data-as-a-Service
Pay-per-install Services
• Large-scale distribution of illicit
data
• Method of distributing malware
• Payment by number of
downloads
• Targeted attacks
• Credit card/banking information
• Physical addresses and other
personal information
• Social network logins
• Dissemination of fraudulent
documents
Services
• Hacking-as-a-Service
• Ranges from obtaining specific data to economic espionage
• Translation Services
• Poor language can limit the efficacy of an attack
• Money Laundering-as-a-Service
• Often use money mule
• Allows criminals to safely “cash out”
Coreflood
•
•
•
•
•
One of the most effective botnets (that have been caught)
Intended to steal data using keylogging
FBI seized the central servers in 2011
Comprised of “hundreds of thousands” of Windows computers
Attacked 17 government agencies, 20 health care provides, and hundreds
of businesses
• Allegedly stole:
•
•
•
•
8,485 bank passwords
3,233 Credit card passwords
151,000 email passwords
58,391 social network passwords
Spamhaus DDoS
• Historically large DDoS attack
• Generated 300+Gbps of traffic
• Targeted Spamhaus, an anti-spam organization
• Utilized DNS recursion to increase impact, estimated 100-times
Exploit kits
• Toolset that automates exploits
• Customized based on type of attack
• Allows anybody to initiate an attack, with no technical knowledge
• Common kits from 2010
•
•
•
•
Neosploit
Bleeding Life
Blackhole
Incognito
Established Criminals Entering Cyber-crime
“As traditional criminals become
more confident and comfortable
with cyberspace we can expect to
see the recruitment of specialists
to carry out increasingly
sophisticated cyber attacks to
complement their established
criminal activity.” -E3C
• In 2013, Netherland drug ring
hired hackers to attack Belgian
port, conceal data about drug
shipments
Questions?
Sources
• 2016 Cyber Security Predictions: From Extortion to Nation-state
Attacks
• Underground Business Models: Crimeware-‐as-‐a-‐Service (CaaS)
• The Internet Organised Crime Threat Assessment (iOCTA)
• United States Department of Justice: Department of Justice Takes
Action to Disable International Botnet
• United States Department of Justice: Coordinated Law Enforcement
Action Leads to Massive Reduction in Size of International Botnet
• Bold FBI Move Shutters COREFLOOD Bot
• The Rise of Cybercrime-as-a-Service