1 / 8

Incident 1

Incident 1. Regional Bank in the nations Heartland with $1B in assets Phase I : Reconnaisance Collect all of publicly available bank customers information Phase II : Collection Aggressively email Phish the bank customers with targetted emails Text Message Phish clients "Vish" the clients

dolan
Download Presentation

Incident 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Incident 1 • Regional Bank in the nations Heartland with $1B in assets • Phase I : Reconnaisance • Collect all of publicly available bank customers information • Phase II : Collection • Aggressively email Phish the bank customers with targetted emails • Text Message Phish clients • "Vish" the clients • Phase III : Monetization • Shared stolen information with "money mules" in United States and received 50% of the proceeds

  2. Vishing Vishing is the practice of leveraging Voice over Internet Protocol (VoIP) technology to trick private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing. Vishing using social engineering techniques. Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations which are known to the telephone company, and associated with a bill-payer. However, with the advent of VoIP, telephone services may now terminate in computers, which are far more susceptible to fraudulent attacks than traditional "dumb" telephony endpoints. http://en.wikipedia.org/wiki/Vishing

  3. Attack Process The criminal configures a war dialer to call phone numbers in a given region. In this Incident criminals setup numbers in the local exchange When the phone is answered, an automated recording is played to alert the consumer that their credit card has had fraudulent activity and the consumer should call the following phone number immediately. The phone number could be a toll free number often with a spoofed caller ID for the financial company they are pretending to represent. When the consumer calls the number, it is answered by a typical computer generated voice that tells the consumer they have reached account verification and instructs the consumer to enter their 16-digit credit card number on the key pad. Once the consumer enters their credit card number, the visher has all of the information necessary to place fraudulent charges on the consumer's card. The call can then be used to harvest additional details such as security PIN, expiry date, date of birth, bank account number, etc.

  4. Introduction Call Dear Bank Customer, (Personal introduction including bank name) We have detected fraudulent activity against your credit card and have temporarily disabled it. We ask that you please contact our fraud department immediately at 800 5 5 5 1 2 1 2. In the meantime you will not be able to use your credit card. If you do not contact us we will allow the charges to post against your account and you will be responsible for paying for them. Again the number is 800 5 5 5 1 2 1 2. (LOCAL EXCHANGE NUMBER, changed several times) Not paying will result in a late payment report being filed with the credit agencies. the number is 800 5 5 5 1 2 1 2.

  5. Return Call from Target Thank you for contacting the Fraud department, we are committed to protecting your identity. At anytime you may press 0 to talk to an customer service agent. We are experiencing a high call volume and the current wait time is 37 minutes. We appreciate your business and thank you for being a customer. In order to provide accurate and reliable service please say your name. Thank you, please enter your credit card number. Please enter the expiration date as two digits for the month followed by two digits for the year. Please enter the C V V number located on the back of the card followed by pound.

  6. Emerging threats Example Romanian Hacking Group • Government instituted reforms to educate younger generations in technology to get out of Russian control • Generations of organized, specialized, highly trained, out of work technologists • Romania has one of the poorest economies in the European Union • Anti-American sentiment and culture that supports • Unskilled and poorly equiped law enforcement

  7. Russia - Georgia Conflict • Physical and cyber warfare operations coincided with the final "All Clear" for Russian Air Force between 0600 and 0700 on August 9,2008 • Physical and cyber warfare shared targets, media outlets and local government communication systems in the city of Gori • Further cyber warfare operations against new targets in Gori coincided with traditional physical warfare target

  8. Incident 3 • Malware Installed on target's machine • Gmail username and password stolen • Criminals track personal life of target • Learn target is going to Hawaii for 2 weeks • When the target leaves they • Have his postal mail forwarded (www.usps.gov) • Get his phone number changed • Get his cell phone disconnected • Fill his email account with porn. • Steal $1,000,000.00 from account • Bank can not contact customer and allow transfer to occur

More Related