A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


2FA-Enabled Fraud: Dissecting Operation High Roller Derbycon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)

2FA-Enabled Fraud: Dissecting Operation High Roller
Derbycon 2012

What would happen if you had over 60 servers processing thousands of theft attempts from high-value accounts and high net-worth indiciduals? What if these servers showed an insiders level of understanding of banking transactions? What if all this fraud actually did not look like fraud? What if this system actually relied and depended upon two-factor authentication to accomplish its fraud?

Welcome to Operation High Roller: an ongoing fraud campaign that has targeted upwards of 1 Billion Euros.

This session will dissect and discuss the nastiest parts of High Roller: the web injects and the automated fraud servers we identified and analyzed during this project. Prepare to question your existing conceptions of server-side malware automation and multi-factor authentication as we explore 2FA-enabled fraud.
 

Dave Marcus

Dave Marcus is responsible for communicating the security expertise of McAfee Labs to customers and the greater security community through blogging, podcasts, online and print publications, and even tweeting. Marcus is responsible for all of McAfee Labsí publications, including McAfee Security Journal, and serves as blogmaster for McAfee Labs Security Blog. He is also co-host of AudioParasitics, the official podcast of McAfee Labs.

Marcus has extensive experience in network solutions and IT security, with a focus on advanced intelligence gathering, digital forensics, intrusion detection and prevention, and network and host analysis. Prior to joining McAfee, he held leadership and consulting positions in IT security services, network solutions, enterprise management, knowledge engineering and management, and research and development program management. Marcus served as president and senior security engineer of SecureNETís network security practice, and worked for Ajilon Consulting, SmartForce, CBT Systems, HAS, and CompuSolve. He is a qualified expert witness in computer forensics and computer security, and is also a sought-after speaker at information security industry conferences.

Marcus holds a bachelorís degree in philosophy from Florida Atlantic University and has completed extensive training in advanced intrusion analysis methods, penetration testing, vulnerability assessment, and computer forensics.

 

Back to Derbycon 2012 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast