Help Irongeek.com pay for bandwidth and research equipment:
2FA-Enabled Fraud: Dissecting Operation High Roller Derbycon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)
2FA-Enabled Fraud: Dissecting Operation High Roller
What would happen if you had over 60 servers processing thousands of theft
attempts from high-value accounts and high net-worth indiciduals? What if these
servers showed an insiders level of understanding of banking transactions? What
if all this fraud actually did not look like fraud? What if this system actually
relied and depended upon two-factor authentication to accomplish its fraud?
Welcome to Operation High Roller: an ongoing fraud campaign that has targeted
upwards of 1 Billion Euros.
This session will dissect and discuss the nastiest parts of High Roller: the web
injects and the automated fraud servers we identified and analyzed during this
project. Prepare to question your existing conceptions of server-side malware
automation and multi-factor authentication as we explore 2FA-enabled fraud.
Dave Marcus is responsible for communicating the security expertise of McAfee
Labs to customers and the greater security community through blogging, podcasts,
online and print publications, and even tweeting. Marcus is responsible for all
of McAfee Labsí publications, including McAfee Security Journal, and serves as
blogmaster for McAfee Labs Security Blog. He is also co-host of AudioParasitics,
the official podcast of McAfee Labs.
Marcus has extensive experience in network solutions and IT security, with a
focus on advanced intelligence gathering, digital forensics, intrusion detection
and prevention, and network and host analysis. Prior to joining McAfee, he held
leadership and consulting positions in IT security services, network solutions,
enterprise management, knowledge engineering and management, and research and
development program management. Marcus served as president and senior security
engineer of SecureNETís network security practice, and worked for Ajilon
Consulting, SmartForce, CBT Systems, HAS, and CompuSolve. He is a qualified
expert witness in computer forensics and computer security, and is also a
sought-after speaker at information security industry conferences.
Marcus holds a bachelorís degree in philosophy from Florida Atlantic University
and has completed extensive training in advanced intrusion analysis methods,
penetration testing, vulnerability assessment, and computer forensics.