becoming the 6 million dollar man
play

Becoming the 6-million-dollar Man Gunter Ollmann, VP Research - PowerPoint PPT Presentation

Aug 17, 2022 •573 likes •1.38k views

Becoming the 6-million-dollar Man Gunter Ollmann, VP Research gollmann@damballa.com About Gunter Ollmann VP of Research, Damballa Inc. Board of Advisors, IOActive Inc. Brief Bio: Been in IT industry for two decades Built

  1. Becoming the 6-million-dollar Man Gunter Ollmann, VP Research gollmann@damballa.com

  2. About • Gunter Ollmann – VP of Research, Damballa Inc. – Board of Advisors, IOActive Inc. • Brief Bio: – Been in IT industry for two decades – Built and run international pentest teams, R&D groups and consulting practices around the world. – Formerly Chief Security Strategist for IBM, Director of X-Force for ISS, Professional Services Director for NGS Software, Head of Attack Services EMEA, etc. – Frequent writer, columnist and blogger with lots of whitepapers… • http://blog.damballa.com & http://technicalinfodotnet.blogspot.com/ Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann

  3. Southpark Disclaimer 7/18/2010 4

  4. 7/18/2010 5

  5. • What this talk is… – Understanding the profession – Demystifying a sophisticated threat – Examining monetization models • What this talk isn’t… – A “how to” guide on building a better botnet – Being a better criminal 7/18/2010 6

  6. BOTNETS – are not as scary as you may think… 7/18/2010 7

  7. A collection of A piece of “art” “bits and pieces” 7/18/2010 8

  8. Key stages to becoming a millionaire • Build a business plan, • Execute the business plan, • Avoid attention, • Retire early. Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 9

  9. How much of a criminal? • Different countries, different laws… – Botnets may not be illegal – Building/distributing malware may not be illegal • Building botnets for fun & profit – Don’t need to be hard -core criminal – Tools, guides, how- to’s, vendors, sponsors, etc. – It’s a “business like any other” Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 10

  10. A Newbie Botmasters code • Don't get caught – Take extreme care when setting things up – Don't start any bad habits from the beginning – Mistakes & leaks at the beginning are fatal • Don't to criminal harm – Don't want to start a war nor be involved in deeply political events – Don't want to case any deaths – Don't want to get in bed with organized crime (as customers = ok) Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 11

  11. Key things to remember • Resilience is damned important – Triple modular redundancy (TMR) • Botnets are the tool – Don't blame the tool! • Show me the money! – Cashless ecosystems are ok… – …but you can’t retire with them • Want to be rich! – But want to retire rich; not in jail! Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 12

  12. Connecting to the CnC (1) • Separate work from pleasure – Dedicated laptop(s) for building and running the botnet business • (Un)traceability – Change MAC addresses regularly – Different Web browsers and turned off cookie caching. – Use a (patched) base install machine • Encrypt all CnC traffic – Asymmetric keys = much preferred. Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 13

  13. Connecting to the CnC (2) • Deniability is important - – Open WiFi is your friend – Locations that don't have CCTV • Don't connect directly - Ever! – Anonymous proxy and TOR networks are preferred • Hiding in the masses – Academic networks + libraries Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 14

  14. Botnet CnC Connections • Free WiFi access points – Physical location changes • Change the MAC address Apple Stores Atlanta Bread Company Barnes & Noble Border Books Caribou Coffee Hooters Krystal Restaurants McDonalds Office Depot Panera Bread Company Staples Starbucks Etc. Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 15

  15. The Money Framework • Don’t want initial “seed money” traced – Rebate cards and systems • Deniability and no trace back – Visa rebate cards vs gift cards • Theft not necessary initially • Payment for initial services – Domain, NS, hosting, proxy, etc. – Toolkits, plug-ins, exploit packs, contractors Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 16

  16. Transaction Laundering Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 17

  17. Foreign Bank Accounts • Create foreign banking accounts – "In person" account creation = less evidence – May need a physical address • In threes… – Swiss numbered account • Minimum balance to open the account (plus fees) – Cayman Island Account – Panama Bearer Share Corporation account • Bilateral agreements covering fraud – Disclosure of owner details – want to stay away from the fraud aspect • Most accounts include – Credit cards – online banking Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 18

  18. Retirement Planning? • • • • Afghanistan Chad Madagascar Somalia • • • • Algeria China Marshall Islands Sudan • • • • Andorra Comoros Mali Syria • • • • Angola Cote d' Ivoire Maldives Togo • • • • Armenia Congo Mauritania Tunisia • • • • Bahrain Djibouti Mongolia Uganda • • • • Bangladesh Equatorial Guinea Morocco United Arab Emirates • • • Bosnia and Ethiopia Mozambique • Herzegovina Vanuatu • • Gabon Nepal • • Bhutan Vietnam • • Guinea Niger • • Botswana Yemen • • Guinea Bissau Oman • • Brunei Zaire • • Indonesia Philippines • • Burkina Faso Zimbabwe • • Iran Qatar • • Burundi (Plus some more…) • • Ivory Coast Russian Federation • Cambodia • • Jordan Rwanda • Cameroon • • Kuwait Samoa • Cape Verde • • Laos Sao Tome e Principe • Central African • • Lebanon Saudi Arabia Republic • • Libya Senegal aka. non-extradition contries (with the USA) Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 19

  19. A Business Plan • 12 month plan – loaded to the back end - increase profit percentage • Goal of earning $6million within a year – Must be profitable – Don't want to be in Jail – Would prefer to have a robust business • have higher revenue (and profits) in Year 2. • 12 month plan/target – Q1 - $400k - 10% ($40k - $13.3kpm) – Q2 - $800k - 15% ($120k - $40kpm) – Q3 - $1.6m -20% ($320k - $106kpm) – Q4 - $3m - 25% ($750 - $250kpm) – $1.23m profit "tax free” Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 20

  20. Courage? • Getting started in the criminal botnet business isn’t for the feint-hearted. Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 21

  21. The First Botnet • “Off the shelf” DIY botnet construction kit – Zeus, SpyEye, Butterfly, etc. • Seeding torrents & newsgroups – Anonymous submission – Very difficult to trackback – Doesn't rely upon – Natural propagation & infection • Dynamic DNS for CnC – Free and anonymous Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 22

  22. Simple Hierarchical CnC Structure • Multiple CnC servers – Bot agent communications over HTTP – Service paid via reward/rebate cards • First botnet(s) = PoC – Validating principles – Default agent functions – password/identity theft Botmaster Free WiFi Anonymity CnC’s Bots Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 23

  23. Underground Newbie Reputation • Need to build a reputation… – Peer recognition and "trust" is key • Initially rely upon other people vouching – Activity on various hacker/botnet forums • Could use translators to hide identity origins …but probably too much effort – Offer a lot of data/tools for free • Work to establish professional reputation • Value often based upon "freshness" of data • How to pay – Non-revocable money transfers – Volumes of stolen credentials – Segments of a botnet Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 24

  24. Ratings & Reputations 2

  25. Evolution of the “standard” bot agent • As the botnet grows, new demands… – More bots, more spreading – more detection • Malware doing slightly more – Pull back stored personal data – Keylogging etc. – Harvesting more data that may be saleable - email addresses etc. • Malware components become more important – Spend some money on additional functionality – Add a few more malware components that will be installed with the standard deployment – Do some serial variants - with quality control – Release a new variant every day Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 26

  26. Build to Sell 7/18/2010 27

  27. Build to Sell • Important factors in “build to sell” models – Structure of the botnet – Past use/abuse of the botnet – Location of the botnet victims – Robustness of malware agent – Reputation in seller forums • Pre-processing of botnets – Splitting and clustering of related victims – Harvesting of system and user information – Synchronizing malware and CnC channel Blackhat USA 2010 – Becoming the 6-million-dollar Man – Gunter Ollmann 7/18/2010 28

Recommend

CQRS explained with a million dollar idea What are we going to do? The million dollar idea

CQRS explained with a million dollar idea What are we going to do? The million dollar idea

CQRS explained with a million dollar idea What are we going to do? The million dollar idea Command and query segregation Command and query responsibility segregation Code structure Disclaimer: when (not) to use The million

409 views • 12 slides
The Real Estate Million Dollar Question: Who Will Sell Next? The Real Estate Million

The Real Estate Million Dollar Question: Who Will Sell Next? The Real Estate Million

The Real Estate Million Dollar Question: Who Will Sell Next? The Real Estate Million Dollar Question: Who Will Sell Next? Marketing Without Data = Guessing Most agents develop business by cultivating a specific set of properties in a

413 views • 19 slides
Million Dollar Tradie Number ers s Works kshop 1 16/06/2016 The e Problem blem 2

Million Dollar Tradie Number ers s Works kshop 1 16/06/2016 The e Problem blem 2

16/06/2016 Million Dollar Tradie Number ers s Works kshop 1 16/06/2016 The e Problem blem 2 16/06/2016 The e Op Oppo portunity tunity 3 16/06/2016 4 16/06/2016 5 16/06/2016 The Million Dollar Tradie System For a Profitable,

831 views • 40 slides
THE MILLION DOLLAR QUESTON: WHAT IS BREAK -EVEN AND VIABILITY FOR DIFFERENT FOOD HUB MODELS?

THE MILLION DOLLAR QUESTON: WHAT IS BREAK -EVEN AND VIABILITY FOR DIFFERENT FOOD HUB MODELS?

An NGFN An NGFN Webinar binar THE MILLION DOLLAR QUESTON: WHAT IS BREAK -EVEN AND VIABILITY FOR DIFFERENT FOOD HUB MODELS? March 19, 2015 Presentation Outline Technical Orientation Welcome Jeff Farbman Wallace Center at Winrock

779 views • 59 slides
Budget Crisis For the fifth year in a row the City of Ithaca is facing a multi-million dollar

Budget Crisis For the fifth year in a row the City of Ithaca is facing a multi-million dollar

Budget Crisis For the fifth year in a row the City of Ithaca is facing a multi-million dollar budget deficit When I took office in January the projected deficit for 2013 was $3 million Closing the gap Past Budgets Tax levy

525 views • 25 slides
Farming Secrets of a Million Dollar Agent About Us Branch Office of Keller Williams since

Farming Secrets of a Million Dollar Agent About Us Branch Office of Keller Williams since

Farming Secrets of a Million Dollar Agent About Us Branch Office of Keller Williams since 2010, with Re/Max prior Closed 579 Transactions in 2011, and over 400 in 2012. Have received numerous awards and are currently #1 KW Team

558 views • 40 slides
EXPERIENCE SCOTTSDALE BRANDING SCOTTSDALE 9 MILLION VISITORS Every dollar invested in

EXPERIENCE SCOTTSDALE BRANDING SCOTTSDALE 9 MILLION VISITORS Every dollar invested in

EXPERIENCE SCOTTSDALE BRANDING SCOTTSDALE 9 MILLION VISITORS Every dollar invested in Experience Scottsdale directly generates $67 in visitor spending and $3 in local tax revenue for the benefit of Scottsdale residents. DOWNTOWN THANK YOU

816 views • 20 slides
The Problem blem 1 9/23/2016 The Opp ppor ortu tunity nity 2 9/23/2016 Million Dollar

The Problem blem 1 9/23/2016 The Opp ppor ortu tunity nity 2 9/23/2016 Million Dollar

9/23/2016 Modul dule e 1 How To Operate erate When n Trades desmen en Are As Scar arce As Hens Teeth Team Workshop The Problem blem 1 9/23/2016 The Opp ppor ortu tunity nity 2 9/23/2016 Million Dollar Tradie System 4

613 views • 22 slides
MILLION DOLLAR TRADIE SYSTEMS BOOTCAMP MODU DULE LE 1 SYST STEMS MS MINDSE DSET 1

MILLION DOLLAR TRADIE SYSTEMS BOOTCAMP MODU DULE LE 1 SYST STEMS MS MINDSE DSET 1

19/04/2017 MILLION DOLLAR TRADIE SYSTEMS BOOTCAMP MODU DULE LE 1 SYST STEMS MS MINDSE DSET 1 19/04/2017 THE E PROBL BLEM EM 2 19/04/2017 THE E OPPORTUNITY ORTUNITY 3 19/04/2017 4 19/04/2017 High End Builders Relationship

601 views • 45 slides
Dollar Cost Averaging DCA: invest gradually in equal dollar amounts, rather than investing the

Dollar Cost Averaging DCA: invest gradually in equal dollar amounts, rather than investing the

Why Dollar Cost Averaging Doesnt Work - And Why Investors Use It Anyway Simon Hayley Cass Business School Dollar Cost Averaging DCA: invest gradually in equal dollar amounts, rather than investing the desired total in one lump sum.

413 views • 13 slides
Its Everything CD-level returns. in One Place Access to multi-million-dollar FDIC

Its Everything CD-level returns. in One Place Access to multi-million-dollar FDIC

2 CDARS is the smartest, most secure, and convenient way to invest in large-dollar, FDIC-insured CDs. Why is that? With the CDARS service, you can have it all. Its Everything CD-level returns. in One Place Access to

480 views • 14 slides
Distributed Snapshot One-dollar bank 2 (2,0) (1,2) 1 0 (0,1) Let a $1 coin circulate in a

Distributed Snapshot One-dollar bank 2 (2,0) (1,2) 1 0 (0,1) Let a $1 coin circulate in a

Distributed Snapshot One-dollar bank 2 (2,0) (1,2) 1 0 (0,1) Let a $1 coin circulate in a network of a million banks. How can someone count the total $ in circulation? If not counted properly, then one may think the total $ in

393 views • 28 slides
Split-Dollar Life Insurance Arrangements: Exciting Estate Planning Opportunities What Allows

Split-Dollar Life Insurance Arrangements: Exciting Estate Planning Opportunities What Allows

Split-Dollar Life Insurance Arrangements: Exciting Estate Planning Opportunities What Allows Split-Dollar to Function So Well Presented by: Richard L. Harris, CLU AEP TEP Split-Dollar Basics CONSIDER THIS: Take a dollar bill and cut it in

663 views • 23 slides
Tax Credit Basics Tax credits provide a dollar for dollar offset to a taxpayers tax

Tax Credit Basics Tax credits provide a dollar for dollar offset to a taxpayers tax

Tax Credit Basics Tax credits provide a dollar for dollar offset to a taxpayers tax liability A $100 tax credit reduces taxes by $100; thus a $1 of tax credit today is worth $1 to an investor Tax credit calculations include:

390 views • 6 slides
High Dollar Taste on a Low Dollar Budget Steve Pritchard UNL Extension Educator Special

High Dollar Taste on a Low Dollar Budget Steve Pritchard UNL Extension Educator Special

High Dollar Taste on a Low Dollar Budget Steve Pritchard UNL Extension Educator Special Acknowledgement Chris Calkins & Dennis Burson The Beef Carcass Chuck 30% Rib 10% Loin 17% Round 23% Brisket, Plate & Flank 20% Cheap Chuck

249 views • 21 slides
$1 $10 Bil 0 Billion 35, 35,00 000 New Jobs New Capital Investment Since 2017 $1.87 Billion

$1 $10 Bil 0 Billion 35, 35,00 000 New Jobs New Capital Investment Since 2017 $1.87 Billion

$1 $10 Bil 0 Billion 35, 35,00 000 New Jobs New Capital Investment Since 2017 $1.87 Billion Surplus $1.87 Billion $425 Million SURPLUS DOLLAR RETURNED TO TAXPAYERS. $250 Million $160 Million $2.5 Billion Tax Cut Annual Additional

748 views • 39 slides
Q1 2020 22 April 2020 Highlights Q1 revenue of $9.1 million, a decrease of 18% from Q1 2019

Q1 2020 22 April 2020 Highlights Q1 revenue of $9.1 million, a decrease of 18% from Q1 2019

Q1 2020 22 April 2020 Highlights Q1 revenue of $9.1 million, a decrease of 18% from Q1 2019 Gross margin increased to 49% from 43% in Q1 2019, driven by higher Data center prices, business model transition and a stronger U.S. dollar

457 views • 32 slides
The domain of the dollar: 8 questions Presentation to plenary panel of the 90th International

The domain of the dollar: 8 questions Presentation to plenary panel of the 90th International

The domain of the dollar: 8 questions Presentation to plenary panel of the 90th International Atlantic Economic Conference, Challenges to the U.S. dollar 18 October 2020 Robert N McCauley Senior nonresident fellow, Global Development

238 views • 11 slides
BRST E Years BRST T Opportunity Strategy MOSt rillion Dollar N XT BRST BRST BRST of GDP

BRST E Years BRST T Opportunity Strategy MOSt rillion Dollar N XT BRST BRST BRST of GDP

BRST E Years BRST T Opportunity Strategy MOSt rillion Dollar N XT BRST BRST BRST of GDP Growth October 2018 BRSTBRST Your key to Indias Next Trillion Dollar b e r a t i l n e C g Contents Indias Next Trillion Dollar

421 views • 28 slides
Ages 25-62 INCOME 78% (35K TO 100K) Retired 5% Student 11% Tech. Trade/Manufacturing 48%

Ages 25-62 INCOME 78% (35K TO 100K) Retired 5% Student 11% Tech. Trade/Manufacturing 48%

DIRT TRACK RACING 35 Million Fans 750 Dirt Tracks Across the Nation Multi-Million Dollar per Year Industry DEMOGRAPHICS 70% MALE 30% FEMALE 82% OWN HOMES Ages 25-62 INCOME 78% (35K TO 100K) Retired 5% Student 11% Tech. Trade/Manufacturing 48%

125 views • 9 slides
1 How much is 10 dollars worth (we should all know) Luis is auctioning off a 10 dollar bill. The

1 How much is 10 dollars worth (we should all know) Luis is auctioning off a 10 dollar bill. The

1 How much is 10 dollars worth (we should all know) Luis is auctioning off a 10 dollar bill. The winner pays his or her bid and gets the 10 dollar bill. The runner up pays his or her bid and gets nothing 2 How swoopo works. They make money

844 views • 27 slides
Accounting for the Petro-Dollar The Macroeconomics of Petro-Exporting Economies: Discussion of

Accounting for the Petro-Dollar The Macroeconomics of Petro-Exporting Economies: Discussion of

Accounting for the Petro-Dollar The Macroeconomics of Petro-Exporting Economies: Discussion of papers by Dennis Pantin and Dale James of UWI and by Dr Ewart Williams of CBTT Eric St Cyr In a serious nation Accounting for the Petro-Dollar

411 views • 4 slides
The Dollar Hegemon? Evidence and Implications for Policymakers Pierre-Olivier Gourinchas UC

The Dollar Hegemon? Evidence and Implications for Policymakers Pierre-Olivier Gourinchas UC

The Dollar Hegemon? Evidence and Implications for Policymakers Pierre-Olivier Gourinchas UC Berkeley, NBER and CEPR pog@berkeley.edu Annual Conference Chaire Banque de France - Paris School of Economics Paris, September 2019 1 / 29 A Dollar

917 views • 38 slides
The Rotary Foundation The Rotary Club of Doylestown The Rotary Foundation What would it take to

The Rotary Foundation The Rotary Club of Doylestown The Rotary Foundation What would it take to

The Rotary Foundation The Rotary Club of Doylestown The Rotary Foundation What would it take to change the world? District 7430 Million Dollar Journey | 2 The Rotary Foundation Rotary's 1.2 million members believe changing the world starts

454 views • 24 slides

More recommend