Archive for the 'Uncategorized' Category
Monday, January 28th, 2008
Bad Sushi: Beating Phishers at their own Game
A colleague (Nitesh Dhanjani) and I were recently accepted to speak at Black Hat Federal in Washington DC. What basically started as a few laughs over a phishing site, eventually turned into months of serious investigation into the entire ecosystem that supports the phishing effort.
Nitesh and I basically infiltrated a few phishing forums, tracking a phisher from compromised webservers, to phishing forums, to carderz sites. We managed to get a hold of about 100 different phishing kits, various tools used by phishers, and gained some insight as to how phishers do their business. I was STAGGERED by the amount of PII (full names, DOBs, credit card numbers, SSNs, addresses, phone numbers…) that is placed on public web servers by phishers, hidden only by obscurity. Once this obscurity is broken, even a simple query in a search engine will reveal a significant amount of stolen identity related information including names, credit card numbers, SSN, DOBs…
I was also FLOORED by the number of phishing and credit card fraud related forums.
Nitesh and I basically stopped our research because the number of sites and the staggering amount of exposed PII was simply too much. There literally is an entire ecosystem devoted to supporting the phishing effort that plagues modern day financial institutions, one that simply cannot be viewed by two Security Researchers alone. If you’re in the DC area, stop by for Black Hat and we’ll show you some of the things we saw. We give a brief description of some of the things we saw during an interview for Help Net Security. For those of you who are curious, due to the ENORMOUS amount of PII we came across, we’ve contacted the FBI and we’ll be sharing some things with them that WILL NOT be in the talk or any interviews!
Monday, November 26th, 2007
Turkey, Beer, Football, and a new MacBook
Hello and Happy Thanksgiving!
Hopefully your holiday was as good as mine. This year I was fortunate enough to get an early Christmas present in the form of a new MacBook to continue our research. I’m happy to say that URI issues do exist on Mac’s! More importantly I’m really close to releasing DUH4Mac. It’d be done by now, but a deadly combination of turkey, beer, and great football games all weekend have slowed my progress and nearly put me into a coma.
Also, for those who haven’t read it yet, Billy and I were asked to write a guest editorial for Ryan Naraine’s Zero Day Blog. Go read it if you get a chance! I’d like to thank Ryan for supporting and publicizing our research and asking Billy and I to pull together a guest editorial for his site, it was a huge honor.
Tuesday, October 30th, 2007
XS-Snipers at ToorCon 9 and Black Hat Japan
Hey all, Nate here…
In the last two weeks we got the opportunity to speak at both ToorCon and Black Hat Japan. What an awesome experience! Rob Carter and I spoke about the research that our URI Use and Abuse research, including giving video demonstration of all of our exploits. Unfortunately, Billy couldn’t join up with us for the talks due to some other commitments, but he did manage to come out to Japan and got to hang out with us in Tokyo. Rob and I also discussed the future of URI use and abuse and where it is going next… *Nix… and Mac! Just wait till I buy my Mac Book and iPhone!
At ToorCon, Rob and I got to catch up with former co-worker Brett Hardin and had a great time hanging out with him in the Gas Lamp district. We also met Dan Kaminsky and had a chance to talk with him about research and share some Jager Bombs. The weather was amazing, and we were fortunate enough to fly out of San Diego right before the fires started coming. If you saw us present, I recommend you check out our Black Hat presentation below, which is the full version of our research. A lot of things had to be cut out for the 20 minute time slot we were alloted for speaking at ToorCon.
At Black Hat, Billy, Rob, and I hung out all week with Jeff Moss, Dominic, and the Black Hat Crew who treated us like kings, and got a chance to meet such industry renowned researchers as Billy Hoffman, Halvar Flake, and Kanatoko-san just to name a few. Tokyo was a stunning city, I’ve never seen anything quite like it, just skyscrapers for as far as the eye can see. We had a great time in Tokyo, and our presentation seemed to go very well. It was awesome trading war stories with Dom, Moss, Kanatoko-san, Hoffman, and all the speakers.
As promised to all in attendance at our talks, here is the source code to our DUH tools for both Windows and *Nix. In order to use these files, simply rename them to either .bat or .sh, then run them from the command line using either cscript.exe or /bin/sh. Thanks again and as always to Erik Cabetas for the help with DUH 4 Windows! See the Black Hat page in the coming weeks for our video demos, as these are not likely to work from the powerpoint slides. Our updated slides can be downloaded from here.
-Nate, Billy, Rob