NorthSec 2021

Unmasking the Cameleons of the Criminal Underground: An Analysis From Bot To Illicit Market Level
2021-05-21, 09:40–10:10, Main stream

Large corporations have access to sophisticated anti-fraud systems that monitor dozens of signals each time a customer or employee logs into their web portal. Past investigations have shown that malicious actors use malware to build profiles of their victims, and create virtual environments that replicate precisely the victims’ computers’ fingerprints. These profiles can be loaded up in specially crafted browser plugins and used in account takeover attacks. These profiles are sold on private markets and can fetch in the hundreds of dollars when they also include the cookies and credentials of the victims for financial institutions. The aim of this presentation is to map over a period of a month all of the Canadian activities of a machine fingerprint market. Our analysis extends past research first by developing a new understanding of how, and which, Canadians are targeted by this type of attack. Secondly, it presents models that predict not only the price of profiles for sale but also which profiles will end up being sold among the thousands that are for sale. We present estimations for the Canadian market for profiles for sale, and propose hypotheses as to the size of the impact of these illicit activities.


Large corporations have access to, and use, incredibly sophisticated anti-fraud systems that monitor dozens of signals each time one of their customers or employees log into their web portal. These signals include what browser is used, what plugins are installed, and even the language of the users’ software. Past investigations have shown that malicious actors use malware to build profiles of their victims, and create virtual environments that replicate precisely the victims’ computers fingerprint. These profiles can be loaded up in specially crafted browser plugins and used in account takeover attacks. These profiles are sold on private markets and can fetch in the hundreds of dollars when they also include the cookies and credentials of the victims for financial institutions. The aim of this presentation is to build on past research and to map over a period of a month all of the Canadian activities of a machine fingerprint market. Our analysis extends past research first by developing a new understanding of how, and which, Canadians are targeted by this type of attack. Secondly, it presents models that predict not only the price of profiles for sale – i.e., what makes a profile more valuable – but also which profiles will end up being sold among the thousands that are for sale. Through these analyses, we end up with estimations for the Canadian market for profiles for sale, and propose hypotheses as to the size of the impact of these illicit activities on the Canadian economy. The market for fingerprinting victims is growing exponentially, and is promising to be, along with ransomware, one of the biggest threats of the coming year. With more detailed knowledge about this problem, companies and individual victims will be better suited to protect themselves against these attacks, and limit the monetization of the criminal underground.


Workshops only: Would you like to stream the workshop to an additional (passive) audience? – no Have you given this talk/workshop before? If yes, please provide details and/or slides/video.

No

David Hétu est cofondateur et chef de la recherche de Flare Systems. David est titulaire d'un doctorat en criminologie de l'Université de Montréal. Ses principaux intérêts de recherche portent sur les marchés illicites en ligne et l’impact de la technologie sur la criminalité, que ce soit du point de vue des délinquants ou du point de vue du législateur. Les recherches de David ont été publiées dans les plus grandes revues académiques (ex. British Medical Journal) et présentées lors de conférences de premier plan (Botconf, HOPE). Il est régulièrement invité à partager son analyse de la cybercriminalité dans les médias. David a développé l'outil logiciel DATACRYPTO pour surveiller les activités des délinquants sur le darknet et a codéveloppé l'outil logiciel BitCluster pour suivre les transactions de cryptomonnaies.

This speaker also appears in: