Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Spy-jacking the Booters 6: Types of DDoS Used

Lance James provides further specifics about the investigation of booter services out there, in particular focusing on the 8 types of DDoS being leveraged. Moving on, I started doing database analysis to get a birds-eye view, diverse activity and stuff. We wanted to look at how many people are on this thing...

Spy-jacking the Booters 5: Tracking the Fraudsters Down

It’s now Lance James’ turn to shed light on the activity of booter services from a technical perspective to get a better understanding of who the adversary is. Lance James: How is everybody so far? I’m Lance James, some of you know me. I work at Deloitte. Don’t ask, it’s cool. I get to do some fun...

Spy-jacking the Booters 4: The CloudFlare and PayPal Dilemma

The key spotlight in this part of the presentation is on the issue of legit services like CloudFlare and PayPal being used by booters to stay online and afloat. Rage Booter, pretty much like every single one of these booters out there, was hidden behind CloudFlare, and as I’m sure most of you know, this...

Spy-jacking the Booters 3: Owner Profiles

Brian Krebs now shares the details of his research which pointed to the guys running such infamous DDoS services as Booter.tw, AsylumStresser, and Rage Booter. I decided this whole experience getting hit with a kinetic and a cyber attack at the same time is just too good not to write about. I started asking...

Spy-jacking the Booters 2: Swatting as a Retaliation

Delving further into the subject, Brian Krebs depicts a situation from his personal experience telling what bad things can happen if you screw with hacktivists. So, how did I get interested in the ‘noob persistent threat’, these DDoS services? Well, it started with a story that I wrote last fall...

Spy-jacking the Booters

Investigative reporter Brian Krebs and cybersecurity expert Lance James taking the floor at Black Hat to dissect the infrastructure of DDoS-for-hire industry. Brian Krebs: Hey everyone! My name is Brian Krebs, I’m an independent investigative reporter at Krebsonsecurity.com. I think this is my fifth or...

Forensic Fails 5: Wrongfully Accused

This part covers the presentation’s final forensic case where charges against a person got dropped in the long run owing to examiners’ scrupulous analysis. Eric: Alright, the last story is a little bit different than the others. This is the “Epic Porno Fail”. The difference in this one is...

Forensic Fails 4: The RDP Bounce Story

The forensic examiners share another real-world exposure story where the Remote Desktop Protocol was used to get hold of a company’s confidential documents. Michael: This next case (see right-hand image) was probably one of the most fun cases that I have worked on. Right from the start I could tell that...

Forensic Fails 3: Smoking Gun.txt and Hiding in the Cloud

Michael Perklin and Eric Robi recall two more non-trivial cases about fails due to no or little effort hiding insider activities, including IE history. Michael: I call the next one “Smoking Gun.txt” (see right-hand image). If you work in the forensic arena, you’ve probably heard the term...

Forensic Fails 2: “The Nickelback Guy” and “Just Bill Me Later” Cases

This part covers two stories where an insufficiently vigilant ill-minded ex-employee and an overinflated billing scam got exposed via forensic analysis. Michael: Alright, this case (see right-hand image) was a lot of fun. I didn’t expect it to be fun when I started out but it ended up being a lot of fun....