DEF CON 23 - Weston Hecker - goodbye memory scraping malware
0 likes65 views
This document summarizes a talk given by Weston Hecker on his new open source anti-malware software called Skimbad. Hecker has over 11 years experience in security research and penetration testing. Skimbad aims to stop credit card data exfiltration by malware by generating fake credit card numbers that will make any batches of stolen numbers unusable. The software works by monitoring memory for credit card numbers and replacing real numbers with randomized fake numbers on the point-of-sale system before the data can be sent to a server by malware. Hecker believes this approach could be built into all point-of-sale systems to help prevent credit card data breaches.
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
- 1. Goodbye Memory Scraping Malware Hold Out Till "Chip And Pin”. Weston Hecker Security Expert With KLJ Systems Network Analyst/Penetrations Tester/President Of Computer Security Association Of North Dakota #westonhecker #skimbadsoftware
- 2. Who Am I What Do I Do What's the Talk About, • About Me: Speaker at Defcon 22 Tons of Computer Certs, Computer Science/Geophysics • About 11 years pen-testing, security research , Spoke at Defcon 22 Las Vegas on Burnerphone DDOS • NERC, FFIEC, FISMA/NIST, ISO, GLBA and FDIC, Compliance audits HIPAA, Omnibus, • Wrote custom exploits for obscure Internet service provider gear and PMS software. • Tools of the trade “Fleet of Fake I phones” And now android variance. • Co-writer of Skimbad Software Open source anti malware skimming software OPEN SOURCE. This talk today will be going of this new concept of protecting Data • Pentesting for a living everything from banks, hospitals and ISP in the Mid-west. I live and work in North Dakota • Security projects including Reverse engineering of malware and tracking software. Working on 911 Attack mitigation projects.
- 3. TEENSY 3.1 Container!!! Build Your Own There Awesome !!! Hit me up on Twitter or E-mail me.
- 4. START THE DEMO !!! • This will Run while I speak • We will check the number at the end of the Presentation • The Graphical demonstration version is available on Skimbad.com • Source Code and EXE are Available on GitHub
- 5. The problem of Data skimming malware/ Large Profile cases
- 6. Why do people skim data / how much does it cost
- 7. Why do people skim data / how much does it cost
- 8. how its sold/used to defraud
- 9. how its sold/used to defraud • Carding/ Ordering things online • Duplicating cards and using them in stores. • ATM Cashout runs / Pin Skimmed Data. • Theft of resources / Gas Food. • Theft of online services or Licenced materials / Digital Movies /subscriptions to sites. • Using Card data to transfer money WU runs.
- 10. How batches of data are ex-filtrated and sold
- 11. How batches of data are ex-filtrated and sold • USB devices used to jump “Air” gapped or tighter security • Use if spearfishing campaigns • Software is loaded on to systems by classic hacking methods USB, HID. • Batches are pull to servers most of the time using POST requests every time a card is found in memory the malware sends the data to a Dump • Dumps are complied by BIN number and sold on carding pages price is determined by the banks usual Point of Sale and Debit limit. • The validity rate is how many cards out of a 100 will work . Most batches sold on proper carding forums are 98% plus • Two year old Target breach still has about a 10% validity Rate.
- 12. Initial POS terminal is breached and malware is loaded
- 13. As cards are swiped they now are send to a Server where they will be sold online.
- 14. For the demonstration this all will be ran on one computer normally the POS is separate from the card catching Server.
- 15. How does malware tell credit card data from other data
- 16. Most Search Memory Using Custom Search Algorithms
- 18. Other uses EX. Malware research
- 19. II. The approach to stopping Breaches / the tool
- 20. what currently exists to stop skimming/data exfiltration
- 21. how this concept would make batches unusable
- 22. how are random credit cards made what are Bins
- 23. How random card numbers are made
- 24. How it makes random names.
- 25. Honeypot card numbers to let them know breach has occurred.
- 27. III. How will malware evolve and how we will stay on top of it
- 28. Malware gets smarter and detects BINs from area and other methods
- 29. watch dog portions (protection from malware)
- 30. How to make batches look real
- 31. The Legitimate Credit Cards are Covered with Fakes
- 32. How to make fake batches (unscrubable no reversing of process)
- 33. Will Chip/Pin stop skimming ?
- 34. Software is Open Source Free Help make it better There is no reason that this concept should not be built into every POS system
- 35. Conclusions: Thanks for Listening Questions Concerns? Special Thanks to: Tim Swartz, My Family, My Work Defcon Crew for approving my topic. Contact Information •Weston Hecker •Weston@skimbad.com •www.skimbad.com •Twitter @westonhecker @skimbadsoftware.