Thursday 5 October 09:00 - 09:30, Red room
Adam Haertlé (BadCyber.com)
This presentation will follow a Polish threat actor, known as 'Thomas', in his career as a wannabe cybercriminal from late 2011 until today. We will watch his first steps on HackForums, where friendly vendors and free tools helped him to build his first botnet. We will follow his phishing and spam campaigns visible in the media and correlate them with tool purchases on HF. We will see how his tools evolved and botnets grew despite his total lack of technical and language skills, and how he even managed to perform targeted attacks against state institutions. We will celebrate with him as he bragged about successes and commiserate with him over his failures, as he attempted to pivot into banking fraud and got scammed by others on multiple occasions. We will look at his business strategies and monetization vectors, including a botnet-as-a-service offering, while contemplating pricing strategies and ad design skills. We will watch him try to defraud competitors with a deceptive video demonstration of his own hacking tools, using the opportunity to get a glimpse of his desktop, and we'll look at an unsolicited interview he gave to a malware analyst while the latter reverse engineered one of his malware samples. Finally, we will discover his identity though multiple uncensored screenshots and end by trying to explain the legal hurdles which mean that, despite being well known to the law enforcement community, he remains at large. Every step of our journey through the timeline of his criminal career will be illustrated with relevant screenshots or videos, documenting his operations from both the victims' and perpetrator's points of view.
Tyrus Kamau (Euclid Consultancy)
The cyber threats Kenya faces range from basic hacking such as website defacements, financial fraud, social media account…
Thiago Marques (Kaspersky Lab)
Fabio Assolini (Kaspersky Lab)
Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…
John Graham-Cumming (Cloudflare)
In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…