O Outro Lado BSidesSP ed 5/Stealing bank accounts with a 1kb file - the Brazilian way

De Garoa Hacker Clube
Ir para navegação Ir para pesquisar

Stealing bank accounts with a 1kb file - the Brazilian way

Horário: 14:30 as 15:20

Duração: 40 minutos (mais 10 minutos para perguntas e respostas)

Local: Auditório Principal

Nível: Básico


Proxy Auto-Config (PAC): a resource from modern browsers that is extremelly usefull on corporate networks has been (ab)used by bad guys to steal some million bucks from bank accounts. Its malicious usage has been known since 2003 but was among Brazilian (cyber)criminals where this technique has been improved and refined, on these later days shared among cybercriminals from Turkey and Russia.

Their attacks are reaching a level of complexity and efectivelly that was never seeing before, allowing a complete bank account hacking using a 1kb file. Using a lot of creativity and the 'Brazilian way', the malicious scripts allow man-in-the-middle, impersonating https connections, in a silently web based attack, regular and highly effective.

These malicious scripts remain off the radar of most antimalware companies, some have failed vehemently in detection and blocking it. In this presentation we show the evolution of the attacks, how bad guys are bypassing the detections, and the challenge to detect small malicious scripts

  • PAC: Problem-Auto-Config
    • legitimate usage
    • alphabet soup: pac, wpad, dhcp, slp, dns
    • javascript on browser's config
    • brazil, 2007
    • turkey, 2011
    • russia, 2012
  • PAC: Petty-Archive-Crime
    • in your browser
    • on your connnection
    • bypassing detection
    • let's play crypto
    • pharming, phishing
    • intercepting ssl/tls
  • PAC: Planning-Achieve-Cash
    • how-to-do-it only by 5k
    • let's steal from Google
    • detection? blocking? solution?
    • researchers in danger: death threats


Fabio Assolini

Senior Security Researcher