Loading…
eCrime 2018 has ended
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Monday, May 14
 

17:00

GDPR Proposal & Plans (closed)
APWG Directors and Invited members will discuss the ICANN GDPR proposal.

Speakers

Monday May 14, 2018 17:00 - 18:00
Ocean Beach Room 2nd Floor - By the Pool/Gym

17:45

Pre-Registration Open
Monday May 14, 2018 17:45 - 20:00
La Jolla Hallway 2nd Floor

18:00

Ice-Breaker Reception
Join us for light refreshments and a chance to meet fellow attendees.  

Monday May 14, 2018 18:00 - 20:00
La Jolla Ballroom - Salon ABC 2nd Floor
 
Tuesday, May 15
 

08:00

Registration
Tuesday May 15, 2018 08:00 - 14:30
La Jolla Hallway 2nd Floor

09:00

Welcome
Speakers

Tuesday May 15, 2018 09:00 - 09:15
La Jolla Ballroom - Salon ABCD 2nd Floor

09:15

09:45

Unblockable Chains - Is Blockchain the ultimate malicious infrastructure?
In this principal research, we investigate the possibilities blockchain technologies pose as an infrastructure for malicious operations. We will demonstrate a POC of a fully functional C&C infrastructure on top of the Ethereum network - the second largest public blockchain which also acts as a distributed computing platform featuring a smart contract functionality.
As Blockchain technologies gain more traction in recent years, it brings promise of creating a decentralized, distributed and transparent economy which aim to disrupt our current centric organizational structures and reduce middlemen.Notoriously, crypto coins have been the currency of choice on the dark web for conducting illegal transactions. But what about the underlying technology, the Blockchain? Could a distributed, public, popular, global ledger be [ab]used as the infrastructure for the ultimate command and control mechanism? 
Managing a botnet is a problem in distributed computing. Once infected, a host must be able to discover, reach and maintain communication with its operator over long periods. Over the years much effort has been made to perfect these capabilities to avoiding detection, maintain anonymity and resist take downs. From plain old HTTP requests, through DIY TCP protocols and encryption, up to fancy P2P networks, DGAs, Fast Flux and cloud service use. While all these techniques have varying degree of resilience and covertness, all are vulnerable to take down once network topology has been determined. Can blockchain turn this around?
In this talk, which will include many code examples and a live demo, we will discuss:
  • How can the blockchain solves the 'first contact' problem?
  • How to cope with the fact that all data, code and transactions are publicly visible on the blockchain?
  • What is the footprint of running a blockchain node on the client and how to minimize resources?
  • Cost analysis: Is it feasible financially to run a botnet at scale on top of a blockchain?
  • Is it takedown resilient? Can an adversary interrupt or take over the network? Or cause its resources (ether) to deplete? What are the design pitfalls to mitigate such concerns?
  • What information will be revealed to someone tracking the bot? how do you deal with it?
  • Does it scale? 

Finally, we will try to offer possible mitigations and detection methods.
*All code in this project is be available as Open source.

Talk outline - Unblockable Chains
  • WhoAmI?
  • Intro to Malicious operation infrastructure
  • HowTo - The Ultimate infrastructure
  • Blockchain. What is it and what is it good for?
  • Intro to Ethereum - Platform for unstoppable applications
  • Connecting the dots - how malware infrastructure would look like on the blockchain?
  • Signing the contract - Define protocol between implants and controller
  • Writing an unstoppable CnC smart contract. attempt #1 - Let's get dirty!
  • Transactions, Calls and Event logs
  • Attempt #2 - Getting better
  • How much?! Cost of storage and transactions on the EVM
  • Attempt #3 - it's cheaper now!
  • Transparency on the blockchain. Can everyone see my stuff?!
  • Preventing data leakage and replay attacks
  • Final attempt - going dark
  • Demo!
  • Dealing with takedowns and takeovers attempts
  • Cost analysis
  • Scaling - Feasible or just a nice POC?
  • Mitigation, Possible?
  • Conclusions and Future work
  • Reveal git repo
  • Questions?

Speakers
avatar for Omer Zohar

Omer Zohar

Independent
A security researcher for over a decade, Omer is currently exploring the opportunities emerging technologies such as blockchain and AI might create for the bad guys to improve their infrastructure and how to mitigate them. Omer has been conducting multidisciplinary research on malware... Read More →


Tuesday May 15, 2018 09:45 - 10:15
La Jolla Ballroom - Salon ABCD 2nd Floor

10:15

Rise of Cryptocurrency Malware
Speakers
avatar for Nick Bilogorskiy

Nick Bilogorskiy

Juniper Networks


Tuesday May 15, 2018 10:15 - 10:45
La Jolla Ballroom - Salon ABCD 2nd Floor

10:45

Break
Tuesday May 15, 2018 10:45 - 11:15
La Jolla Ballroom - Salon EFGH 2nd Floor

11:15

Evolving Attacker Techniques in Cryptocurrency User Targeting
Speakers
avatar for Philip Martin

Philip Martin

Vice President of Security, Coinbase


Tuesday May 15, 2018 11:15 - 11:45
La Jolla Ballroom - Salon ABCD 2nd Floor

11:45

12:15

DeepPhish: Simulating Malicious AI
Speakers
avatar for Alejandro Correa Bahnsen

Alejandro Correa Bahnsen

VP, Research, Cyxtera Technologies
Dr. Alejandro Correa Bahnsen is the VP of Research at Cyxtera Technologies. With a passion for machine learning, he considers himself a technology evangelist of data science. He has more than a decade of experience applying the use and development of predictive models to real-world... Read More →
LD

Luis David Camacho

Cyxtera Technologies
IT

Ivan Torroledo

Cyxtera Technologies
SV

Sergio Villegas

Cyxtera Technologies


Tuesday May 15, 2018 12:15 - 12:45
La Jolla Ballroom - Salon ABCD 2nd Floor

12:45

Lunch
Tuesday May 15, 2018 12:45 - 14:00
La Jolla Ballroom - Salon EFGH 2nd Floor

14:00

14:30

Measuring the Impact of DMARC Deployment
Speakers
AL

Aimee Larsen Kirkpatrick

Global Cyber Alliance
AS

Adam Shostack

Shostack & Associates


Tuesday May 15, 2018 14:30 - 15:00
La Jolla Ballroom - Salon ABCD 2nd Floor

15:00

The Crisis from Encrypted Phishing Sites
Speakers
CB

Chris Bailey

Entrust DataCard


Tuesday May 15, 2018 15:00 - 15:30
La Jolla Ballroom - Salon ABCD 2nd Floor

15:30

Networking Break
Tuesday May 15, 2018 15:30 - 16:00
La Jolla Ballroom - Salon EFGH 2nd Floor

16:00

17:00

Steering Committee Meeting (invite only)
APWG Steering Committee members, Directors and invited guest only.  This closed meeting will review APWG financials and future directions.

Tuesday May 15, 2018 17:00 - 19:00
Los Angeles/Rancho Las Palmas 3rd Floor

19:30

Speaker / Steering Dinner (invite only)
The APWG Directors and Steering Committee invites all session speakers to join them for dinner and discussions.

Tuesday May 15, 2018 19:30 - 22:00
Red O 4340 La Jolla Village Dr, San Diego, CA 92122
 
Wednesday, May 16
 

08:00

Registration
Wednesday May 16, 2018 08:00 - 15:30
La Jolla Hallway 2nd Floor

09:00

Welcome
Speakers

Wednesday May 16, 2018 09:00 - 09:15
La Jolla Ballroom - Salon ABCD 2nd Floor

09:15

Effects of Peer Feedback on Password Strength
Speakers
MD

Marc Dupuis

University of Washington Bothell
FK

Faisal Khan

University of Washington Bothell


Wednesday May 16, 2018 09:15 - 09:35
La Jolla Ballroom - Salon ABCD 2nd Floor

09:35

Inside a Phisher's Mind: Understanding the Anti-phishing Ecosystem Through Phishing Kit Analysis
Speakers
GA

Gail-Joon Ahn

Arizona State University and Samsung Research
AD

Adam Doupe

Arizona State University
avatar for Adam Oest

Adam Oest

PhD Student, Arizona State University
My research interests include web security, mobile security, and privacy. Current work focuses on improving the anti-phishing ecosystem by enhancing browser blacklisting.
YS

Yeganeh Safei

Arizona State University
GW

Gary Warner

PhishMe, Inc.


Wednesday May 16, 2018 09:35 - 09:55
La Jolla Ballroom - Salon ABCD 2nd Floor

09:55

A Key-Management-Based Taxonomy for Ransomware
Speakers
avatar for Pranshu Bajpai

Pranshu Bajpai

PhD Student || Security Researcher, Michigan State University
Pranshu Bajpai is a security researcher working towards his PhD in Computer Science and Engineering at Michigan State University. His research interests lie in computer and network security, malware analysis, privacy, digital forensics, and cybercrimes. In the past, he has worked... Read More →
RE

Richard Enbody

Michigan State University
avatar for Aditya K Sood

Aditya K Sood

Security Practitioner, SecNiche Security
Dr. Sood is a security researcher and consultant. Dr. Sood has research interests in cloud security, malware secure software design and cyber security. He has authored several papers for IEEE, Elsevier, CrossTalk, ISACA, Virus Bulletin,and others. His work has been featured in several... Read More →


Wednesday May 16, 2018 09:55 - 10:15
La Jolla Ballroom - Salon ABCD 2nd Floor

10:15

At-Risk System Identification via Analysis of Discussions on the Darkweb
Speakers
EN

Eric Nunes

Arizona State University
PS

Paulo Shakarian

Arizona State University
GI

Gerardo I. Simari

Universidad Nacional del Sur


Wednesday May 16, 2018 10:15 - 10:35
La Jolla Ballroom - Salon ABCD 2nd Floor

10:45

Break
Wednesday May 16, 2018 10:45 - 11:15
La Jolla Ballroom - Salon EFGH 2nd Floor

11:15

Using URL Shorteners to Compare Phishing and Malware Attacks
We combine here the public statistics of Bitly, X-Force and PhishTank to gain experimental after-the-fact insight into phishing and malware attacks before (and after) they were reported.

Speakers
GV

Gregor v. Bochmann

University of Ottawa
JF

Jason Flood

CTO Security Data Matrices
GJ

Guy-Vincent Jourdan

University of Ottawa
IO

Iosif-Viorel Onut

IBM Centre for Advanced Studies
avatar for Sophie Le Page

Sophie Le Page

Master's Student, University of Ottawa
A University of Ottawa Master's student with a strong interest in algorithms, security, and math. Enthusiastic about helping people through new technologies, and excited to work on projects that have a big impact on people's lives.


Wednesday May 16, 2018 11:15 - 11:35
La Jolla Ballroom - Salon ABCD 2nd Floor

11:35

Large Scale Detection of IDN Domain Name Masquerading
If you wanna check your domain name against my dataset, just email me the domain name :)


Speakers
avatar for Yahia Elsayed

Yahia Elsayed

Security Researcher, Nile University
AS

Ahmed Shousha

Nile University


Wednesday May 16, 2018 11:35 - 11:55
La Jolla Ballroom - Salon ABCD 2nd Floor

11:55

12:15

Lunch
Wednesday May 16, 2018 12:15 - 13:30
La Jolla Ballroom - Salon EFGH 2nd Floor

13:30

14:00

GDPR: The future of WHOIS is dark
Speakers
GA

Greg Aaron

Illumintel
avatar for Rod Rasmussen

Rod Rasmussen

R2 Cyber


Wednesday May 16, 2018 14:00 - 14:30
La Jolla Ballroom - Salon ABCD 2nd Floor

14:30

The Hunt for Silent Librarian: How We Tracked the Iranian Mabna Institute
Speakers
avatar for Crane Hasshold

Crane Hasshold

Director of Threat Intelligence, Phishlabs
Crane Hassold is the Director of Threat Intelligence at PhishLabs based out of Charleston, SC, where he oversees the Research, Analysis, and Intelligence Division (RAID). Prior to joining PhishLabs, Crane served as an Analyst at the FBI for more than 11 years, providing strategic... Read More →


Wednesday May 16, 2018 14:30 - 15:00
La Jolla Ballroom - Salon ABCD 2nd Floor

15:00

Break
Wednesday May 16, 2018 15:00 - 15:30
La Jolla Ballroom - Salon EFGH 2nd Floor

15:30

AZORult Infostealer
Speakers
EK

Eric Kumar

Deloitte & Touche LLP


Wednesday May 16, 2018 15:30 - 16:00
La Jolla Ballroom - Salon ABCD 2nd Floor

16:00

16:30

17:00

Predicting Phishing Infrastructure
Speakers

Wednesday May 16, 2018 17:00 - 17:30
La Jolla Ballroom - Salon ABCD 2nd Floor

19:30

Networking Dinner
Wednesday May 16, 2018 19:30 - 22:30
La Jolla Ballroom - Salon ABCD 2nd Floor
 
Thursday, May 17
 

09:00

Welcome
Speakers

Thursday May 17, 2018 09:00 - 09:15
La Jolla Ballroom - Salon ABCD 2nd Floor

09:00

Registration
Thursday May 17, 2018 09:00 - 11:00
La Jolla Hallway 2nd Floor

09:15

Review of Online Shopping Scams in Poland
Speakers
PJ

Przemek Jaroszewski

CERT Polska/NASK
SK

Sebastian Kondraszuk

CERT Polska/NASK


Thursday May 17, 2018 09:15 - 09:45
La Jolla Ballroom - Salon ABCD 2nd Floor

09:45

Operation Fake Store Site Take Down - Japan
Speakers
KT

Kenichi Takao

Director, Public Private Pertnership, National Police Agency Japan
Presently, how to counter Cyber Crime. | Formerly, how to tackle Cyber Attack and How to examine Cyber Forensic for 20 years.


Thursday May 17, 2018 09:45 - 10:15
La Jolla Ballroom - Salon ABCD 2nd Floor

10:15

Phishing Trend in Japan and the Counteraction taken as the Council of Anti-Phishing Japan
Speakers
avatar for Hajime Komaba

Hajime Komaba

JPCERT/CC
I am belonging to JPCERT/CC an work with Council of Antiphishing Japan (CAPJ) as an Phishing Analyst. Please ask me about a trend of Japan Phishing Crime.


Thursday May 17, 2018 10:15 - 10:45
La Jolla Ballroom - Salon ABCD 2nd Floor

10:45

Break
Thursday May 17, 2018 10:45 - 11:15
La Jolla Ballroom - Salon EFGH 2nd Floor

11:15

Detecting Phishing from pDNS
Speakers
avatar for Irena Damsky

Irena Damsky

Freelance
Security Researcher, Speaker, Mentor and Manager


Thursday May 17, 2018 11:15 - 11:45
La Jolla Ballroom - Salon ABCD 2nd Floor

11:45

COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style
Speakers
avatar for Artsiom Holub

Artsiom Holub

Security Analyst, Cisco Umbrella
I am current Security Research Analyst on the Cisco Umbrella Research team. Throughout the course of the day, I work on Security Threat Reports for existing and potential clients, work closely with the Customer Support Team, find new threats and attacks by analyzing global DNS data... Read More →
avatar for Jeremiah O'Connor

Jeremiah O'Connor

Senior Research Engineer, Cisco Security


Thursday May 17, 2018 11:45 - 12:05
La Jolla Ballroom - Salon ABCD 2nd Floor

12:05

Bullet-Proof Payment Processing
Speakers
DM

Damon McCoy

New York University
HT

Hongwei Tian

New York University
DS

D. Sean West

Senior Project Director, SMGPA


Thursday May 17, 2018 12:05 - 12:25
La Jolla Ballroom - Salon ABCD 2nd Floor

12:25

12:45

Boxed Lunch
Thursday May 17, 2018 12:45 - 13:15
La Jolla Ballroom - Salon EFGH 2nd Floor

13:15

13:30

STC Footprint Report
Speakers
AL

Aimee Larsen Kirkpatrick

Global Cyber Alliance


Thursday May 17, 2018 13:30 - 13:50
La Jolla Ballroom - Salon ABCD 2nd Floor

13:50

Phishing...that’s gonna leave a DMARC
Have you ever wondered what the bigger picture of DMARC reports revealed across multiple domains?

In this session, we'll be taking a look at the intersection of APWG's /mal_ip and /phish datasets, cross-referencing against DMARC reports gathered by dmarcian. The data will look into patterns among malicious actors, the breadth of attack surface that's revealed via DMARC reports, and more.

Speakers
avatar for Tim Draegen

Tim Draegen

dmarcian, inc.
avatar for Barry Jones

Barry Jones

dmarcian


Thursday May 17, 2018 13:50 - 14:20
La Jolla Ballroom - Salon ABCD 2nd Floor

14:20

Cyber-Resilience Baselining
Speakers
DK

DongInn Kim

Indiana University


Thursday May 17, 2018 14:20 - 14:40
La Jolla Ballroom - Salon ABCD 2nd Floor

14:40

A 911/211 System for Cybercrime?
Speakers
AV

Arun Vishwanath

Cybercrime Support Network
I am an Associate Professor at the University at Buffalo and Faculty Associate at the Berkman Center for Internet and Society at Harvard University. | | My research on the “people problems” of cyber security has been presented at leading outlets from the Johns Hopkins Applied... Read More →


Thursday May 17, 2018 14:40 - 15:00
La Jolla Ballroom - Salon ABCD 2nd Floor

15:00

Networking Break
Thursday May 17, 2018 15:00 - 15:30
La Jolla Ballroom - Salon ABCD 2nd Floor

15:30