SESSION ID: ACB-F01 The Modus Operandi of EV Certificates Fraudsters: Findings from the Field Dr. David Maimon Director Evidence Based Cybersecurity Research Group Georgia State University @david_maimon ebcs.gsu.edu #RSAC #RSAC #RSAC #RSAC 4 #RSAC #RSAC Findings Summary At least one international organized crime group has been able to exploit the unique problems embedded within the validation process taken by Certificate Authorities, and issue EV certificates for websites of non-existant retail and financial institutions in the UK and the USA #RSAC #RSAC Evidence-Based Cybersecurity (EBCS) Stresses moving beyond decision makers’ political, financial, social background and personal experience to a model in which tools’ adoption and policy enforcements decisions are made based on scientific studies findings. #RSAC Offenders Enablers The Deep Web and Darknet Guardians Cybercrime Ecosystem The Surface Web Targets #RSAC Rigorous Scientific Research Designs #RSAC Key Principals of the Approach Generate and employ empirical evidence to: - Identify online threats and vulnerabilities and educate targets of cybercrime - Guide policy development and guardians’ efforts to secure cyberspace - Guide the design and configuration of computing environments that can mitigate effectively the consequences cybercrime events #RSAC #RSAC Identify Threats Weekly Trends Across more than 60 Darknet Markets/Forums 1) Weekly trends across 60 stolen data markets/forums #RSAC Weekly Trends Across 3 of the Largest Stolen Markets on the DarkNet (May – July 2019) 1400 80 1200 70 1000 60 800 50 600 40 30 400 20 200 10 0 Berlusconi Tochka Number of Ads Nightmare 0 Berlusconi Tochka Number of Vendors 5 Nightmare #RSAC Most Commonly Used Keywords in Fraud Categories across 20 Darknet Markets #RSAC Most Commonly Used Bank Names in Fraud Categories across 50 Darknet Markets #RSAC #RSAC Mentions Count of Search performed on December 3rd SSL TLS Web Name Certificates Certificates Dream Market 2912 64 Wall Street 10 4 BlockBooth 3 1 Nightmare 2 0 Galaxy3 16 7 #RSAC Transport Layer Security (TLS)Certificates Security functions: – Authenticating and verifying the identity of a host, client or application. – Enable the encryption of information of data exchanged between a client and a server #RSAC Certificate Authorities CAs are charged with the task of employing various validation processes for different types of SSL/TLS certificates