GameOver Zeus: Badguys and Backends

Presented at Black Hat USA 2015, Aug. 5, 2015, 1:50 p.m. (50 minutes)

This presentation will detail many of the individuals responsible for GameOver Zeus and Cryptolocker, summarize the law enforcement investigation, and highlight the novel legal processes used to wrest control of the botnet from its operators.

GameOver Zeus represents one of the most complex, and successful, law enforcement operations against cyber crime to date. The talk will highlight extensive industry and government partnerships, the many international agencies that played a part, and discuss some of the methods used by private industry and law enforcement personnel to track and identify those responsible for the malware. The investigation resulted in the highest ever reward offered for a cyber criminal: $3,000,000 for Evgeniy Bogachev.


Presenters:

  • Elliott Peterson - FBI
    Elliott Peterson is a Special Agent with the FBI in the Pittsburgh Field Office. A member of Pittsburgh's Criminal Computer Intrusion Squad, he is responsible for investigating complex botnets, high dollar account takeover fraud, and Distributed Denial of Service attacks. Prior to joining the FBI, Elliott worked in Higher Education and served as an officer in the United States Marine Corps. He holds a bachelor's degree in Computer Science from Dickinson College and a master's degree in Crime Analysis from Tiffin University.
  • Tillmann Werner - CrowdStrike
    Tillmann Werner is the Director of Technical Analysis at CrowdStrike Intelligence where he is responsible for the analysis of targeted threats, developing defense strategies and prototyping analysis tools. He loves linking together scientific research with actionable intelligence and specializes in malware reverse engineering, honeypot technologies and containment strategies for large-scale attacks. As a member of the Honeynet Project, Tillmann is actively involved with the global computer security community and is a regular speaker on the international conference circuit.
  • Michael Sandee - Fox-IT
    Michael Sandee is one of the worlds foremost financial malware experts and has a long track record of investigating and assisting law enforcement with financial malware investigations. As a key member in the Fox-IT financial malware intelligence unit he works full time day to day on investigating Internet originating financial threats. While a lot of the activity happens behind the scenes there are incidental cases where information of the investigation is shared with the public. Michael has been tracking the ZeuS malware since the first years of its existence up until the last moment of peer-to-peer ZeuS and has also researched many of its variants such as KINS, Citadel and Ice-IX. Black Hat 2015 will be the first time we will provide detailed background information to a larger audience about the peer-to-peer ZeuS investigation. It will detail the malware way beyond its technical capabilities and we will also discuss the legal framework under which we operated.

Links:

Similar Presentations: