AlphaBay Market: Lessons From Underground Intelligence Analysis – SANS CTI Summit 2018

Bookmark(0)

No account yet? Register



AlphaBay Market was by far the largest and most prolific provider of cyber crime and fraudulent services in the world prior to its seizure by the FBI on July 4, 2017. While the Tor-based marketplace was most famous for the sale of narcotics, firearms, and stolen goods, AlphaBay’s forum was the epicenter of the English-speaking cyber criminal community. During the site’s
tenure, it provided a rich source of intelligence on the tactics, techniques, and operations of cyber criminal groups targeting a wide range of corporations and selling exfiltrated data
through the marketplace securely and anonymously. This included visibility into the attack cycle, AlphaBay operating as a bridge between the English and Russian language cyber criminal
communities, and the likely role of AlphaBay’s administrators in cryptocurrency market manipulation on a large scale. This presentation will discuss iDefense’s research into AlphaBay
Market as a case study on how in-depth analysis of underground communities can contribute to an organization’s security posture. It will provide a detailed discussion of the tradecraft and
methodologies used for underground intelligence, such as the use of undercover personas and how to apply social engineering techniques to gain additional intelligence. It will also discuss the
strengths and weaknesses of such an approach and the risks associated with cyber underground collection. Finally, the case study will present lessons learned from engagement and analysis
of criminal underground communities and how attendees can integrate cyber underground intelligence into their threat intelligence program.

Christy Quinn (@ChristyQuinn), Security Specialist – Cyber Threat Intelligence, iDefense – Accenture Security



AlphaBay Market was by far the largest and most prolific provider of cyber crime and fraudulent services in the world prior to its seizure by the FBI on July 4, 2017. While the Tor-based marketplace was most famous for the sale of narcotics, firearms, and stolen goods, AlphaBay’s forum was the epicenter of the English-speaking cyber criminal community. During the site’s
tenure, it provided a rich source of intelligence on the tactics, techniques, and operations of cyber criminal groups targeting a wide range of corporations and selling exfiltrated data
through the marketplace securely and anonymously. This included visibility into the attack cycle, AlphaBay operating as a bridge between the English and Russian language cyber criminal
communities, and the likely role of AlphaBay’s administrators in cryptocurrency market manipulation on a large scale. This presentation will discuss iDefense’s research into AlphaBay
Market as a case study on how in-depth analysis of underground communities can contribute to an organization’s security posture. It will provide a detailed discussion of the tradecraft and
methodologies used for underground intelligence, such as the use of undercover personas and how to apply social engineering techniques to gain additional intelligence. It will also discuss the
strengths and weaknesses of such an approach and the risks associated with cyber underground collection. Finally, the case study will present lessons learned from engagement and analysis
of criminal underground communities and how attendees can integrate cyber underground intelligence into their threat intelligence program.

Christy Quinn (@ChristyQuinn), Security Specialist – Cyber Threat Intelligence, iDefense – Accenture Security

Be the first to comment

Leave a Reply

Your email address will not be published.


*