Case of Republic of Korea Dr Lee Jeong Min KrCERT CC Korea Internet amp Security Agency Case Study Bypass SRS Contents KISA I Current States of CyberFraud ID: 918916
Download Presentation The PPT/PDF document "Incident Response Case in Cyber-Fraud" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Incident Response Case in Cyber-Fraud -Case of Republic of Korea-
Dr. Lee,
Jeong
Min
,
KrCERT
/CC
Korea Internet & Security
Agency
Slide2Case Study : Bypass SRSContents
KISA
I
Current States of Cyber-Fraud
II
Response systems
for Cyber-Fraud
IV
III
Slide31. Korea Information & Security Agency(KISA)
Slide4KISA(www.kisa.or.kr)Korea Information & Security AgencyHistory In 1996, Korea Information Security Center was established. In 2001, KISC grew to the Korea Information Security Agency. In 2009, 3 government bodies, KISA, NIDA and KIICA were united into Korea Internet and Security Agency.
Slide5Major Duties of KISAInformation Security, Broadcast and Communication Improvement, ICT International Cooperation KISA is empowered by Ministry of Science, ICT and Future Planning‘Act on Promotion of Information & Communications Network Utilization and Information Protection, etc.’
Slide62.Current States of Cyber- fraud
Slide7What is Phishing?Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.-http://en.wikipedia.org/wiki/Phishing-
Slide8Cyber-Fraud in S.KoreaVoice PhishingThe criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward.SmishingUse cell phone text messages to deliver the bait to induce people to divulge their personal information. In the text message may be a website URL.
http://www.wikipedia.org/
Slide9Smartphone Penetration Ratein S.Korea
Slide10Number of Reportsfrom National Police
Slide11Annual Damagesfrom National Police
Slide123. Response Systems for cyber-fruad
Slide13Forged caller’s phone number Block Service - VOICE
No
Forged number
(
02-1234-0112
)
Yes
Exist?
Voice Phishing
Forged caller’s phone
number
Block Service
International
Call
Telecommunication
Company
Block
Public
Company
BANK
Law
Enforcement
Phone Numbers
Phone Numbers
Phone Numbers
International Call Block DB
[Company Name, Phone Number]
Slide14Block SMS text Server
Receiver
Try to find phone number
in Phone Number DB
3
4
Matching sender’s
[Company Name, Phone No.]
⇒
PASS
Bank A
(1599-9999)
Bank B
(1599-5000)
Company’s Data
KISA
Company
[Name,
Phone Number]
:
Using Forged-Number
for hiding identification
( 02-1599-9999)
KB
국민은행입니다
.
보이스피싱 주의경보 발령
(
피해신고는
112)
KB
국민은행입니다
.
고객님의개인정보가 유출되었으니보안승급바랍니다
.
kbbenk.com
Normal SMS Text
2
Mismatching sender’s
[Company Name, Phone No.]
⇒
Block
4
SMS Server
MMO’s
Message
Center
Sending SMS Text
Receive
SMS Sending company by Internet
INTERNET
Fake SMS Message
Using URL
2
[Phone Number DB]
1
Phone Record : about 0.6 M
[ Phone Number
DB ]
[Phone Number DB]
Forged caller’s phone number Block Service
- SMS
Slide15Statistics of forged caller’s phone number Block ServiceVoice : 2013.1~, SMS : 2013.9~from KISA
Slide16Smishing Response System(SRS)
[Mobile
Network
Operator]
Confirm
by Human
In KISA
Brief
Report
Result
KISC
Analyze
SMS Text
Message
118 Call Center
(24/7)
SMS text
Message
URL Block
Request
[ISP/MSO]
Confirm
By Human
Outside KISA
Result
Confirm
Request
[Law Enforcement]
Information
Collect Suspicious URL
Analyze
Confirm
Block
Download&
Analyze
Server
Suspicious
URL
KISC : Korea Internet Security
Center
Suspicious
URL
Slide17# of detected Smishing Messagefrom KISA
Slide18# of malicious App.from KISA
Slide19# of blocked URLfrom KISA
Slide204. Case Study : Bypass SRS
Slide21Avoiding Filter & Block토요일에 결혼식 잊지말고 축복하러 와주세요 웨딩사진첩
"
t.c
*/R*
tvvTv*w"
토요일
z결혼식f잊q지o말고w축복하러f
와주세요k웨딩z사진첩 "t.c*/R*tvvTv*w"
구매하신 물품이 정상처리 되셨습니다
.https://dl.dropboxusercontent.com/s/xfx*ty0n9qz*boz/map.apk
Slide22Using CAPTCHA CodeCAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) Type of challenge-response test used in computing to determine whether or not the user is human
<Example of CHPTCHA>
http://www.wikipedia.org/
Slide23Using User InputAsk to input user’s phone number
Slide24Checking Connection Methodhttp://www.spo.go.kr/Phishing Site(http://www.spo1.co
.kr/
)
http://
goo.gl/zn9t0H
SRS
Mobile
Slide25Counter MeasureIncreasing Text Filter abilityInduction Image Comparing Tech.Build malicious app gathering system in mobile area
Slide26ConclusionCyber-Fraud will be increasingMove to Instant Messenger (Line, Kakao, QQ etc)Preparing Fin-TechNo perfect technical-solution for preventing Cyber-Fraud yet
Slide27Q/Ajmlee@kisa.or.kr
Slide28Thank You