Infosec In the City (IIC)
Who Stole My $100,000's Worth Bitcoin Wallets — Catch Them All with New Deceptive Bait
SINCON 2020 Conference Deep-Tech Track
Day 1 (2 Jan 2021)
@ Main Stage
[SINCON 2020 Conference Full Schedule]
Millions of malicious Internet-wide scanning happen on a daily basis, looking for exposed sensitive files on insecure Internet-facing servers. Corporate info, sensitive data, or personal files are always popular juicy targets. What if we can easily craft a 'tailor-made' deceptive file, let it get stolen on the Internet and notify us with the 'thief' information?
In this session, we will showcase a 90 days interesting real-world use case, by spreading '$100,000 worth' Bitcoin wallets on the Internet with different means selectively. These wallets were embedded in 'tailor-made' archive files, with custom alerting mechanisms.
Surprisingly all wallets were stolen, and some of them even get stolen within minutes! We will share the technique in detail, do's and don'ts with lessons learned. We will deep dive into the interesting collected results, unexpected fruitful observations and expose the 'thief'.
We will introduce 'Honeybag' - a new open-source tool which everyone can easily craft the deceptive archive, with tailored alerting mechanism and support for any embedded decoy documents. This will be useful in data breach detection and cybercrime investigation.
About Tan Kean Siong
TAN KEAN SIONG is an independent security researcher and member of The Honeynet Project. He involved in several open-source network sensor and honeypot development, including Dionaea, Honeeepi and Glutton. He has spoken in conferences e.g. Black Hat Asia, DEF CON Packet Hacking Village, Infosec In the City, HITB, HITCON, VXCON, TROOPERS, Kaspersky SAS, PHDays, FIRST, Honeynet Project Workshop and other security community events.