Who stole my 100,000 dollars’ worth of Bitcoin wallets – catch them all with new deceptive bait

Tan Kean Siong (The Honeynet Project)
live only
16:30 UTC on Day 2
THURSDAY 01 OCTOBER
Millions of malicious Internet-wide scans are happening on a daily basis, looking for exposed sensitive files on insecure Internet-facing servers. Corporate info, sensitive data and personal files are always the most popular juicy targets.

What if we could easily craft a 'tailor-made' deceptive file, let it get stolen on the Internet, and get it to notify us with the 'thief' information?

In this session, we will showcase an interesting recent 90-day real-world use case, by spreading '$100,000 worth' Bitcoin wallets on the Internet with different means selectively. These wallets were embedded in 'tailor-made' archive files, with custom alerting mechanisms. Surprisingly, all wallets were stolen, and some of them within just minutes!

We will share the technique in detail, the do's and don'ts, and the lesson learned. We will dive deep into the interesting results collected, the unexpected fruitful observations, and expose the 'thief'. We will release 'Honeybag' - a new open-source honeyfile which everyone can easily craft, with tailored alerting mechanism and support for any embedded decoy documents. This will be useful in data breach detection and cybercrime investigation.
Tan Kean Siong
The Honeynet Project Tan Kean Siong is an independent security researcher and member of The Honeynet Project. He is involved in several open-source network sensor and honeypot developments, including Dionaea, Honeeepi and Glutton. He has spoken at conferences including BlackHat Asia, DEFCON Packet Hacking Village, RSA, HITB, HITCON, VXCON, TROOPERS, Kaspersky SAS, PHDays, FIRST, Honeynet Project Workshop and other security community events.
arrow left Back

Who stole my 100,000 dollars’ worth of Bitcoin wallets – catch them all with new deceptive bait

16:30 - 17:00 UTC Thu 1 Oct 2020
Tan Kean Siong (The Honeynet Project)
Millions of malicious Internet-wide scans are happening on a daily basis, looking for exposed sensitive files on insecure Internet-facing servers. Corporate info, sensitive data and personal files are always the most popular juicy targets.

What if we could easily craft a 'tailor-made' deceptive file, let it get stolen on the Internet, and get it to notify us with the 'thief' information?

In this session, we will showcase an interesting recent 90-day real-world use case, by spreading '$100,000 worth' Bitcoin wallets on the Internet with different means selectively. These wallets were embedded in 'tailor-made' archive files, with custom alerting mechanisms. Surprisingly, all wallets were stolen, and some of them within just minutes!

We will share the technique in detail, the do's and don'ts, and the lesson learned. We will dive deep into the interesting results collected, the unexpected fruitful observations, and expose the 'thief'. We will release 'Honeybag' - a new open-source honeyfile which everyone can easily craft, with tailored alerting mechanism and support for any embedded decoy documents. This will be useful in data breach detection and cybercrime investigation.
Tan Kean Siong
The Honeynet Project Tan Kean Siong is an independent security researcher and member of The Honeynet Project. He is involved in several open-source network sensor and honeypot developments, including Dionaea, Honeeepi and Glutton. He has spoken at conferences including BlackHat Asia, DEFCON Packet Hacking Village, RSA, HITB, HITCON, VXCON, TROOPERS, Kaspersky SAS, PHDays, FIRST, Honeynet Project Workshop and other security community events.