AusCERT2015

Connect with us   ​  

Mike Smith

Michael Smith serves as Akamai’s APJ Chief Technology Officer for Security and is responsible for supporting sales, professional services, operations, product management, and marketing across all of the Akamai security solutions portfolio.

Previously, Mr Smith was the Founder and Director of Akamai’s Customer Security Incident Response Team, responsible for leading a team of web security incident responders and researchers that study the tactics, techniques, and procedures of web attackers and apply that knowledge to help protect Akamai customers during events such as site defacements, data breaches, and distributed denial of service.  CSIRT was designed to be a top-tier organization as part of Akamai’s managed services offerings and developed many of the incident investigation and response procedures in use today at the Akamai SOCs.  CSIRT was crucial in doing outreach to Information Sharing Analysis Organizations, national-level Computer Emergency Response Teams and law enforcement.

Prior to CSIRT, Mr Smith served as Akamai's Security Evangelist and as the customer-facing ambassador for the Information Security Team, helping customers to understand both the internal security program and the unique security features and capabilities of the Akamai product portfolio and cloud-based solutions.   He revised security contract clauses and assisted customers with their compliance initiatives and vendor assessments.

Before coming to Akamai, Mr Smith worked for Deloitte as a manager on a project with the US Government to take physical security devices, attach computers as data acquisition devices, and network them to share performance and detection statistics.  Mr Smith maintained the contract security requirements for equipment and assisted vendors with security testing of their equipment during development and as part of acceptance testing.

Mr Smith spent 5 years at Unisys working on security assessments and compliance support for various initiatives in support of US Government IT services such as managed network and security operations centers and IT outsourcing contracts.

Mr Smith is a 16-year veteran of the United States Army.  He graduated from the Defense Language Institute with an advanced certificate in the Russian Language and served in the intelligence branch.  In 2004 he was deployed with the US Army National Guard to Afghanistan as an infantry squad leader.

Presentation Title
My Other Purchase is Your Purchase: Account Takeover and Cashout Schemes
Abstract

Account takeover is a combination of phishing, data breaches, account checker tools to compromise accounts, and a cashout strategy to earn income from compromised accounts.  What began over 4 years ago as a set of Tactics, Techniques, and Procedures to attack US eCommerce sites and their users by has grown to the level of an international pandemic.

Since 2012, Akamai has assisted its customers—some of the largest websites in the world—in fighting account takeover.  This session presents a large amount of case study and lessons learned throughout numerous incidents.  The intent is to provide targeted organizations a healthy amount of information that they can then apply to protect themselves.

In this session, we’ll discuss account takeover and cashout schemes and the following topics: basic TTPs for attackers; a survey of technical attack tools; clever cashout schemes; detection of compromised accounts both across the wire and through data-mining; attack detection and mitigation; and application changes to make a website less of a target.

REGISTER HERE!

Conference Highlights

New Venue
Don't miss the best cyber security conference in Australia at the Surfers Paradise Marriott, only 150 m from Surfers Paradise beach

Conference MC
Comedian and Mathematician Adam Spencer will host the conference, Gala Dinner and Speed Debate

Career Café
Retreat to the back of the exhibition away from the noise for a real coffee at the AusCERT2016 Career Café and chat with specialist Infosec recruiters