Photos: Inside the RSA cybercrime war room

Photos: Inside the RSA cybercrime war room

Summary: Behind the doors at RSA's anti-fraud centre

SHARE:
TOPICS: Security
0

 |  Image 2 of 5

  • Behind the doors at RSA's anti-fraud centre

    At RSA's Anti-Fraud Command Centre (AFCC) in Herzelia, Israel, more than 100 staff work to detect, dissect and block phishing sites and Trojan attacks 24 hours per day.

    From the AFCC, the security firm sifts through more than 10 million emails every day, as well as domain names and fraudster chat rooms, searching for threats to its customers, which include a selection of Britain's high street banks.

    The centre also gathers information on threats from Trojans using honeypots: unprotected machines that automatically trawl the web gathering malware infections for study.

    Photo credit: Nick Heath/silicon.com

  • To date the AFCC has shut down more than 180,000 phishing attacks in more than 140 countries.

    It does this with the help of ISPs, email providers and internet gateway providers, who forward emails to RSA's AFCC if they contain keywords associated with phishing emails.

    Suspect links will be automatically tested by software to check if they lead to phishing sites. If the software finds they do, the links will then be double-checked by a person.

    Once a phishing site is detected, RSA will immediately notify the customer whose site is being spoofed and pass details of the fraudulent site onto ISPs and browser developers, such as Microsoft and Mozilla, so they can block public access to it.

    The next stop for the AFCC team, shown here, will be to speak to contacts in its network of 8,000 internet service providers, domain registrars and web hosting providers to get them to shut down and remove the phishing site.

    The AFCC is able to shut down the majority of sites within five hours, according to RSA.

    Photo credit: Nick Heath/silicon.com

  • This bank of screens at the front of the centre shows all of the attacks currently being detected by the AFCC.

    Once a phishing site is detected by the AFCC, fraud analysts within the centre will begin a forensic investigation.

    They will attempt to extract useful information from the site, such as what types of personal details have been compromised or the email address where the stolen details are being sent to.

    AFCC staff also fight the fraudsters by creating dummy accounts on phishing sites and then tracking when and where fraudsters attempt to access those false accounts.

    That fraud pattern is then passed onto a network of banks, credit unions, ISPs and other companies who share a database of fraud patterns that allow organisations to spot the signs of a fraudulent transaction and block it before it goes through.

    Photo credit: Nick Heath/silicon.com

  • Thumbnail 1
  • Thumbnail 2
  • Thumbnail 3
  • Thumbnail 4
  • Thumbnail 5

Topic: Security

About

Nick Heath is chief reporter for TechRepublic UK. He writes about the technology that IT-decision makers need to know about, and the latest happenings in the European tech scene.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

Talkback

0 comments
Log in or register to start the discussion