SlideShare une entreprise Scribd logo

Defending Netflix from Abuse

Jason Chan
Jason Chan

My talk from Facebook's Spam Fighting at Scale 2016 conference.

Technologie
1  sur  43
Engineering Director, Cloud Security Jason Chan Defending Netflix from Abuse
> 86 million members > 190 countries > 125 million hours of streaming per day ~35% of US Internet traffic at peak Netflix Statistics
Some Abuse-Related Background
Simplifiers • No user-generated content • No ads on service • Limited member-to-member interactions • No directly extractable value Abuse @ Netflix • Use value of accounts • Account fungibility • Device ecosystem • Language diversity • Payments complexity • Usage patterns Complicators
“What is the Netflix password?”
• Consumer friendly • 30 day free trial • Easy to cancel • Excellent consumer experience can create potential for abuse Netflix Service
• Who will convert from free trial to paid? • Financial projections • How will members behave? • Content planning • User experience, product enhancements Key Questions Driving Anti-Abuse
1. Obtain Netflix accounts (without paying) 2. Monetize • Primarily via resale • Secondarily as bait/lure Adversary Actions Goals • Free trial fraud (fake accounts) • Account takeover (ATO) Methods
Free Trial Fraud
• Payments is a primary abuse differentiator (vs. free services) • Payment method is required @ signup • Global payments infrastructure and operations is complex • Loopholes and unexpected failure modes occur regularly • Adversaries search for and exploit these failures • So, fake account management is largely a payments fraud problem Free Trial Fraud
Free Trial Fraud: Control Approach Initial Assessment (Client to Site) • VPN/proxy analysis • Device fingerprinting • Global merchant data analysis • Internal threat intel analysis Signup (Payment Validation) • Method of payment checks • Business rules (e.g. trial eligibility) • Risk-dependent auth Post-Signup (Activity Analysis) • BIN anomalies • CS contacts • Account behaviors (e.g. cross-border streaming)
• Detect and disable within 30 days post signup (free trial period) • Continue to shrink the detect-to-disable period • Keep data clean • Reduce adversary opportunity to monetize Free Trial Fraud – Control Objectives
Account Takeover
• 3rd party breaches (password reuse) • Phishing • Malware • “Friendly” compromise ATO – Traditional Causes
Obtain Credentials Use Publish Sell Change Unable to Access Unusual Activity Password Reset Compromise Member Impact Resolution Self Resolution Contact CS Cancel Account Detection, Action, & Measurement ATO Lifecycle
• Account validators and traffic analysis • Detect “credential stuffing” • Credential dumps (pastebin, 3rd party) • Customer service contacts • Predictive model Detecting Account Takeover
• To better identify ATO population, we began with cred dumps • Hypothesis – Members in cred dumps who contact CS exhibit acute signs of compromise • Built classifier to segregate these accounts, and ranked features of impacted accounts • Apply to broader member population • Additional revisions and models created to fine tune Modeling ATO
Abuse Monetization and Markets
General Internet
Video
Social
Auctions and Forums
Typical Outcomes for Resale “Customers”
Disrupting Monetization
• Discovery and takedowns • scumblr and partners • Complicated by language • Collaboration • e.g. eBay LVIS (Licensing Verification and Information System) and VeRO (Verified Rights Owner) • e.g. ThreatExchange (WIP) Monetization Controls
Darkweb
• Monitor and analyze • Cost • Resellers • Overall supply • Controlled purchases • Analyze origins • Upstream intel Darkweb “Controls”
Questions? chan@netflix.com

Recommandé

How to identify credit card fraud
How to identify credit card fraudHow to identify credit card fraud
How to identify credit card fraud
Henley Walls
 
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
PROIDEA
 
Accepting Online Credit Card Payments Review
Accepting Online Credit Card Payments ReviewAccepting Online Credit Card Payments Review
Accepting Online Credit Card Payments Review
eCorner Pty Ltd
 
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliancee-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
Varun Mittal
 
Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...
ZTech Proje
 
Hackathon - London Blockchain Week 2018
Hackathon - London Blockchain Week 2018Hackathon - London Blockchain Week 2018
Hackathon - London Blockchain Week 2018
Softjourn, Inc.
 
Graphs for Finance - A technological background
Graphs for Finance - A technological backgroundGraphs for Finance - A technological background
Graphs for Finance - A technological background
Neo4j
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Jason Chan
 

Recommandé

How to identify credit card fraud
How to identify credit card fraudHow to identify credit card fraud
How to identify credit card fraud
Henley Walls
 
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
CONFidence 2014: Arkadiusz Bolibok,Paweł Goleń: Evaluation of Transactional C...
PROIDEA
 
Accepting Online Credit Card Payments Review
Accepting Online Credit Card Payments ReviewAccepting Online Credit Card Payments Review
Accepting Online Credit Card Payments Review
eCorner Pty Ltd
 
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliancee-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
e-Know Your Transaction (e-KYT) Solution for Financial Crime Compliance
Varun Mittal
 
Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...Psdot 16 a new framework for credit card transactions involving mutual authen...
Psdot 16 a new framework for credit card transactions involving mutual authen...
ZTech Proje
 
Hackathon - London Blockchain Week 2018
Hackathon - London Blockchain Week 2018Hackathon - London Blockchain Week 2018
Hackathon - London Blockchain Week 2018
Softjourn, Inc.
 
Graphs for Finance - A technological background
Graphs for Finance - A technological backgroundGraphs for Finance - A technological background
Graphs for Finance - A technological background
Neo4j
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Jason Chan
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security Automation
Jason Chan
 
Careers in Security
Careers in SecurityCareers in Security
Careers in Security
Jason Chan
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
Jason Chan
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security Automation
Jason Chan
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
Jason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud Security
Jason Chan
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
Jason Chan
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ Netflix
Jason Chan
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application Security
Jason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Jason Chan
 
Culture
CultureCulture
Culture
Reed Hastings
 
Laracon Online: Grid and Flexbox
Laracon Online: Grid and FlexboxLaracon Online: Grid and Flexbox
Laracon Online: Grid and Flexbox
Rachel Andrew
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Alex Stamos
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
Jason Chan
 
Analyze System and Code Interactions
Analyze System and Code InteractionsAnalyze System and Code Interactions
Analyze System and Code Interactions
Qualcomm Developer Network
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
Jason Chan
 
Ibm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalIbm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinal
aspyker
 
Faster Payments on the Blockchain
Faster Payments on the BlockchainFaster Payments on the Blockchain
Faster Payments on the Blockchain
Karen Hsu
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity
gppcpa
 

Contenu connexe

En vedette

From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud Security
Jason Chan
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
Jason Chan
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application Security
Jason Chan
 
Ibm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalIbm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinal
aspyker
 

En vedette (20)

The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security Automation
 
Careers in Security
Careers in SecurityCareers in Security
Careers in Security
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security Automation
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud Security
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ Netflix
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application Security
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
 
Culture
CultureCulture
Culture
 
Laracon Online: Grid and Flexbox
Laracon Online: Grid and FlexboxLaracon Online: Grid and Flexbox
Laracon Online: Grid and Flexbox
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
 
Analyze System and Code Interactions
Analyze System and Code InteractionsAnalyze System and Code Interactions
Analyze System and Code Interactions
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
 
Ibm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalIbm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinal
 

Similaire à Defending Netflix from Abuse

Similaire à Defending Netflix from Abuse (20)

Faster Payments on the Blockchain
Faster Payments on the BlockchainFaster Payments on the Blockchain
Faster Payments on the Blockchain
 
Blockchain and Cybersecurity
Blockchain and Cybersecurity Blockchain and Cybersecurity
Blockchain and Cybersecurity
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
 
CFO Half-Day Conference
CFO Half-Day ConferenceCFO Half-Day Conference
CFO Half-Day Conference
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
 
DigitalKYC_Modules.pdf
DigitalKYC_Modules.pdfDigitalKYC_Modules.pdf
DigitalKYC_Modules.pdf
 
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its CustomersHow Eastern Bank Uses Big Data to Better Serve and Protect its Customers
How Eastern Bank Uses Big Data to Better Serve and Protect its Customers
 
CAAT_Outa_Bag
CAAT_Outa_BagCAAT_Outa_Bag
CAAT_Outa_Bag
 
4 Ways AI Can Help Your Small Business
4 Ways AI Can Help Your Small Business4 Ways AI Can Help Your Small Business
4 Ways AI Can Help Your Small Business
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptx
 
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
Banking Circle: Money Laundering Beware: A Modern Approach to AML with Machin...
 
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
Integrated Order to Cash (O2C) Automation Software for Global Shared Services...
 
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
Сервис, ты как? Практики и подходы к мониторингу ИТ-сервисов системами инфрас...
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business Case
 
E Commerce: Its role and development
E Commerce: Its role and developmentE Commerce: Its role and development
E Commerce: Its role and development
 
ppt on e crime management system
ppt on e crime management systemppt on e crime management system
ppt on e crime management system
 
Blockchain and the investment industry stack
Blockchain and the investment industry stackBlockchain and the investment industry stack
Blockchain and the investment industry stack
 
Chanchal ODSC-fraud-2017
Chanchal ODSC-fraud-2017Chanchal ODSC-fraud-2017
Chanchal ODSC-fraud-2017
 
Using Technology in Your Law Practice - MO SASF
Using Technology in Your Law Practice - MO SASFUsing Technology in Your Law Practice - MO SASF
Using Technology in Your Law Practice - MO SASF
 
Innovations in AP for Community Association Management
Innovations in AP for Community Association ManagementInnovations in AP for Community Association Management
Innovations in AP for Community Association Management
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Dernier (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Defending Netflix from Abuse

  • 1. Engineering Director, Cloud Security Jason Chan Defending Netflix from Abuse
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. > 86 million members > 190 countries > 125 million hours of streaming per day ~35% of US Internet traffic at peak Netflix Statistics
  • 7.
  • 9. Simplifiers • No user-generated content • No ads on service • Limited member-to-member interactions • No directly extractable value Abuse @ Netflix • Use value of accounts • Account fungibility • Device ecosystem • Language diversity • Payments complexity • Usage patterns Complicators
  • 10. “What is the Netflix password?”
  • 11. • Consumer friendly • 30 day free trial • Easy to cancel • Excellent consumer experience can create potential for abuse Netflix Service
  • 12. • Who will convert from free trial to paid? • Financial projections • How will members behave? • Content planning • User experience, product enhancements Key Questions Driving Anti-Abuse
  • 13. 1. Obtain Netflix accounts (without paying) 2. Monetize • Primarily via resale • Secondarily as bait/lure Adversary Actions Goals • Free trial fraud (fake accounts) • Account takeover (ATO) Methods
  • 15. • Payments is a primary abuse differentiator (vs. free services) • Payment method is required @ signup • Global payments infrastructure and operations is complex • Loopholes and unexpected failure modes occur regularly • Adversaries search for and exploit these failures • So, fake account management is largely a payments fraud problem Free Trial Fraud
  • 16. Free Trial Fraud: Control Approach Initial Assessment (Client to Site) • VPN/proxy analysis • Device fingerprinting • Global merchant data analysis • Internal threat intel analysis Signup (Payment Validation) • Method of payment checks • Business rules (e.g. trial eligibility) • Risk-dependent auth Post-Signup (Activity Analysis) • BIN anomalies • CS contacts • Account behaviors (e.g. cross-border streaming)
  • 17. • Detect and disable within 30 days post signup (free trial period) • Continue to shrink the detect-to-disable period • Keep data clean • Reduce adversary opportunity to monetize Free Trial Fraud – Control Objectives
  • 19. • 3rd party breaches (password reuse) • Phishing • Malware • “Friendly” compromise ATO – Traditional Causes
  • 20. Obtain Credentials Use Publish Sell Change Unable to Access Unusual Activity Password Reset Compromise Member Impact Resolution Self Resolution Contact CS Cancel Account Detection, Action, & Measurement ATO Lifecycle
  • 21. • Account validators and traffic analysis • Detect “credential stuffing” • Credential dumps (pastebin, 3rd party) • Customer service contacts • Predictive model Detecting Account Takeover
  • 22. • To better identify ATO population, we began with cred dumps • Hypothesis – Members in cred dumps who contact CS exhibit acute signs of compromise • Built classifier to segregate these accounts, and ranked features of impacted accounts • Apply to broader member population • Additional revisions and models created to fine tune Modeling ATO
  • 25. Video
  • 26.
  • 27.
  • 29.
  • 30.
  • 31.
  • 33.
  • 34.
  • 35. Typical Outcomes for Resale “Customers”
  • 36.
  • 37.
  • 39. • Discovery and takedowns • scumblr and partners • Complicated by language • Collaboration • e.g. eBay LVIS (Licensing Verification and Information System) and VeRO (Verified Rights Owner) • e.g. ThreatExchange (WIP) Monetization Controls
  • 41.
  • 42. • Monitor and analyze • Cost • Resellers • Overall supply • Controlled purchases • Analyze origins • Upstream intel Darkweb “Controls”