Jonathan R. Perlstein
Federal Bureau of Investigation
New York, NY
Abstract: The Gozi Trojan represents one of the most prolific and damaging credential-stealing malware families ever released. Known financial losses due to this malware exceed tens of millions of dollars, and the more than one million victims worldwide include major corporate entities and government agencies. Over the course of a multi-year investigation, the FBI New York Office Cyber Branch gained a thorough understanding of both the technical underpinnings of the Gozi code base and the organized criminal structure of its principal purveyors. This investigative effort has led to the arrest of three individuals alleged to have played critical roles in the architecture, distribution and maintenance of the Gozi malware. In this presentation two of the primary investigators will provide detail concerning the technical architecture of the Gozi malware family and will explain how the FBI New York Office was able to leverage this understanding successfully to indict the alleged conspirators.
Biography: Jonathan R. Perlstein has served as a Special Agent in the FBI New York Office for six years. During the first phase of his career in New York, he worked on the Joint Terrorism Task Force, applying technical skills to a variety of counterterrorism investigations. For the past three years he has worked computer intrusion investigations, helping to develop the technical investigative practices of the FBI New York Office Cyber Branch. He specializes in writing software to meet investigative necessities and reverse engineering malicious binary executables. He holds a Bachelor’s Degree in Computer Science from Duke University.