Digital bank robbers make off with $6.7 million
During the holidays cybercriminals kept themselves busy, hacking websites and stealing all the data they could find. South African Postbank, a financial institution owned by SA Post Office, is one of the victims.
South African bank Postbank was robbed of $6.7 million earlier this month. But the thieves didn’t need masks and guns to pull off the job — just computers.
To pull off the heist, the hackers created a backdoor into one of the bank’s computers. From that hacked computer, they were able to access the rest of the network and issue the commands to distribute the $6.7 million to different accounts owned by the thieves. Those accounts were promptly emptied via ATM visits. Preliminary reports revealed that the cybercrime ring responsible for the theft opened a number of Postbank accounts all across the country and then, in the period between January 1 and January 3, they managed to access a Post Office employee’s computer from where they deposited money from other accounts into their own.
Since the crime didn’t raise any red flags with its automated fraud-detection programs, bank employees failed to notice the money was missing until the bank re-opened after the New Year’s holiday.
The irony is that 3 years ago the institution invested a large amount of money in their anti-fraud systems. However, as we can clearly see, anti-fraud systems aren’t worth much if the company doesn’t have a strict policy for the way their employees handle computers.
If the reports are true, then it is very likely that an employee with privileged rights must have fallen victim to a scam email designed to spread a malicious Trojan.
Fin24 reports that the National Intelligence Agency, which offers assistance when a government institution is compromised, has launched an investigation to precisely determine the causes that allowed for the incident to occur.
Bank representatives state that none of their customers are affected by the breach, but security experts believe that Postbank’s systems desperately need an upgrade.
Crooks don’t necessarily have to hack into a bank’s systems to gain access as it may be much easier to manipulate someone into handing over some information that can be utilized to just waltz in without being detected.
Lately, we’re presented with many cases in which a little bit of social engineering can perform much more efficiently than even the most sophisticated piece of malware. Take the thieves who stole 9 million dollars from payroll debit cards issued by RBS Worldpay.
10 Hackers Who Made History
The computer world has a rich history of hackers who steered the progress of computer science and gave shape to computers, the internet and networking as we see it today — in some cases single-handedly.
And while yes, there are the Black Hat hackers behind internet mayhem, thievery, and chaos, there are also White Hat hackers who use their computer savvy for good. There’s also a different kind of hacker entirely: the tinkerer. They all played parts, big and small, in creating the computer world as it exists today. Here are 10 of the greatest:
Konrad Zuse
It all begins with Konrad Zuse, arguably the very first computer hacker. He may not have been a hacker in the modern sense of the word, but none of it would have been possible without him. You see, Zuse made the world’s very first fully programmable (Turing-complete as they say) computer, known as the Z3. It began, of course, as the Z1, and while it wasn’t built in a cave with a box of scraps, Zuse did build it himself in his parents’ apartment, completing it in 1938. Zuse eventually gained some backing by the German government, leading to the evolution from the Z1 to the Z3, which, complete in 1941, is considered the mother of modern computing.
John “Captain Crunch” Draper
John Draper was hacking computers long before computers were even common place. Draper’s hacking heyday was back in the early 1970s, when the largest computer network to which the general public had any access was the telephone system. At the time, telephones were managed by an automated system using specific analogue frequencies which could be exploited to make free long distance or even international calls. It was called “Phreaking”, and one of the most well-known Phreaking tools was a toy whistle that came in a box of Cap’n Crunch cereal. With this whistle, Draper created another popular Phreaking tool known as the Blue Box, a device that could produce many other tones used by the phone companies.
Steve Wozniak
A contemporary to John Draper, Wozniak was no stranger to Phreaking. In fact, after Draper shared the details of his Blue Box design during a Homebrew Computer Club meeting, Wozniak built a version of his own. Steve Jobs saw the marketing potential in the device, and the two Steves began their first joint venture together. Wozniak’s hacking days weren’t all spent on projects of questionable legality, though. With the proceeds from their blue boxes as well as selling Wozniak’s cherished HP calculator and Jobs’ VW van, Wozniak created the Apple I. With the other Steve’s marketing prowess, their company became the industry leader it is today.
Robert Tappan Morris
As a graduate student at Cornell University, Robert Morris created his claim to fame: the computer worm. According to Morris, he created the worm as an attempt to gauge the size of the internet at the time. After its release on November 2, 1988, the Morris Worm went on to infect approximately 6000 systems (about 10 per cent of the internet attached computers at the time). The worm was intended to be unobtrusive, but due to a flaw in its replication algorithm, it copied itself excessively, causing heaving system loads and ultimately leading back to Morris. In 1989, Morris became the first person indicted and later convicted under the Computer Fraud and Abuse Act of 1986.
Mark “Phiber Optik” Abene
Here’s a name you may not be familiar with: Mark Abene. He never hacked into the D.O.D. nor did he steal millions of dollars in some Swordfish-style bank heist. What he did do was piss off AT&T. As a member of the hacker group Masters of Destruction, Abene was often poking around on AT&T’s systems. When AT&T’s telephone system crashed, leaving 60,000 customers without phone service for over nine hours, they quickly blamed Abene. The Secret Service paid him a rather aggressive visit, confiscating his equipment, and while AT&T eventually admitted that the crash was a mistake on its part, Abene was charged with computer tampering and computer trespassing in the first degree. Later, he would face more charges and ultimately serve a year in federal prison, making him the first hacker to do so.
Kevin “Dark Dante” Poulsen
Poulsen holds claim to one of the more amusing hacks of all time. A radio contest held by KIIS-FM promised a shiny new Porsche 944 S2 to the 102nd person to call into the station. Rather than try his luck among the multitude of Los Angeles listeners, Poulsen took over all of the telephone lines to the station to ensure he’d be the 102nd caller. He eventually had to disappear once he became a fugitive of the FBI. This landed him a spot on the popular TV show Unsolved Mysteries. The show’s hotlines crashed when the episode aired. Coincidence? In 1991, Poulsen was arrested and eventually pleaded guilty to various counts of computer fraud, money laundering, and obstruction of justice. Interestingly, since his incarceration, Poulsen made a complete 180, helping in cyber crime cases, and even capturing sexual predators on MySpace.
Kevin Mitnick
Kevin Mitnick is perhaps the most famous hacker in computer history, likely due to his being the first hacker to make the FBI’s Most Wanted list. As a master of social engineering, Mitnick didn’t just hack computers; he hacked the human mind. In 1979, at the age of 16, he hacked his way into his first computer system and copied proprietary software. He would often engage with admin personnel, such as in phone calls and email messages, and trick them into giving up passwords and other security information. After a two and a half year pursuit, Mitnick was finally arrested and served five years in prison. He now runs his own computer security consultancy, Mitnick Security Consulting.
Tsutomu Shimomura
Not all hackers fall under the Black-Hat umbrella. Tsutomu Shimomura is a White-Hat hacker credited with capturing Kevin Mitnick. In 1994, Mitnick stole some of Shimomura’s personal files and distributed them online. Motivated by revenge, Shimomura came up with a trace-dialling technique to back-hack his way in to locating Mitnick. With Shimomura’s information, the FBI was able to pinpoint and arrest Mitnick.
Richard Stallman
In his early years, Stallman was a graduate student and programmer at MIT’s Artificial Intelligence Labs where he would constantly engage with MIT’s rich hacking culture. As an advocate for just about everything Open Source, Stallman fought back when MIT installed a password system in its Computer Science department. He would decrypt users’ passwords (not an easy task given the processing power of the 1970s) and send them a message with their password in plaintext, suggesting they leave the password blank in order to re-enable anonymous use. Going into the 1980′s, Stallman didn’t like the proprietary stance many manufacturers were taking on their software. This eventually led Stallman to create the GNU General Public licence and GNU operating system, a completely free Unix-like OS that is completely Unix-compatible.
Linus Torvalds
Following Stallman’s lead, Linus Torvalds is another White-Hat hacker. His hacking days began with an old Commodore VIC-20 and eventually a Sinclair QL, both of which he modified considerably. On the QL in particular, he programmed his own Text Editor and even a Pac-Man clone he dubbed Cool Man. In 1991, he got an Intel 80386 powered PC and began creating Linux, first under its own limited licence but eventually merged it into the GNU Project under the GNU GPL. Torvalds hadn’t originally intended on continued support for his Linux Kernel, but due to the nature of the Open Source project, it grew into one of the most hacker friendly (and secure) operating systems available.
2011 Guardian Analytics – Commercial Banking Fraud (SMB)
Online Bank Fraud Continues To Plague Small Businesses, Study Says
Responses to the February 2011 survey from more than 533 SMBs indicate that money continues to be siphoned unnoticed from business accounts at an alarming rate and SMBs are leaving their institutions at alarming pace because of it. This means financial institutions are facing a lose-lose proposition: losing money and losing customers.
Business banking fraud — particularly in small and midsize companies — is still causing major problems for both the businesses and the banks that serve them, according to a study published today.
The “2011 Business Banking Trust Study,” a follow-up to a similar study conducted last year, was written by Ponemon Institute and sponsored by Guardian Analytics. This year’s numbers suggest that the banking fraud situation has not improved since 2010.
“The industry has not moved the needle in addressing the corporate account takeover and fraud plaguing SMBs and their financial institutions,” the report states. “The data shows that fraud is still pervasive, money is leaving accounts unnoticed at an alarming rate, and businesses will leave their banks because of it.”
Fifty-six percent of businesses experienced fraud in the past 12 months, according to the study. Of those that experienced fraud, 61 percent were victimized more than once. Seventy-five percent of the victims experienced online account takeover and/or online fraud. These figures are nearly the same as last year’s, the researchers say.
In 78 percent of fraud cases, banks failed to catch fraud before funds were transferred out, according to the study. Banks were able to keep money from leaving the bank in 22 percent of the cases and fully recover fraudulently transferred funds for 10 percent of businesses.
Banks were unable to recover funds in 68 percent of cases, leading to losses for both business and banks, Ponemon says. Banks took the losses in 37 percent of cases by reimbursing businesses for unrecovered funds; businesses took losses in 60 percent of cases.
Forty-two percent of respondents in the study said they do not believe the bank would cover any losses if their companies’ assets were stolen and not recovered. Despite this attitude, 70 percent of businesses still think their institution should be ultimately responsible for securing online accounts.
Forty-three percent of businesses said they have moved their banking activities elsewhere after a fraud incident. Ten percent of businesses that have experienced fraud have terminated their banking relationships following fraud attacks. Thirty-three percent said they did not fully terminate their relationship, but moved their primary cash management services to another institution.
2011 Business Banking Trust Study (PDF)
2011 Verizon Data Breach Report
Verizon’s 2011 Data Breach Investigations, a study conducted by the Verizon RISK Team with cooperation from the U.S. Secret Service and the Dutch High Tech Crime Unit.
Verizon’s 2010 Data Breach Report found that the number of data breaches quintupled from 2009, highlighting the shift as cyber-criminals target smaller businesses.
While the number of data breaches soared in 2010, the amount of information lost has dropped dramatically, according to Verizon’s latest data breach survey. The contradiction underscores what some security experts have been saying: attackers are increasingly targeting smaller companies because it’s easier.
Released April 19, the latest “2011 Verizon Data Breach Investigations Report” from Verizon Business counted 760 data breaches in 2010, compared to only 141 data breaches in 2009. Verizon noted a dramatic decline of 97 percent in the number of compromised records in 2010, as compared to 2009.
Among some of the report’s key findings:
- Hacking, at 50 percent, and malware, at 49 percent, are the most prominent types of attack, with many incidents involving weak or stolen credentials and passwords;
- Physical attacks, such as skimming at ATMs, pay-at-the-pump gas terminals and POS systems, for the first time rank among the three most common ways to steal information, comprising 29 percent of all investigated cases;
- Outsiders are responsible for 92 percent of breaches, while the percentage of insider attacks dropped from 49 percent in 2009 to 16 percent in 2010.
Attacks Remain Easy
According to the report, 83 percent of the databases hit in 2010 were targets of opportunity; 92 percent of the attacks were classified as “not highly difficult.”
- 86 percent of the year’s breaches were discovered by third parties;
- 97 percent were avoidable through simple or intermediate controls;
- 89 percent of the corporate or organizational victims were not compliant with the Payment Card Industry Data Security Standard at the time of the hack.
Download the 2011 Data Breach.
Malware being sent in job applications
If you’re in any kind of business there’s a good chance you have to deal with resumes on a daily basis, especially if you’re a manager or Human Resources professional. While you probably delete that Viagra ad and ignore the promise of Nigerian riches, when a resume hits your inbox, you read it.
Spammers know this and have been increasingly presenting Malware as if it were a resume, hoping that the recipient will be so curious about a potential applicant that they open or run something that they shouldn’t. This practice of using rigged document files goes back to the early 2000′s where exploits for Microsoft’s document format existed even before Office 2000.
Let’s not forget when we could encoded Malware into a MIME header or .eml file and make IE/Outlook execute it… without even opening it. 
These waves of Malware use obfuscation and “dropper” payloads to avoid detection. A dropper serves only to pull a payload, and a backdoor down for Botnet control. It rarely is detected as malicious because of its simple nature. The Antivirus products may continuously delete the Malware payloads, but as time passes with the dropper alive and well. The Malware creators are given the opportunity of changing the package and evading detection.
The Internet Crime Complaint Center (IC3) is reporting that businesses have received Bredolab variants in email attachments masquerading as job applications.
“Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online,” IC3 said in a news release.
They also said: “The FBI recommends that potential employers remain vigilant in opening the e-mails of perspective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.”
It’s called “spear phishing” – malicious code sent specifically to someone in a company who would be expecting that type of email (job applications in attachments in this case.)
“Recently, more than $150,000 was stolen from a US business via unauthorized wire
transfer as a result of an e-mail the business received that contained malware. The
malware was embedded in an e-mail response to a job posting the business placed on
an employment website and allowed the attacker to obtain the online banking credentials
of the person who was authorized to conduct financial transactions within the company.
The malicious actor changed the account settings to allow the sending of wire transfers,
one to the Ukraine and two to domestic accounts. The malware was identified as a
Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan,
which is commonly used by cyber criminals to defraud US businesses.”
“Anyone who believes they have been a target this type of attack should immediately
contact their financial institutions and local FBI office, and promptly report it
to the IC3′s website at www.IC3.gov. The IC3′s
complaint database links complaints together to refer them to the appropriate law
enforcement agency for case consideration. The IC3 also uses complaint information
to identify emerging trends and patterns.”
