Bank Fraud attempts to steal $78 Million
06-27-2012, 11:27 AM
#1
Administrator
Thread Starter
Join Date: Oct 2002
Location: ɯooɹpǝq ɹnoʎ
Posts: 13,943
Likes: 0
Received 0 Likes
on
0 Posts
Vehicle: ǝdnoɔ sısǝuǝƃ
Bank Fraud attempts to steal $78 Million
For those who do online banking, I would suggest always closing out of all tabs and internet browsing windows before logging in and banking. One of the things identified in this article was the use of iFrames, which can be made invisible and undetected by sight. Should a popular site such as Facebook or GMail get hacked, simply putting an iFrame in the corner of the page could have it pull data or inputs from another tab or browser anytime it's open without you knowing, and within that iFrame it could be initiating other banking transactions while you're simply viewing your account balances.
For those who know how, I would even venture as far to suggest having a completely separate Virtual Machine used for nothing else other than online banking.
URL: http://arstechnica.com/tech-policy/2...ast-78-million
Article:
Sophisticated bank fraud attempted to steal at least $78 million
Security firm McAfee said server-side attacks made transfers as high as $130,000.
by Megan Geuss - June 26 2012, 7:10pm CDT
McAfee and fellow security firm Guardian Analytics released a report today that detailed a sophisticated type of bank fraud that originated in Italy and spread globally, initiating the transfer of at least $78 million from around 60 financial institutions. Banks in the Netherlands were hit the hardest, with fraudsters attempting to transfer over $44 million worth of funds.
The security firms said the attack was unique because it featured both off-the-shelf and custom malicious code to break into the banks' systems. The firms suggested that the creators of the code knew a lot about internal banking transactions, calling the operation "organized crime."
McAfee and Guardian called their investigation "Operation High Roller" because the fraudsters targeted high-worth individuals and businesses to disguise illegal transfers that were much larger than those in usual bank fraud. Some attempted transfers reached as high as $130,000 (McAfee does not mention whether the transfers were successful or not). As the investigation continued, researchers found the method used by the criminals evolved a little with every incarnation, making it a little more adaptable for each new banking system.
"While at first consistent with other client-based attacks we have seen, this attack showed more automation. Instead of collecting the data and performing the transaction manually on another computer, this attack injected a hidden iFRAME tag and took over the victim’s account—initiating the transaction locally without an attacker’s active participation," the Operation High Roller white paper (PDF) read. In Italy, "the code used by the malware looked for the victim’s highest value account, looked at the balance, and transferred either a fixed percentage (defined on a per campaign basis, such as three percent) or a relatively small, fixed €500 amount [roughly $625] to a prepaid debit card or bank account."
Eventually, the money launderers were able to simulate a two-factor authentication. Where the victim would have to use a SIM card to authenticate a transfer in the system, the thief's system was "able to capture and process the necessary extra information, representing the first known case of fraud being able to bypass this form of two-factor authentication."
Two months later, in the Netherlands attack, the criminals found that they could get around security and monitoring tools by enabling transfers on the server side of the bank accounts. In one instance where servers automating the attacks were found in Brea, California, a criminal was found logging in from Moscow, Russia.
"As this research study goes to press, we are working actively with international law enforcement organizations to shut down these attacks," the two groups stated in their white paper.
For those who know how, I would even venture as far to suggest having a completely separate Virtual Machine used for nothing else other than online banking.
URL: http://arstechnica.com/tech-policy/2...ast-78-million
Article:
Sophisticated bank fraud attempted to steal at least $78 million
Security firm McAfee said server-side attacks made transfers as high as $130,000.
by Megan Geuss - June 26 2012, 7:10pm CDT
McAfee and fellow security firm Guardian Analytics released a report today that detailed a sophisticated type of bank fraud that originated in Italy and spread globally, initiating the transfer of at least $78 million from around 60 financial institutions. Banks in the Netherlands were hit the hardest, with fraudsters attempting to transfer over $44 million worth of funds.
The security firms said the attack was unique because it featured both off-the-shelf and custom malicious code to break into the banks' systems. The firms suggested that the creators of the code knew a lot about internal banking transactions, calling the operation "organized crime."
McAfee and Guardian called their investigation "Operation High Roller" because the fraudsters targeted high-worth individuals and businesses to disguise illegal transfers that were much larger than those in usual bank fraud. Some attempted transfers reached as high as $130,000 (McAfee does not mention whether the transfers were successful or not). As the investigation continued, researchers found the method used by the criminals evolved a little with every incarnation, making it a little more adaptable for each new banking system.
"While at first consistent with other client-based attacks we have seen, this attack showed more automation. Instead of collecting the data and performing the transaction manually on another computer, this attack injected a hidden iFRAME tag and took over the victim’s account—initiating the transaction locally without an attacker’s active participation," the Operation High Roller white paper (PDF) read. In Italy, "the code used by the malware looked for the victim’s highest value account, looked at the balance, and transferred either a fixed percentage (defined on a per campaign basis, such as three percent) or a relatively small, fixed €500 amount [roughly $625] to a prepaid debit card or bank account."
Eventually, the money launderers were able to simulate a two-factor authentication. Where the victim would have to use a SIM card to authenticate a transfer in the system, the thief's system was "able to capture and process the necessary extra information, representing the first known case of fraud being able to bypass this form of two-factor authentication."
Two months later, in the Netherlands attack, the criminals found that they could get around security and monitoring tools by enabling transfers on the server side of the bank accounts. In one instance where servers automating the attacks were found in Brea, California, a criminal was found logging in from Moscow, Russia.
"As this research study goes to press, we are working actively with international law enforcement organizations to shut down these attacks," the two groups stated in their white paper.
