STAKING OUT THE INVISIBLE THIEVES OF THE INTERNET – Sunday June 14 2013

– At first, Shawn Ballesty thought the delay in his rent payment arriving in the landlord’s account was normal. Then the landlord rang again. “Hey mate, your rent wasn’t paid,” Ballesty recalls, knowing he made the online transfer himself.
“So I thought, I’ll send it again, just in case, then sort it out with the bank.”
Once more a payment was made, a receipt issued, but the money didn’t arrive. The Commonwealth Bank traced the transfers and advised both had been hijacked and, invisibly to Ballesty, deposited into a third party’s account with another bank.
A computer at Ballesty’s business, All Mounting and Diecutting Services in Sydney, was infected, the bank explained.
A banking trojan – malicious software – had been installed on it without his knowledge. He was one of thousands of people in Australia and around the world to have their business bank account fleeced by cyber criminals. Such malware is often distributed via infected email or instant message links sent via spam, attachments, pirated software or visits to infected websites.
“It got out of control, they were intercepting it while I was doing stuff [online],” he said.
Along with the rent, other smaller amounts were taken: $18,000 stolen in less than a week.
Australian banks have been quietly dealing with the problem, in particular a trojan called Carperb which has infected some 150,000 PCs.
Once installed it presents a fake transaction page and allows the attacker to view the victim’s browser in real-time.
The malware has been customised for clients of the Commonwealth Bank, ANZ, Westpac, the Bank of Queensland, Bendigo Bank, Adelaide a Bank, Teacher’s Mutual Bank, Defence Bank, Suncorp, Bankwest and NAB, according to Russian security company Group-IB, which is helping the banks.
“Right after the user goes online and wants to make the transfer, they will intercept his session on the browser and spoof the destination of the transfer absolutely silently,” Andrey Komarov, head of international projects, said.
But banks aren’t the only ones fighting. In June, Microsoft and the FBI, aided by authorities in more than 80 countries including Australia, launched a major assault on one of the world’s biggest cyber-crime rings, believed to have stolen more than $US500 million ($550 million) from bank accounts in the last 18 months.
The operation was aimed at a different trojan, Citadel. The Citadel botnet – some 1400 networks of 5 million zombie computers infected with malware – has been used to steal from dozens of financial institutions including American Express, Bank of America, Citigroup, eBay’s PayPal and HSBC, according to Microsoft.
The company alleges Citadel is controlled by a boss known as Aquabox who sells malware kits on the internet underground and takes a cut from the money stolen. The software disables anti-virus programs on infected PCs to stay undetected.
Other banking trojans act in similar ways. After a three-year manhunt, a 24-year-old Nigerian man, Hamza Bendelladj, is facing charges in the United States in connection with selling and supporting SpyEye, which allows hackers to hijack victims’ bank accounts as they logged in from their own computers.
“At the hugest level, most of the internet is operated by responsible organisations but you have a few folks that have bad seeds that are going to a level of sophistication – real criminal enterprises,” says TJ Campana, director of security for Microsoft’s digital crimes unit at its US headquarters near Seattle.
These are tech-savvy groups and individuals committing fraud online, mostly financial fraud.
But there’s a war taking place on the internet. It’s a war between those trying to make it more expensive for criminals to bypass their security, and the criminals trying to stay a step ahead of their suitors.
The war on spam – the mainstay of malware spread, fake drug marketing and other scams – began several years ago.
According to independent security researcher and author Brian Kreb’s’ analysis of spam data from security vendor Symantec, spam volumes have decreased from 6 trillion messages in 2008 to about 1 trillion at the end of 2012.
Three years ago spam accounted for over 90% of global email volume. In January, it dropped to 64.1%, according to Symantec.
Joint operations between law enforcement in several countries, Microsoft, security vendors like Symantec and McAfee, and security researchers have netted major crackdowns on spam senders (Mt Colo ISP was closed in September 2008) and spam botnets (Waledac in January 2010, Rustock and Kelihos in 2011, Bamital in January). Control and command servers for the zombie networks distributing the ZeuS and SpyEye malware were also cut off in March, and arrests relating to cyber financial fraud are taking place more regularly.
Does that mean the good guys are finally winning?
“That’s a tough question,” says Campana.
“Spam still exists but when we talk to the Windows Live team, they have a pretty good service in filtering out spam. They think they’re getting there.”
Campana makes no apologies for Microsoft’s role in cyber-crime fighting.
“Malware is bad for our customers, it causes this very bad experience on our products. We want to make it easier for our customers to protect themselves and harder for the bad guys to make money.
“If you infect one of my computers, you are getting them to send spam, to commit fraud,” he says.
The actions, mostly driven through the company’s legal manoeuvring of civil lawsuits, help it defend its revenue streams on several fronts. By reducing spam and malware spread, it reduces pressure on its Windows Live (previously Hotmail) infrastructure, reduces the likelihood of infection on its customers’ PCs, protects its Windows brand franchise and reduces the drain on its advertising revenue caused by click-fraud also perpetrated by botnets.
Krebs says the takedowns and arrests are positive steps in the fight against cyber crime, but they may not be a deterrent for all.
“It seems clear that only a very tiny fraction of people involved in cyber crime are ever brought to justice for their role in this economy,” Krebs says.
” I spend a great deal of time on a large number of underground forums dedicated to credit card and identity theft and all manner of cyber crimes, and it seems that not only are the numbers of forums that help get people started in this industry increasing, but these forums are now more popular than ever.”
Krebs says most online scammers make little money and rely on user-friendly downloadable tools offered by others members of the underground. He believes there is only a relatively small number of organised cyber-criminal organisations. Campana says there may only be a handful of “families” in Eastern Europe, Brazil and Asia. Many of them are already under active criminal investigation.
“The reality is the folks who are offering turnkey solutions – be they cashout services, malware writers, bot installation kits or exploit kits or spam rentals – really drive the underground economy. And business is booming for these folks,” Krebs says.
Dimitri Alperovich of CrowdStrike, a security consultancy to corporations and governments, says most countries want to collaborate to identify and prosecute cyber criminals, but, like crime, cyber crime will always be with us.
“It’s certainly becoming harder for criminals to get away with it, as prosecution is starting to catch up and and arresting these crooks more often, but others continue to join their ranks all over the world,” he says.
“I think spam is one area where the volumes have dropped down precipitously. Of course, low-volume phishing attacks and web-based scams have taken their place so it’s hard to call it a complete victory.”
While it is hard to say who is winning, Phil Kernick, security expert with CQR, says society is not losing.
“Criminals are making more money than ever made, but so is society – the internet is tremendously useful,” Kernick says.
Corey Nachreiner, director of security strategy Watchguard Technologies, says everyone needs to understand how cyber criminals operate in order to protect themselves.
“Some are specifically targeting very small victims because they stay under the radar. I don’t think home consumers should go crazy with it, but they need to realise they need to be careful with visiting a website that can infect their computer.”
The bank eventually returned Ballesty’s money, but not before his business accounts were frozen, without him being able to process wages and other payments for a week.
A security adviser from the bank even went around with a list of security measures the business must adopt, including staff cyber awareness training, and a warning that it won’t refund moneys lost to the same scam again.
Ballesty says he and his staff are a lot more cautious with their online activities now, even when using the computers on a break or outside work hours – Lia Timson

Advertisements

About Jumpin' Jack Cash

Crimewave2014@gmail.com
This entry was posted in Cyber Crime and tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s