Comments on: Buried Warning Signs http://krebsonsecurity.com/2010/01/buried-warning-signs-2/ In-depth security news and investigation Wed, 23 May 2012 01:40:28 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Cyber Crooks Leave Traditional Bank Robbers in the Dust — Krebs on Security http://krebsonsecurity.com/2010/01/buried-warning-signs-2/comment-page-1/#comment-3436 Cyber Crooks Leave Traditional Bank Robbers in the Dust — Krebs on Security Tue, 09 Mar 2010 06:44:56 +0000 http://www.krebsonsecurity.com/?p=206#comment-3436 [...] was a story about how much time and effort I put into trying to get the government to acknowledge how much cyber crooks were stealing from small to mid-sized businesses last year in these online banking attacks. Given this latest disclosure, it’s not hard to see [...] [...] was a story about how much time and effort I put into trying to get the government to acknowledge how much cyber crooks were stealing from small to mid-sized businesses last year in these online banking attacks. Given this latest disclosure, it’s not hard to see [...]

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: China, Google and Web Security - The HP Security Laboratory Blog - http://krebsonsecurity.com/2010/01/buried-warning-signs-2/comment-page-1/#comment-433 China, Google and Web Security - The HP Security Laboratory Blog - Fri, 15 Jan 2010 22:29:51 +0000 http://www.krebsonsecurity.com/?p=206#comment-433 [...] bloc are directed at massive monetary gain - probably in the area of tens of millions of dollars [5]. China appears hell bent on stealing state secrets and intellectual property from both governments [...] [...] bloc are directed at massive monetary gain – probably in the area of tens of millions of dollars [5]. China appears hell bent on stealing state secrets and intellectual property from both governments [...]

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: M Henri Day http://krebsonsecurity.com/2010/01/buried-warning-signs-2/comment-page-1/#comment-339 M Henri Day Wed, 13 Jan 2010 15:21:08 +0000 http://www.krebsonsecurity.com/?p=206#comment-339 Brian, I hope that your new situation will permit you to be more outspoken than you were able to be when writing for the Washington Post, but at the same time that your articles will continue to be characterised by the careful research they have been known for in the past.... Henri Brian, I hope that your new situation will permit you to be more outspoken than you were able to be when writing for the Washington Post, but at the same time that your articles will continue to be characterised by the careful research they have been known for in the past….

Henri

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: BrianKrebs http://krebsonsecurity.com/2010/01/buried-warning-signs-2/comment-page-1/#comment-148 BrianKrebs Wed, 06 Jan 2010 16:02:13 +0000 http://www.krebsonsecurity.com/?p=206#comment-148 Also, as some of you have already figured out, the comments on this blog are threaded, so feel free to reply to someone else's comment instead of simply plopping a comment into the "submit comment" box at the bottom of the page. Also, as some of you have already figured out, the comments on this blog are threaded, so feel free to reply to someone else’s comment instead of simply plopping a comment into the “submit comment” box at the bottom of the page.

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: BrianKrebs http://krebsonsecurity.com/2010/01/buried-warning-signs-2/comment-page-1/#comment-147 BrianKrebs Wed, 06 Jan 2010 16:00:55 +0000 http://www.krebsonsecurity.com/?p=206#comment-147 Great to see such a great discussion building on this topcic. I pasted this -- sent from a reader via e-mail -- in the comments section for another blog post on this site, but thought it probably also belongs here. — I have read your column for many years and have always found you to be factual and on the cutting edge of cyber crime trends. I worked for an online financial services company for more than a decade. I was in their corporate security investigations group. I was the senior manager of investigations from late 2005 until I left and worked directly with law enforcement on the types of cases you have written about so well. My group investigated all fraud activity perpetrated against it and I can tell you we dealt with the Russian or as we told everyone “Eastern European” groups since 2003. They started small by opening accounts with stolen identities and funding via ACH and experimented with stock pump and dump as early as December 2003. Our firm lost less then a million dollars in 2004 to ACH, wire fraud and pump and dump and a couple of million in 2005, but we fully reimbursed customers because of what it could do to our business if it became public. We had compromised customers sign a general release/non-disclosure form to protect our reputation. We also had these customers send us their hard drives or we performed remote diagnostics and as a result were highly familiar with the viruses and how credentials were being stolen. We referred all of these cases to law enforcement and I worked directly with different FBI and Secret Service agents on many of these cases. We also participated in Secret Service Electronic Crime Task force groups around the country during this time frame of 04/05. 2006 changed the course of history, as my firm lost more money between July and September then we had between 2001-June 2006, when we lost over $10 million. It was a result of pump and dump, as well as wire and ACH fraud. Of course this impacted everyone in the online brokerage business, but we were on the bleeding edge. As you well know, RBN and others learn quickly and they used all of the knowledge and skills they had accumulated over the past several years and they came at us hard and fast. We had founded a working group with NCFTA in Pittsburgh and had quarterly meetings to share all of this information and we also began sharing information directly via email within our working group real time to help combat this activity. It helped to slow it down, but we were never able to stop it. The “bad guys” continue to evolve and your articles have well documented how this evolution is continuing. They still hit individual accounts at banks and brokerages, but the bigger targets are now small business and local governments. Keep up the good work and hopefully you can bring more attention to this growing problem. Great to see such a great discussion building on this topcic. I pasted this — sent from a reader via e-mail — in the comments section for another blog post on this site, but thought it probably also belongs here.

I have read your column for many years and have always found you to be factual and on the cutting edge of cyber crime trends. I worked for an online financial services company for more than a decade. I was in their corporate security investigations group. I was the senior manager of investigations from late 2005 until I left and worked directly with law enforcement on the types of cases you have written about so well.

My group investigated all fraud activity perpetrated against it and I can tell you we dealt with the Russian or as we told everyone “Eastern European” groups since 2003. They started small by opening accounts with stolen identities and funding via ACH and experimented with stock pump and dump as early as December 2003. Our firm lost less then a million dollars in 2004 to ACH, wire fraud and pump and dump and a couple of million in 2005, but we fully reimbursed customers because of what it could do to our business if it became public. We had compromised customers sign a general release/non-disclosure form to protect our reputation. We also had these customers send us their hard drives or we performed remote diagnostics and as a result were highly familiar with the viruses and how credentials were being stolen. We referred all of these cases to law enforcement and I worked directly with different FBI and Secret Service agents on many of these cases. We also participated in Secret Service Electronic Crime Task force groups around the country during this time frame of 04/05.

2006 changed the course of history, as my firm lost more money between July and September then we had between 2001-June 2006, when we lost over $10 million. It was a result of pump and dump, as well as wire and ACH fraud. Of course this impacted everyone in the online brokerage business, but we were on the bleeding edge. As you well know, RBN and others learn quickly and they used all of the knowledge and skills they had accumulated over the past several years and they came at us hard and fast. We had founded a working group with NCFTA in Pittsburgh and had quarterly meetings to share all of this information and we also began sharing information directly via email within our working group real time to help combat this activity. It helped to slow it down, but we were never able to stop it.

The “bad guys” continue to evolve and your articles have well documented how this evolution is continuing. They still hit individual accounts at banks and brokerages, but the bigger targets are now small business and local governments.

Keep up the good work and hopefully you can bring more attention to this growing problem.

Like or Dislike: Thumb up 3 Thumb down 0
]]> By: infosec_pro http://krebsonsecurity.com/2010/01/buried-warning-signs-2/comment-page-1/#comment-146 infosec_pro Wed, 06 Jan 2010 15:31:00 +0000 http://www.krebsonsecurity.com/?p=206#comment-146 @AlphaCentauri - having worked for a big bank I must disagree. Customers are a big part of the problem but not the biggest, the biggest is that banks pander to them in the interest of profits. Customers want convenience and security, banks sacrifice security for convenience. Customers only circumvent safety features when those features are ill designed and onerous. It is possible to provide both convenience and security, but it comes at a cost and with a lot of effort, and banks will not invest either of those. It's easier to blame the customers and pass the costs along to them whenever possible. @AlphaCentauri – having worked for a big bank I must disagree. Customers are a big part of the problem but not the biggest, the biggest is that banks pander to them in the interest of profits. Customers want convenience and security, banks sacrifice security for convenience. Customers only circumvent safety features when those features are ill designed and onerous. It is possible to provide both convenience and security, but it comes at a cost and with a lot of effort, and banks will not invest either of those. It’s easier to blame the customers and pass the costs along to them whenever possible.

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: infosec_pro http://krebsonsecurity.com/2010/01/buried-warning-signs-2/comment-page-1/#comment-145 infosec_pro Wed, 06 Jan 2010 15:26:18 +0000 http://www.krebsonsecurity.com/?p=206#comment-145 @mccxxiii - I worked for a bank that was then in the top fifty and is now one of the top twenty or so (couple of mergers) - I doubt there is much difference between the big guys and the major regionals, even the big players outsource much of the processing to specialist service providers. They are all probably more secure than you are, which is not saying a great deal with the spate of Adobe zero-days and the state of the art in drive-by exploits and such. Personally, I access my accounts online only from my work desktop in a highly secured (.gov) network for which I am responsible for security - I don't think it's safe from attackers, just that the attackers are after bigger things than my penny ante bankroll, and also that attacks will be detected and mitigated very quickly so my exposure will be limited - and I would not access financial accounts from a home PC or any less secure environment. @mccxxiii – I worked for a bank that was then in the top fifty and is now one of the top twenty or so (couple of mergers) – I doubt there is much difference between the big guys and the major regionals, even the big players outsource much of the processing to specialist service providers. They are all probably more secure than you are, which is not saying a great deal with the spate of Adobe zero-days and the state of the art in drive-by exploits and such. Personally, I access my accounts online only from my work desktop in a highly secured (.gov) network for which I am responsible for security – I don’t think it’s safe from attackers, just that the attackers are after bigger things than my penny ante bankroll, and also that attacks will be detected and mitigated very quickly so my exposure will be limited – and I would not access financial accounts from a home PC or any less secure environment.

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: Lynda http://krebsonsecurity.com/2010/01/buried-warning-signs-2/comment-page-1/#comment-141 Lynda Wed, 06 Jan 2010 05:44:19 +0000 http://www.krebsonsecurity.com/?p=206#comment-141 I just did a quick bit of googling, and came up with a yahoo rendition of the WSJ article. There are several others, quoting the WSJ, along with a denial of the incident by Citi. Also worth noting is a 60 Minutes report, available on the web - episode 11/08/09. While it mostly focuses on vulnerabilities to our infrastructure there is an interview with the FBI re some attacks against banking. Ironically, the episode begins with a Viagra add. (Imagine me, rolling my eyes.) I just did a quick bit of googling, and came up with a yahoo rendition of the WSJ article. There are several others, quoting the WSJ, along with a denial of the incident by Citi.

Also worth noting is a 60 Minutes report, available on the web – episode 11/08/09. While it mostly focuses on vulnerabilities to our infrastructure there is an interview with the FBI re some attacks against banking.

Ironically, the episode begins with a Viagra add. (Imagine me, rolling my eyes.)

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: bruce http://krebsonsecurity.com/2010/01/buried-warning-signs-2/comment-page-1/#comment-139 bruce Wed, 06 Jan 2010 05:35:24 +0000 http://www.krebsonsecurity.com/?p=206#comment-139 This 'enhanced' message number occurs quite frequently, as I see it all the time. Thanks Brian for explaining how it can occur. This ‘enhanced’ message number occurs quite frequently, as I see it all the time.

Thanks Brian for explaining how it can occur.

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: Rick http://krebsonsecurity.com/2010/01/buried-warning-signs-2/comment-page-1/#comment-136 Rick Wed, 06 Jan 2010 02:55:24 +0000 http://www.krebsonsecurity.com/?p=206#comment-136 'banks are deathly afraid of anything that would cause businesses and/or consumers to lose confidence in online banking' LOL Sorry but what confidence is there to lose? That's funny. 'The banks realize such huge savings from having people bank online that they just can’t afford to go back' So they swallow the losses as always. We know this to be true. You can hack a bank and they'll rarely mention it. A lot of companies work this way with fraud what I can tell - and they're also afraid other wannabe hackers will understand how easy it is to take money from them. So they just swallow the losses. What a weird world. 'Between June and December 2009, I wrote more than two dozen articles for The Washington Post about this type of fraud' Yes we know. They were great articles. 'Nearly all lost tens of thousands of dollars, all because of a single virus infection.' What a surprise. ;) 'Unfortunately, most continue to disavow any responsibility for the losses.' Ditto. ;) 'I will continue to write about this type of crime in 2010, and to dig deeper into the security weaknesses that allow this form of cyber crime to flourish.' Yes please do. Bob McMillan's already been over and praised this site. I think it's very important as the Internet continues to mature. I really like this site! I agree with JR. 'All I can say is keep at it. There aren’t any others that I know of that are working on this type of story.' ‘banks are deathly afraid of anything that would cause businesses and/or consumers to lose confidence in online banking’

LOL Sorry but what confidence is there to lose? That’s funny.

‘The banks realize such huge savings from having people bank online that they just can’t afford to go back’

So they swallow the losses as always. We know this to be true. You can hack a bank and they’ll rarely mention it. A lot of companies work this way with fraud what I can tell – and they’re also afraid other wannabe hackers will understand how easy it is to take money from them. So they just swallow the losses.

What a weird world.

‘Between June and December 2009, I wrote more than two dozen articles for The Washington Post about this type of fraud’

Yes we know. They were great articles.

‘Nearly all lost tens of thousands of dollars, all because of a single virus infection.’

What a surprise. ;)

‘Unfortunately, most continue to disavow any responsibility for the losses.’

Ditto. ;)

‘I will continue to write about this type of crime in 2010, and to dig deeper into the security weaknesses that allow this form of cyber crime to flourish.’

Yes please do. Bob McMillan’s already been over and praised this site. I think it’s very important as the Internet continues to mature. I really like this site!

I agree with JR.

‘All I can say is keep at it. There aren’t any others that I know of that are working on this type of story.’

Like or Dislike: Thumb up 0 Thumb down 0
]]>