Posts Tagged: live cd


22
Jun 15

“Free” Proxies Aren’t Necessarily Free

Netflix, Hulu and a host of other content streaming services block non-U.S. users from viewing their content. As a result, many people residing in or traveling outside of the United States seek to circumvent such restrictions by using services that advertise “free” and “open” Web proxies capable of routing browser traffic through U.S.-based computers and networks. Perhaps unsurprisingly, new research suggests that most of these “free” offerings are anything but, and actively seek to weaken browser security and privacy.

proxyThe data comes from Austrian researcher and teacher Christian Haschek, who published a simple script to check 443 open Web proxies (no, that number was not accidental). His script tries to see if a given proxy allows encrypted browser traffic (https://), and whether the proxy tries to modify site content or inject any content into the user’s browser session, such as ads or malicious scripts.

Haschek found that 79 percent of the proxies he tested forced users to load pages in unencrypted (http://) mode, meaning the owners of those proxies could see all of the traffic in plain text.

“It could be because they want you to use http so they can analyze your traffic and steal your logins,” Haschek said. “If I’m a good guy setting up a server so that people can use it to be secure and anonymous, I’m going to allow people to use https. But what is my motive if I tell users http only?”

Haschek’s research also revealed that slightly more than 16 percent of the proxy servers were actively modifying static HTML pages to inject ads.

Virtual private networks (VPNs) allow users to tunnel their encrypted traffic to different countries, but increasingly online content providers are blocking popular VPN services as well. Tor offers users the ability to encrypt and tunnel traffic for free, but in my experience the service isn’t reliably fast enough to stream video. Continue reading →


16
Jul 14

Wireless Live CD Alternative: ZeusGard

I’ve long recommended that small business owners and others concerned about malware-driven bank account takeovers consider adopting a “Live CD” solution, which is a free and relatively easy way of temporarily converting your Windows PC into a Linux operating system. The trouble with many of these Live CD solutions is that they require a CD player (something many laptops no longer have) — but more importantly – they don’t play well with wireless access. Today’s post looks at an alternative that addresses both of these issues.

Zeusgard, with wireless adapter, on a Macbook Air.

Zeusgard, with wireless adapter, on a Macbook Air.

As I noted in my 2012 column, “Banking on a Live CD,” the beauty of the “Live CD” approach is that it allows you to safely bank online from any machine — even from a system that is already riddled with malware. That’s because it lets you boot your existing PC into an entirely different (read: non-Windows) operating system. [Not sure why you should consider banking online from a non-Windows PC? Check out this series].

The device I’ll be looking at today is not free, nor is the the tiny dongle that enables its ability to be used on a wireless network. Nor is it an actual CD or anything more than a stripped-down Web browser. But it is one of the safest, most easy-to-use solutions I’ve seen yet.

The device, called ZeusGard, is a small, silver USB flash drive that boots into a usable browser within about 30 seconds after starting the machine. The non-writeable drive boots directly into the browser (on top of Debian Linux), and if your system is hard-wired to your router with an Ethernet connection, you should be good to go.

Nearly all Live CD solution have one glaring weakness: They typically are not usable over a wireless connection. The Live CD solution I most frequently recommend — which is based on a version of Puppy Linux — technically can work with wireless networks, but I found that setting it up is not at all intuitive, especially for people who’ve never used anything but Windows before.

zgbox My review copy of ZeusGard came with a tiny USB wireless Wi-Fi adapter, which makes jumping on a wireless network a complete breeze. When you boot up with both ZeusGard and the adapter plugged in, ZeusGard automatically searches for available wireless networks, and asks you to choose yours from a list of those in range.

Assuming access to your wireless network is secured with WPA/WPA2  (hopefully not the weaker WEP) , click the “properties” box next to your network, and enter your network’s encryption key (if you need to see the key in plain text while you’re typing, tick the box next to “key”). Hit “OK” and then the “Connect” button. Once you’re connected, click the down arrow at the top of the dialog box and select “Exit to Browser Session.” Continue reading →


11
Mar 14

Adobe, Microsoft Push Security Updates

Adobe and Microsoft today each released software updates to fix serious security flaws in their products. Adobe pushed an update that plugs a pair of holes in its Flash Player software. Microsoft issued five updates, including one that addresses a zero-day vulnerability in Internet Explorer that attackers have been exploiting of late.

crackedwinMicrosoft’s five bulletins address 23 distinct security weaknesses in Microsoft Windows, Internet Explorer and Silverlight. The Internet Explorer patch is rated critical for virtually all supported versions of IE, and plugs at least 18 security holes, including a severe weakness in IE 9 and 10 that is already being exploited in targeted attacks.

Microsoft notes that the exploits targeting the IE bug seen so far appear to perform a check for the presence of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET); according to Microsoft, the exploits fail to proceed if EMET is detected. I’ve recommended EMET on several occasions, and would encourage any Windows users who haven’t yet deployed this tool to spend a few minutes reading this post and consider taking advantage of it to further harden their systems. The latest version — 4.1 — is available at this link and requires Microsoft’s .NET Framework 4 platform. For those of you who don’t mind beta-testing software, Microsoft has released a preview version of the next generation of EMET — EMET 5.0 Technical Preview.

This month’s updates include a fix for another dangerous bug — deep within the operating system on just about every major version of Windows  — that also was publicly disclosed prior to today’s patches. Microsoft’s Technet Blog has more details on these and other bulletins released today.

Continue reading →


8
Jan 14

Firm Bankrupted by Cyberheist Sues Bank

A California escrow firm that was forced out of business last year after a $1.5 million cyberheist is now suing its former bank to recoup the lost funds.

casholeA state-appointed receiver for the now defunct Huntington Beach, Calif. based Efficient Services Escrow has filed suit against First Foundation Bank, alleging that the bank’s security procedures were not up to snuff, and that it failed to act in good faith when it processed three fraudulent international wire transfers totaling $1,558,439 between December 2012 and February 2013.

The lawsuit, filed in the Superior Court  for Orange County, is the latest in a series of legal battles over whether banks can and should be held more accountable for losses stemming from account takeovers. In the United States, consumers have little to no liability if a computer infection from a banking Trojan leads to the emptying of their bank accounts — provided that victims alert their bank in a timely manner. Businesses of all sizes, however, enjoy no such protection, with many small business owners shockingly unaware of the risks of banking online.

As I wrote in an August 2013 story, the heist began in December 2012 with a $432,215 fraudulent wire sent from the accounts of Huntington Beach, Calif. based Efficient Services Escrow Group to a bank in Moscow. In January, the attackers struck again, sending two more fraudulent wires totaling $1.1 million to accounts in the Heilongjiang Province of China, a northern region in China on the border with Russia.

This same province was the subject of a 2011 FBI alert on cyberheist activity. The FBI warned that cyber thieves had in the previous year alone stolen approximately $20 million from small to mid-sized businesses through fraudulent wire transfers sent to Chinese economic and trade companies.

Efficient Services and its bank were able to recover the wire to Russia, but the two wires to China totaling $1.1 million were long gone. Under California law, escrow and title companies are required to immediately report any lost funds. When Efficient reported the incident to state regulators, the California Department of Corporations gave the firm three days to come up with money to replace the stolen funds.

Three days later, with Efficient no closer to recovering the funds, the state stepped in and shut the company down. As a result, Efficient was forced to lay off its entire staff of nine employees.

On Dec. 6, the lawyer appointed to be Efficient’s receiver sued First Foundation in a bid to recover the outstanding $1.1 million on behalf of the firm’s former customers. The suit alleges that the bank’s security procedures were not “commercially reasonable,” and that the bank failed to act in “good faith” when it processed international wire transfers on behalf of the escrow firm.

Like most U.S. states, California has adopted the Uniform Commercial Code (UCC), which holds that a payment order received by the [bank] is “effective as the order of the customer, whether or not authorized, if the security procedure is a commercially reasonable method of providing security against unauthorized payment orders, and the bank proves that it accepted the payment order in good faith and in compliance with the security procedure and any written agreement or instruction of the customer restricting acceptance of payment orders issued in the name of the customer.”

As evidenced by the dozens of stories in my series, Target: Small Businesses, companies do not enjoy the same protections as consumers when banking online. If a banking Trojan infection results in cyber thieves emptying the bank accounts of a small business, that organization is essentially at the mercy of their financial institution, which very often in these situations disavows any responsibility for the breach, and may in fact stonewall the victim company as a result. That can leave victim organizations in a quandary: They can swallow their pride and chalk it up to a learning experience, or opt to sue the bank to recover their losses. Of course, suing your bank can be cost-prohibitive unless the loss is significantly larger than the amount the victim might expect to spend hiring lawyers to pursue the case on the often long road to settlement or trial.

The plaintiffs in this case allege that part of the reason the bank’s security procedures were not commercially reasonable was that one component of the bank’s core security protection — the requirement that customers enter a code generated by a customer-supplied security token that changes every 32 seconds — had failed in the days leading up to the fraudulent transfers. I would argue that security tokens are a mere security speed bump whose effectiveness is easily bypassed by today’s cyber thieves. But in any case, this lawsuit claims that rather than address that failure, the bank simply chose to disable this feature for Efficient Services.

First Foundation did not return calls seeking comment. But the bank did produce an incident report that is now public record, thanks to this lawsuit (see the “Exhibit J” section of this PDF case document). The document states that the company had previously performed international wire transfers, and so it saw nothing unusual about half-million-dollar transfers to China. According to the plaintiffs, however, Efficient escrow had merely inquired about the possibility of international wires, yet had not actually performed wire transfers outside of the United States previously.

Continue reading →


18
Sep 13

Crooks Hijack Retirement Funds Via SSA Portal

If you receive direct deposits from the Social Security Administration but haven’t yet registered at the agency’s new online account management portal, now would be a good time take care of that: The SSA and financial institutions say they are tracking a rise in cases wherein identity thieves register an account at the SSA’s portal using a retiree’s personal information and have that retiree’s benefits diverted to prepaid debit cards that the crooks control.

The SSA's "my Social Security" portal.

The SSA’s “my Social Security” portal.

Traditional SSA fraud involves identity thieves tricking the beneficiary’s bank into diverting the payments to another account, either through Social Security’s 800 number or through a financial institution, or through Treasury’s Direct Express program. The newer version of this fraud involves the abuse of the SSA’s my Social Security Web portal, which opened last year and allows individuals to create online accounts with the SSA to check their earnings and otherwise interact with the agency relative to their accounts.

Jonathan Lasher, assistant inspector general for external relations at the SSA’s Office of Inspector General, said that for several years the agency was receiving about 50 such allegations a day, though those numbers have begun to decline. But thieves didn’t go away: They just changed tactics. The trouble really began earlier this year, when the Treasury started requiring that almost all beneficiaries receive payments through direct deposit (though the SSA says paper checks are still available to some beneficiaries under limited circumstances).

At the same time, the SSA added the ability to change direct deposit information via their my Social Security Web portal. Shortly thereafter, the agency began receiving complaints that identity thieves were using the portal to hijack the benefits of individuals who had not yet created an account at the site. According to Lasher, as of August 23, 2013, the SSA has received 18,417 allegations of possibly fraudulent mySocialSecurity account activity. Lasher said while some of the complaints are the result of unsuccessful attempts to open an account fraudulently, some are indeed fraud.

“Social Security has already improved security over this online feature, and we continue to work with them to make additional improvements, while also investigating allegations we receive,” Lasher said. “While it’s an issue we’re taking very seriously, it’s important to keep in mind that about 62 million people receive some type of payment from SSA every month, so the likelihood of becoming a victim is very small, particularly if you’re careful about protecting your personal information.”

Because it’s possible to create just one my Social Security account per Social Security number, registering an account on the portal is one basic way that consumers can avoid becoming victims of this scam. Lasher said in the SSA’s systems, every record is tied to the SSN rather than a person’s name, since there are so many duplicate names.

“Of course, the one way to ensure that no one opens an account in your name is to open one yourself,” Lasher said. “Given the nature of other articles on your site, I think it’s important that I point out that there is no suggestion that SSA’s systems have been compromised; this is an identity theft scheme aimed at redirecting existing benefits, often to prepaid debit cards.”

Continue reading →


26
Mar 13

Missouri Court Rules Against $440,000 Cyberheist Victim

A Missouri court last week handed a legal defeat to a local escrow firm that sued its financial institution to recover $440,000 stolen in a 2009 cyberheist. The court ruled that the company assumed greater responsibility for the incident because it declined to use a basic security precaution recommended by the bank: requiring two employees to sign off on all transfers.

courthouseSpringfield, Mo. based Choice Escrow and Land Title LLC sued Tupelo, Miss. based BancorpSouth Inc., after hackers who had stolen the firm’s online banking ID and password used the information to make a single unauthorized wire transfer of $440,000 to a corporate bank account in Cyprus.

Choice Escrow alleged that BancorpSouth’s security procedures were not commercially reasonable. Choice pointed out that the bank’s most secure option for Internet-based authentication relied principally on so-called “dual controls,” or requiring business customers to have one user ID and password to approve a wire transfer and another user ID and password to release the same wire transfer.

Choice Escrow’s lawyers argued that because BancorpSouth allowed wire or funds transfers using two options which were both password-based, its commercial online banking security procedures fell short of 2005 guidance from the Federal Financial Institutions Examination Council (FFIEC), which warned that single-factor authentication as the only control mechanism is inadequate for high-risk transactions involving the movement of funds to other parties.

But in a decision handed down on March 18, 2013, a judge with the U.S. District Court for the Western District of Missouri focused on the fact that Choice Escrow was offered and explicitly declined in writing the use of dual controls, thereby allowing the thieves to move money directly out their account using nothing more than a stolen username and password.  The court noted that Choice also declined to set a limit on the amount or number of wire transfers allowed each day (another precaution urged by the bank), and that the transfer amount initiated by the thieves was not unusual for Choice, a company that routinely moved large sums of money.

Continue reading →


28
Jan 13

Big Bank Mules Target Small Bank Businesses

A $170,000 cyberheist last month against an Illinois nursing home provider starkly illustrates how large financial institutions are being leveraged to target security weaknesses at small to regional banks and credit unions.

I have written about more than 80 organizations that were victims of cyberheists, and a few recurring themes have emerged from nearly all of these breaches. First, a majority of the victim organizations banked at smaller institutions. Second, virtually all of the money mules — willing or unwitting individuals recruited to help launder the stolen funds — used accounts at the top five largest U.S. banks.

The attack on Niles Nursing Inc. provides a textbook example. On Monday, Dec. 17, 2012, computer crooks logged into the company’s online banking accounts using the controller’s credentials and tunneling their connection through his hacked PC. At the beginning of the heist, the miscreants added 11 money mules to Niles’ payroll, sending them automated clearing house (ACH) payments totaling more than $58,000, asking each mule to withdraw their transfers in cash and wire the money to individuals in Ukraine and Russia.

nilesmulespartNiles’ financial institution — Ft. Lauderdale, Fla. based Optimum Bank — evidently saw nothing suspicious about 11 new employees scattered across five states being added to its customer’s payroll overnight. From the bank’s perspective, the user submitting the payroll batch logged in to the account with the proper credentials and with the same PC that was typically used to administer the account. The thieves would put through another two fraudulent payment batches over next two days (the bank blocked the last batch on the 19th).

In total, the attackers appear to have recruited at least two dozen money mules to help haul the stolen loot. All but two of the mules used or opened accounts at four out of five of the nation’s top U.S. banks, including Bank of America, Chase, Citibank, and Wells Fargo. No doubt these institutions together account for a huge percentage of the retail banking accounts in America today, but interviews with mules recruited by this crime gang indicate that they were instructed to open accounts at these institutions if they did not already have them.

ANALYSIS

I’ve spoken at numerous financial industry conferences over the past three years to talk about these cyberheists, and one question I am almost always asked is, “Is it safer for businesses to bank at larger institutions?” This is a tricky question to answer because banking online remains a legally and financially risky affair for any business, regardless of which bank it uses. Businesses do not enjoy the same fraud protections as consumers; if a Trojan lets the bad guys siphon an organization’s online accounts, that victim organization is legally responsible for the loss. The financial institution may decide to reimburse the victim for some or all of the costs of the fraud, but that is entirely up to the bank.

What’s more, it is likely that fewer cyberheists involving customers of Top 5 banks ever see the light of day, principally because the larger banks are in a better financial position to assume responsibility for some or all of the loss (provided, of course, that the victim in return agrees not to sue the bank or disclose the breach publicly).

I prefer to answer the question as if I were a modern cyberthief in charge of selecting targets. The organized crooks behind these attacks blast out tens of millions of booby-trapped emails daily, and undoubtedly have thousands of stolen online banking credentials to use at any one time. There are more than 7,000 financial institutions in the United States…should I choose a target at one of the top 10 banks? These institutions hold a majority of the financial industry’s assets, and they’re accustomed to moving huge sums of money around each day.

On the other hand, their potential for fraud is almost certainly orders of magnitude greater than at smaller institutions. That would suggest that it may be easier for these larger institutions to justify antifraud expenditures. That incentive to enact antifraud protections is even greater because these institutions have huge numbers of retail customers, a channel in which they legally eat the loss from unauthorized account activity.

Continue reading →


6
Nov 12

Cyberheists ‘A Helluva Wake-up Call’ to Small Biz

The $180,000 robbery took the building security and maintenance system installer Primary Systems Inc. by complete surprise. More than two-dozen people helped to steal funds from the company’s coffers in an overnight heist in May 2012, but none of the perpetrators were ever caught on video. Rather, a single virus-laden email that an employee clicked on let the attackers open a digital backdoor, exposing security weaknesses that unfortunately persist between many banks and their corporate customers.

The St. Louis, Missouri-based firm first learned that things weren’t quite right on Wednesday, May 30, 2012, when the company’s payroll manager logged into her account at the local bank and discovered that an oversized payroll batch for approximately $180,000 had been sent through late Tuesday evening.

The money had been pushed out of Primary Systems’ bank accounts in amounts between $5,000 and $9,000 to 26 individuals throughout the United States who had no prior interaction with the firm, and who had been added to the firm’s payroll that very same day. The 26 were “money mules,” willing or unwitting participants who are hired through work-at-home job schemes to help cyber thieves move money abroad. Most of the mules hired in this attack were instructed to send the company’s funds to recipients in Ukraine.

“The payroll manager contacted me at 8:00 a.m. that day to ask if I’d authorized the payroll batch, and I said no, it must have been a bank error,” said Jim Faber, Primary Systems’ chief financial officer. “I called the bank and said they said no, they did not make an error. That was a helluva wake-up call.”

The company’s financial institution, St. Louis-based Enterprise Bank & Trust, declined to comment. But of course, mistakes were made all around. Primary Systems’ employees failed to be wary of virus-laden email attachments, and relied too heavily on its firewalls and antivirus software to block attacks. The bank failed to bat an eyelash before processing a $180,000 transfer marked as “payroll” on a Tuesday, even though the company has always processed its payroll batch on Friday mornings. It also failed to flag as strange the overnight addition to Primary’s payroll of 26 new employees located in nearly as many states, even though almost all of the victim firm’s legitimate employees are based in Missouri.

The only parties to this crime who didn’t make missteps were the thieves. According to Faber, investigators believe the crooks cased the joint virtually before launching the heist, which came in just below the $200,000 threshold that would have prompted the bank to obtain verbal permission from Primary Systems for the transfer.

“If it was over $200k, [the bank] wouldn’t have allowed the transfer to happen without confirming it with us,” Faber said. “But this just flew right under that kickout. Our payroll is a lot less than that. This was six times our normal payroll and was in mid-week.”

Continue reading →


8
Oct 12

‘Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks

Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSA’s advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. I’m weighing in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about why online attacks are becoming bolder and more brash toward Western targets.

RSA wasn’t specific about where it got its intelligence, but the report’s finding appear tied to a series of communications posted to exclusive Underweb forums by a Russian hacker who uses the nickname “vorVzakone,” which translates to “thief in law.” This is an expression in Russia and Eastern Europe that refers to an entire subculture of elite criminal gangs that operate beyond the reach of traditional law enforcement. The term is sometimes also used to refer to a single criminal kingpin.

A screen shot posted by vorVzakone, showing his Project Blitzkrieg malware server listing the number of online victims by bank.

In early September, vorVzakone posted a lengthy message announcing the beginning stages of a campaign he dubbed “Project Blitzkrieg.” This was envisioned as a collaborative effort designed to exploit the U.S. banking industry’s lack of anti-fraud mechanisms relative to European financial institutions, which generally require two-factor authentication for all wire transfers.

The campaign, purportedly to be rolled out between now and the Spring of 2013, proposes organizing hacker cells throughout the cybercriminal community to collaborate in exploiting these authentication weaknesses before U.S. banks erect more stringent controls. “The goal – together, en-masse and simultaneously process large amount of the given material before anti-fraud measures are increased,” vorVzakon wrote. A professionally translated version of his entire post is available here.

RSA said the project is being powered by a version of the Gozi Trojan called “Gozi Prinimalka.” The company believes this Trojan is part of family of malware used by a tight-knit crime gang that has stolen at least $5 million from banks already. From its analysis:

“In a boot camp-style process, accomplice botmasters will be individually selected and trained, thereby becoming entitled to a percentage of the funds they will siphon from victims’ accounts into mule accounts controlled by the gang. To make sure everyone is working hard, each botmaster will select their own ‘investor,’ who will put down the money required to purchase equipment for the operation (servers, laptops) with the incentive of sharing in the illicit profits. The gang and a long list of other accomplices will also reap their share of the spoils, including the money-mule herder and malware developers.

While the campaign is not revolutionary in technical terms, it will supposedly sport several noteworthy features. A novel virtual-machine-synching module announced by the gang, installed on the botmaster’s machine, will purportedly duplicate the victim’s PC settings, including the victim’s time zone, screen resolution, cookies, browser type and version, and software product IDs. Impersonated victims’ accounts will thus be accessed via a SOCKS proxy connection installed on their infected PCs, enabling the cloned virtual system to take on the genuine IP address when accessing the bank’s website.”

vorVzakone also says the operation will flood cyberheist victim phone lines while the victims are being robbed, in a bid to prevent account holders from receiving confirmation calls or text messages from their banks (I’ve covered this diversionary tactic in at least a couple of stories). Interestingly, this hacker started discussion threads on different forums in which he posts a video of this service in action. The video shows racks of centrally-managed notebook computers that are each running an installation of Skype. While there are simpler, cheaper and less resource-intensive ways of tying up a target’s phone line, causing all of these systems to call a single number simultaneously would probably achieve the same result. If you don’t see English subtitles when you play the video below, click the “cc” icon in the player to enable them:

THE FIRST RULE OF PROJECT BLITZKRIEG…

vorVzakone’s post has been met with a flurry of curiosity, enthusiasm and skepticism from members of the underground. The skepticism appears to stem from some related postings in which he brags about and calls attention to his credentials/criminal connections, an activity which tends to raise red flags in a community that generally prefers to keep a low profile.

In the following introductory snippet from a homemade movie he posted to youtube.com, vorVzakone introduces himself as “Sergey,” the stocky bald guy in the sunglasses. He also introduces a hacker who needs little introduction in the Russian underground — a well-known individual who used the nickname “NSD” [an abbreviation for the Russian term несанкционированный доступ, or “unauthorized access”] in the mid-2000s, when he claims to have exited the hacking scene.

“Good day to everybody, evening or night, depends on when you are watching me,” the hacker begins, standing in front of a Toyota Land Cruiser. “My name is Serega, you all know me by my nickname “vor v zakone” on the forum. This is my brother, my offline representative – Oleg ‘NSD’. So, what? I decided to meet you, let’s say ‘remotely.’ Without really meeting, right? Now you will see how I live. Let’s go, I will show you something.”

A still shot from a video posted by hacker “vorVzakone”, foreground.

And he proceeds to show viewers around what he claims is his home. But many in the underground community found it difficult to take seriously someone who would be so cavalier about his personal safety, anonymity and security. “This guy’s language and demeanor is that of street corner drug dealer or a night club bouncer, and not of someone who can comprehend what ‘backconnect socks’ or GeoIP is,” remarked one Russian expert who helped translate some of the documentation included in this blog post.

But soon enough, hackers on the forums in which vorVzakone had posted his videos began checking the story, digging up records from Russian motor vehicle agencies indicating that the license plates on the Toyota and other cars in video were registered to a 27-year-old Oleg Vsevolodovich Tolstykh from Moscow. Further, they pointed out, the videos were posted by a youtube user named 01NSD, who also had previously posted Finnish and Russian television interviews with NSD describing various facets of the hacker underground. Indeed, if you pause this 2007 video 22 seconds in, you can see on NSD’s screen that he’s in the midst of a chat conversation with a hacker named vorVzakone.

In response to taunts and ridicule from some in the underground, vorVzakone posted this message on Oct. 6 to a prominent crime forum explaining why he doesn’t worry about going public with his business. Continue reading →


12
Jul 12

EU to Banks: Assume All PCs Are Infected

An agency of the European Union created to improve network and data security is offering some blunt, timely and refreshing advice for financial institutions as they try to secure the online banking channel: “Assume all PCs are infected.”

Source: zeustracker.abuse.ch

The unusually frank perspective comes from the European Network and Information Security Agency, in response to a recent “High Roller” report (PDF) by McAfee and Guardian Analytics on sophisticated, automated malicious software strains that are increasingly targeting high-balance bank accounts. The report detailed how thieves using custom versions of the ZeuS and SpyEye Trojans have built automated, cloud-based systems capable of defeating multiple layers of security, including hardware tokens, one-time transaction codes, even smartcard readers. These malware variants can be set up to automatically initiate transfers to vetted money mule or prepaid accounts, just as soon as the victim logs in to his account.

“Many online banking systems….work based on the assumption that the customer’s PC is not infected,” ENISA wrote in an advisory issued on Thursday. “Given the current state of PC security, this assumption is dangerous. Banks should instead assume that PCs are infected, and still take steps to protect customers from fraudulent transactions.”

Continue reading →