Posts Tagged: Financial Services Information Sharing and Analysis Center

May 12

White House Aims to Stoke Botnet Fight

The Obama administration will hold a public meeting at the White House on Wednesday to discuss industry and government efforts to combat botnet activity. Among those is a pilot program to share information about botnet victims between banks and Internet service providers, according to sources familiar with the event.

The gathering will draw officials from The White House, US Department of Commerce and Department of Homeland Security, as well as private-sector executives from an entity formed in February called the Industry Botnet Group. The IBG counts among its members trade associations, companies and privacy organizations that are working to create a voluntary model that ISPs can use to notify customers with infected computers.

Although a number of ISPs already notify customers of bot infections, there is no uniform method for reporting these events. Attendees at Wednesday’s meeting are expected to announce — among other things — an information sharing pilot between ISPs and financial institutions that are part of the Financial Services Information Sharing and Analysis Center, an industry consortium dedicated to disseminating data on cyber threats facing banks.

The pilot to be announced this week will draw on a nascent extension of IODEF, an Internet standard developed by the Anti-Phishing Working Group to share data about phishing attacks in a common format that can be processed automatically and across multiple languages. Continue reading →

Apr 11

FBI: $20M in Fraudulent Wire Transfers to China

The Federal Bureau of Investigation warned this week that cyber thieves have stolen approximately $20 millionĀ  over the past year from small to mid-sized U.S. businesses through a series of fraudulent wire transfers sent to Chinese economic and trade companies located near the country’s border with Russia.

The FBI said that between March 2010 and April 2011, it identified twenty incidents in which small to mid-sized organizations had fraudulent wire transfers to China after their online banking credentials were stolen by malicious software. The alert was sent out Tuesday in cooperation with the Internet Crime Complaint Center and the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry consortium. The alert notes that actual victim losses are $11 million, suggesting that victim banks were able to claw back some of the fraudulent transfers.

The FBI says it doesn’t know who is behind these fraudulent transfers, but that the intended recipients are companies based in the Heilongjiang province of the People’s Republic of China, and that these firms are registered in port cities that are located near the Russia-China border. The agency says the companies all use the name of a Chinese port city in their names, such as Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Donging, and that the official name of the companies also include the words “economic and trade,” “trade,” and “LTD”. The recipient entities usually hold accounts with a the Agricultural Bank of China, the Industrial and Commercial Bank of China, and the Bank of China.

From the advisory (PDF):

“In a typical scenario, the computer of a person within a company who can initiate funds transfers on behalf of the U.S. business is compromised by either a phishing email or by visiting a malicious Web site. The malware harvests the user’s corporate online banking credentials. When the authorized user attempts to log in to the user’s bank Web site, the user is typically redirected to another Web page stating that the bank Web site is under maintenance or is unable to access the accounts. While the user is experiencing logon issues, malicious actors initiate the unauthorized transfers to commercial accounts held at intermediary banks typically located in New York. Account funds are then transferred to the Chinese economic and trade company bank account.”

Continue reading →