Posts Tagged ‘Cyber Theft’

Online thieves step up bank raids

September 30, 2009

Cyber-criminals have developed sophisticated ways to remain undetected, a new report finds.The report, from security firm Finjan, describes how one gang, based in the Ukraine, stole 300,000 euros (£269,000) in 22 days.

It used a sophisticated piece of malicious software which fooled banks’ anti-fraud systems as well as forging bank statements to hide the thefts.

It also recruited innocent job-seekers as so-called money mules.

Such mules were needed to prevent a direct money trail being traced back to the gang.

The specific attack, monitored during the month of August, was aimed at the customers of several German online banks.

The German police have been informed.

The server used by the gang has been frozen although it is not known whether gang members have actually been caught.

Specific criteria

The gang used infected and fake websites to spread the trojan, a piece of malicious code which, once installed, can access all the data on the infected machine.

From a command and control server hosted in the Ukraine, the code was installed on the computers of bank account holders.

The trojan received specific instructions about how much money to steal from each account as well as the details of the money mule’s account into which the money was transferred.

Finjan’s chief technology officer Yuval Ben-Itzhak said he was surprised at the level of sophistication employed by the gang.

The code included very specific criteria to make sure the bank accounts of victims were not completely emptied and to ensure the amount being stolen was not so high that it would be detected by banks’ anti-fraud systems.

To further obfuscate their crimes, the code used by the gang was able to generate a forged screen showing the transfer of a small amount of money.

The real amount stolen would only be obvious to the victim if they logged into their account from an uninfected computer.

They wanted to make sure the victim would not find out from their statements. In some cases they deleted transactions completely,” said Mr Ben-Itzhak.

Anti-fraud systems are designed to detect unusual money transfers, as well as strange behaviour on customers accounts.

Money-making schemes

Money mules are increasingly being recruited by cybercriminals as a way of preventing police finding a direct link to them.

We have spotted money mules being used in the last six months or so,” said Mr Ben-Itzhak.

The recession has made it easier to recruit people, he thinks.

There are more people looking for jobs and if an attractive job offer drops into their inbox, they are going to take it,” he said.

The Ukrainian cyber-criminals hired its “mules” by falsely telling them they would be working for a legitimate business.

These “mules” were unaware that they are being sent stolen money, but believed that they are being paid for working from home or other moneymaking schemes.

The money mules in this particular case are being treated as innocent victims and, although they will be questioned, will not face prosecution.

Advertisements

PROS AND CONS OF CYBER CRIME

May 21, 2009

Cyber crime is a criminal activity committed through the internet .This is a broad term that describes everything from electronic cracking to denial of service attack that cause electronic commerce sites to loose money as well as precious data. Cyber crime s can be divided into three major categories:

v Cyber-crimes against person.

v Cyber-crimes against property.

v Cyber-crimes against Government.

images04 images05 images06

Criteria of cyber crime

Assault by Threat: Threatening a person with fear there lives or family through the use of computer net work such as email, videos, or phone

Cyber Contraband. Transferring illegal item through the internet (Such as encryption technology) that are banned in some location.

Cyber Laundering: It is a electronic transfer of illegally obtained money with the intention of hiding its source and possible and destination.

Cyber Stalking: It is express or implied physical threat that create fear through the use of computer technology such as email, phones, text massage, web camp, website etc.

Cyber Theft: It means using a computer to steal .This includes activities related to breaking and entering DNS cache poisoning, embezzlement and unlawful appropriation, espionage, identity theft fraud, malicious hacking, plagiarism and piracy .Examples include advertising or soliciting prostitution through the internet.It is against the law to access prostitution through the internet because the process of accessing the Internet crosses state and sometimes national borders. Drug sales, both illegal and prescribed, through the internet are illegal except as a customer through a state licensed pharmacy. Computer based fraud is different from theft because the victim voluntarily gives the money or property to the criminals.

Online Gambling: Gambling through the internet is a violation of law because the gambling service provider requires electronic payment through the use of credit card, Debit card, or other electronic fund transfer which is illegal.

Cyber Trespass: Here, someone accesses computer network recourse without their authorization or permission of the owner but does not alert disturb, misuse, or damage the data or system. This is hacking for the purpose of entering into electronic network without permission. Example- Using a wireless internet connection at a hotel in which you are staying and accessing the hotel privet files with out disturbing them .this is called snooping.

Cyber Vandalism: Damaging or destroying data rather than stealing misusing them is called cyber vandalism .This can be included a situation where network service are disturbed or stopped.Delibarately putting malicious code (viruses,Torjans) into a computer network to monitor ,follow, disturbed stop ,perform any other without the permission of the owner of the network.

Phishing Technique: Phishing technique was described in details in 1987,and first recorded use of the term “Phishing” was made in 1996 .the term is variant of fishing probably influenced by phreaking,and alludes to baits used to catch financial information & password.In the field of computer security Phishing is the criminal fraudulent process of attempting to acquire sensitive information such as username, password, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant massaging ,and it often direct user to enter data at a fake website whose URL and look is all most identical to the legitimate one. Phishing is an example of engineering techniques used to fool user and exploit the poor utility of current web security technologies.

Link manipulation:Most method of Phishing use some form of technical deception designed to make a link in an e-mail belonging to the spoofed organization Misspelled URLs or the use of sub domain are common trick used by phisher.

Filter evasion:Phishers have used anti-Phishing filters to detect text commonly used in phising emails.

Website Forgery: Once a victim visits the Phishing website deception is not over. Some Phishing scam use java scripts commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL.

Phone Phishing:Not all Phishing attacks require a fake website. Massage that claimed to be from a bank old user to dial a phone number regarding problem with their bank account.Once the phone number was dialed, prompts told user to enter their account number and PIN.

images01 images02 images03

A Dirty Business:Child pornography is multi billion dollar dirty business and among faster growing criminal segment on the internet .According to the National center for Missing and Exploited Children (NCMEC), USA approximately one fifth of all internet pornography is child pornography .According to research conducted by at MIT, 89%of porn is created in the USA .Revenue$2.84 billion was generated from USA porn site in 2007. $89per second is spent on porn, 72%of porn viewers are men and 260 Site and above go online daily.