Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


FBI: Online Banking Attacks Reach $100 Million Mark



 By: Brian Prince
2009-11-05
Article Rating:starstarstarstarstar / 4


There are 5 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
In an intelligence note, FBI officials say a mix of banking Trojans and phishing attacks has plagued victims - mainly public institutions and small and midsize businesses - to the tune of $100 million in attempted losses as of October.

Malware and phishing schemes targeting online bankers have spurred a jump in Automated Clearing House (ACH) fraud that has led to $100 million in attempted losses as of October, according to the FBI.

In an intelligence note released earlier this week by the Internet Crime Complaint Center (IC3), the FBI said that it is seeing several new complaints opened every week as cyber-criminals continue to up the ante. Many of the victims are small and midsize businesses, as well as court systems, schools and other public institutions, authorities said.

Within the last several months, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts, the agency said in a statement.

Resource Library:

According to the feds, the typical scenario involves the victims receiving a phishing e-mail with an infected attachment or malicious link. If the recipient falls for the trick, they end up downloading a key logger that swipes their business or corporate bank account credentials. The thieves then create another user account with the stolen data and begin transferring funds via traditional wire transfers and ACH transfers while pretending to be the legitimate user.

Further reporting has shown that the transfers are directed to the bank accounts of willing or unwitting individuals within the United States, the FBI said. Most of these individuals have been recruited via work-at-home advertisements, or have been contacted after placing resumes on well-known job search Websites."

According to the IC3 - which is a partnership between the FBI, National White Collar Crime Center and the Bureau of Justice Assistance - the FBI analysis shows that the victims accounts are often held at local community banks and credit unions, some of which use third-party service providers to process ACH transactions.

FBI interviews revealed that the threat stems not only from the malware involved in these cases, but the vulnerabilities presented by the lack of controls at the financial institution or third-party provider level, according to IC3. For instance, in several cases banks did not have proper firewalls installed, nor antivirus software on their servers or their desktop computers. The lack of defense-in-depth at the smaller institution/service provider level has created a threat to the ACH system.

 

 





  Reader Comments: FBI: Online Banking Attacks Reach $100 Million Mark
>>> Post your comment now!
A user comment on this article
And still despite such insight they are either to lazy/stupid or understaffed to catch some of the biggest scammers and online banking havens such as...
Posted At: 11-12-09
By: CAT
It's an Arms Race
The best bank today may not be tomorrow. This is an arms race between the White Hats and Black Hats. If I look like a customer, I will get the...
Posted At: 11-10-09
By: Ex-banker
Which Bank best?
Wow, the government looking out for the little guy again! Same story, our money, our taxes, government goes on forever!
Posted At: 11-09-09
By: Buddhahead
Even if I knew, I couldn't tell you
Banking regulations specify that exam findings are confidential. So if I am privy to this information as a result of regulatory review, I am...
Posted At: 11-09-09
By: Anonymous
Which Bank best?
So which banks are better protected? Any recommendations?
Posted At: 11-06-09
By: Buddhahead
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}ks۸qf89zڎ-9։eXJ|2UZ$)R8'['7n7$?Ɍm@_h4?'I"nZΘt\snS?úO Y'T7>{ &(ˑԫ1m3HnwݶN-gP'^> \?g3QY| n0up;\RrCNec<> i^_aod}+1}" @D%\.I"0i5&ttڽ~H}AFI?j/jNxXX+(H.c#I-byO``%pbQU:7'SKߺnZ:=?nΐ|")ĠV*PFbЊ%+gxg_-:nΚ7O7fGκפ>m>s鐚&tXAZ|]kU[_oG߯CM[CyC0-ߕҡ"1?]$>\OIN©,7M~tǷPZ,.s$dBrZT|Y|ěy30si2)> L9oX@.@ש#04ǯhV=<<䭱JG+҄& )B:A`ܺNR$9Vˡ8ȟ4R\ 9lb)6K .WR<? dz!CCZ9nVȨU7ө$ɛ!"ˆG9x|!XsI((GNlO}yp.jYY6'*daeIUis[dhEށ:YpjUOVxǫ # EHYf7-vI0ꨦUʇJ jExQ9TW,@F̶# &s;y0`;}J_Oiͧ8!9~tDAG66^zK tcb>'ݨä p|w͇v9s/|TaR֔ZN;=H:6Z\χ`c˖CB뎂9{׻ergmM~يС4}a hp3*~s`=w= } wlmNl}h`1 5%:0$72JE ] #RRP$S hI#r B ,`@n%` [AX/w$]I+Tbz"ҶBIRX){TKh+K@f:34YIJM힟 X*ȉ#m"09X Y OJy[+R4dT(9 +Ò*!G@VTyY0w2-Ti;#O΍`?Z^0~)?ǘ[eX4LST2q)(f+7OTRԛȦ-$k}jBB63 =wʠ:F'(_ ۝.g;*w.ќ(Vzv}9ep7 Ty v Bdj/h~W.Y 3EXVHdFCC{ޡ[Y3T)w^IY䞅Tড়,H@&mdz?;Oq)2Sf$),4tOݡ~P;?~uV"kCX]۽h@r6ҁy4 m g@yC dX{K/,è+AJK_ji tsaŴ,Bl6<E9Lɨ0iMfuYMܛwXTM.r_ }dҶbF6jISʱb1vn ʸ1MVRQy5:z Ѓ`r3yt )نhpg׏Ф0W2`aQUU[*X[ 3D2.P\+Cҵ3KwEeוּJ !jFh>nG議C`VQNg43aJY6 }~Xw>tļZB_@kMug 7aT5Cclq-Z ;rm۽ sq, bjt,g@aRo5>  T#!EX+LTBYah[s6/Jo>fm<~B+p&L>FkwYвJzu6$T.(J9A)` N 2&|h<CH&,\$ DrAa X+c//'7].K i?aE"%1ڣs!a*/7+ \;gjZ(T+1:ʪZJ:_V2EV6őG@=q?@*:2pn`wy~t=t@qDLԀH 5^Fd.=T*ٝ'(R~p;>mRI4yZH]ŤX LkQ'sGŕ5 [é#f5MaFž JZP+{nxE0ksv-"fdaD4@w=bC-ɬB3fo t렀6RaMxޜ9"zeaހWIlJhL6;_JONMШ6> YLZ[tɃoᔻ,Pýo~QB<Z\#h gzGjz%8r zĀİ/h{~UM+%e2YhSIpg#HٚIκVs|,On?yRL5߼Ap5ش@ngr_"~+㧠gsɜC/ ܒ;!k̀X'V-7O|8 B|i>⇇a9K}pv'< hrõm7>" N\tc%'l9Ln7[JI) `uVEZ)~)HǞ1}]ܙe>t1N8*z)O#ʜEoS Ymq'&.Ҁ^\T3 fc>/ci)T",߸X,W̱^`3XZ>6lz ta6tGM4*H!Iu( Eōj4 Jx7O \v-[& vaN0qR3ڛ5^,@M|KZ q4wI#⩬y0.Ɨ!sk' O̦:zf3&t]4. y*1`2N4ۄ knI,G: aTg*ݔ[Y`'.ӪV$$< <dU4^U&.2%6z7xHn6J墦AkR;qO;a#ұLƈQ@gt@ ɢ\' WeR8p,g( ,O$%,t9q[6E),8{Je%[ ir}g$ $"zR=.=2a7ZPf㜘\}?؇^֪)ln |I~Zg^ = bE2}{?RXn)hl{ٗŧ#<d^=}W^^A1Vy? 0WK{,5.aЇ_e#R:&hy);w-~1}LAIP 4#5>&!}ׇu{9EUl_;l᳋Y? `yBr+'~p:wK%E;&˖u ߽<rLpBj\](d0 szj\g#7bL`jX&IyD#SW5C2܃a)y,f \/D]s:֒TzB_ɾj,r9ϐAY x0G_ފGq Bb/3BߐdxPRc (ʱ=``VɈfwuN αF_ B@np+z!NU E,$Ke=ғ2p&5[' <=9 ψEщk #^ 4~ y,~y<~_dK0NvFGgqkf#^a~:)}AO-9˝~LҴ(o l"tSݏkԛ#2L:&r֚SD[@csOӖO\fax!ul(q%՝b"(BٺCO ,jm-̑s S)i"ϔ m$IjSfkC@$ğ_2HIv(+Ht$dAzWjӚ]e .iw6D2FL`ql)LZa"A|)J| >m\@ Rr';$%@lb%%hҫoeW!؁|@s`S=CD!aF#rWzaU"Ա0@뀴#O:. tFnx7Ć+^@)s^XL2k-x'[gY6/t0wo8d#ޣd=fcT c1! zN`sS@ {:`AO[up߁؁ ?O.yr or&N uV8'i?{޽q¶"CWqj: -@^t,$$yUZ¶/WU3$]d%FpZx>2M3}%3 ՛wD/MZ+-R!EkE7_UK "E'%:#ڮ/=ا?Vȿ5LĬhwHxڗn,3đA.F80€/y 2B<|_ @R9*mK0^7@ф\yo̜-|ƔzCX|~,l0_LZOl)Z@# Ah|:^>3Vbl95wJZږ*Ͽ\07 }G#TUQ.d1#+%TZ4p$ H A;[3<#3;U$ek[}!ٕ2]8M2PG:q_m)D A0&G7V!66 Ʈr ]yŰ讝r1/Wŵhs:p8e?r>t&]vW-~-8F_֨!R J<w6>dqGU,(clѩ}f9bĨqmjRh 1\?Up=>ړXzcmMn`zpKfq sN0nC =E]HH r/oI_c!^ߒ /7A2mitHTE,pq,X`. y 5@x ls:l!t- ~?HLVF`[ܭ)Hrm0t2lS#UL PA 1CJܶC}[̳y:,-CM ]D$]bӽ)bhcX F i@B8_b+ Բ";%ݔ"ҟ#}A ӶJ{L7%C#n8D&y"X(q߭{-pR[Vkh0ޣ?ih",x%puV?˂,g MeZ$طUtEGAlIKnQgھԤgO Dt7{718H'Icp$}G$ IcpQt?$=t<[ ` T\&C1(30lHv0!ճ1f'<nD !4燰^,^90C,2-n\,PC:0s uG3wo|Ncźו|mђ ۷҅u + 5U|7YY[4aW(+DK|:$Q33 gً;"ዉߗ(aQ7Txy?NJqMy"Зpۡ>mw} hZƬN uglw_8 Ѿzqaו|mwCbKj3F;>({<;4w|b鹖1 ޶3ΰT !G\0TBӒD \x Q+;ބmcl@S643@nt {:]O<Ib F?D"7OGࣾ;_KLv{R{Vw_˖mx7c^mH4EdJ"ݾM%(b~7RQTSEM /u'rYltEtDnS/&L-6cWQd%ş-ox+06\rq5&j@i| 1'.⻽E4w r\'5Nsa`r^q28>P!lfΡk1%Z[sڌO%5?h۾^c+mSն-1){O`YmZ8G]ʮ:a5HLnknZw>SC=t{©Yj|ubM$tF87?P?┱fne?%sN4PwGKtz`]gτsEs&+<8#/\,Ҷ1Wou`2Vö뿑$y\z`',e/A1EKl@.]h }LljV:`CXXnx.ېW͇xOq{Q\#D<ߦ!;qqñŃ4+uDZ/ 3,K?c"/'>eOD)3,E;L!۟`n3%w1V^sD2QQ Q?EiOV:q/L ~ J5?+O|_.ȿoD#_ ~h*描;@⫚Xnv,r'o2ek)G>?E=:ZoYb(n[3; !kjb`!h!KѰ,#Ż8~܋nq

`r[__-T/~_y=0|sݗǮV5U*5Y!7,薯k\-kő~`zE8by>ӹd%M:u_`ci*pm[*{=E-h<#Թ<׉u9bu{Ω05r1Z<+KN@.^`hKZI<+. $&nhӦ\wt̴[сHDoيuX- ʇ[Q{ZH:rMu,?t1ц]ֿ-'|͌V:mFxZci< 4Ϙ/rL!TTbЭB1˪M;InP~z*ڟOe^jsB ZU} КX7#t J n,Mh:17}߄QT1VUA9(WT:qxGw/tX3/b-3-Ѩ#&=g<$w{̥ǯqec5DX7$мnX{+$ʽOg-"vFf.BT0 `r0\MѾ Eo]*4Q^[LN<yS]\aXJ^P₃ax~Axd+uAO0}+Djw/%r}A3"V2/ j9n Q@J ͍$ԇ:]ɖàZEQt#ߛ3,ȏB%nKM ᙅbyN]ƒ $Bq0ӜhW(vt…yğ 1º~6 _F`p3W VjE)OBӁR:#${˪<>'noX{z+i+ j9Iˑ;^(29 &O=lF(Dwn`9ꍫO{M"'Uݽ$' ]¶V-r5utNWڗe?W?+bh,.67ã0o/6`JT/!jbTű0MPl <fi؊km9 g5^LˢWkFN]3C 8nzFh9j0ZQc r!>E.Z}ҽlIJ/6./2C_׌k(^_~JmdwQ__4[P~ sww?/?ofnfCCL2^Q ?/A;Ӂw2,N~;N~:0N;@ }v2y2ccF9gQށNF9e^\f%eu݌wAt3OK7C\}\e5u``k}?f>f#cn&&~oon2/$)CAy#Wpzz;"9(/'R*zUK˳C(ϐge3Vna{r!Wgˀ^ kL+ťW*7YKxM}%kk[Z1nvd ba/ KPe^#(,8%Y}MNJ 4tk 7b[y$=)>w槤Ixո]@&JR-cENj).~QxdB$h{d !ә)|.y|e8NtGz& ;H_ehĻOeٞ܃8.9.n \9#p} ~iMnڧnZv<2kݫ+++p'k͠?~% +^:>YlفǓ$CoBgU9j{$oqAzC/x`4oo}e\7㌠6v{x5CZחU]=tZ}iP,US !Pi0dp= 礟g'vڢ{&f"|t5pÅ6A7f(90l Hj$7rQӊj~JR'\#b)jUUEVro VVK D`q9CTx|Femګ,91C=b{hǬ[ɖP=^?FGu5j2cof2 %aw8a+h;bq Y8P*`!K؞.F^͇$yr9m|LڸAÆo^Ėٵv"n<4Nwz:Kd@4ǝaƹr0@YKD|&ߢ)tOU0'PYŲnEO0Ϫ)1(|s˸ [2FdX jXJr h;9_n\$ǖlrFR:=bՇg4yxaw.kz62HD`a\m8JIK],gSN=X v7n\k,%H\ |Tx6bRFՏ"G[[z`L$֚lAv3&Fdu#aqq6sz2&6 ]!Br;Ǵ<<T#0?f Fӕs]kfQg נn9OۍXpx fL~.2:TǓxCdty'0Oq]gĈ{QL mb[>/Ig;:{.R?a$|Ŷ/7G?$I[0|K b?94Ô0ـO X+.Ġ/>'G4WBa*q8wp!ɉ:4!vUƒ_ r:'쭰F |m'm_1S&G}Ez~Kp.E7^(z#1QpS$F0k}2s&zU Th4OSϫ1E%[;S~!+[v…Jr.Q =@U7VA잇3SY,vA? T@|- %;\6LDxk~F0~N]v0N9DEP^vZ<¾عeNUhJm;:Ƶh2-1# M׭bzUu .Ыr!9|x@NoM{ސ,e~[!=-)0p,\ftOm<` G&ʖ$߀)0t!?Fq:h /ASl+ 6[ +"ۂ Jm˴6u¹"UXJٍ ,~:3_-rΦOWtm:mml/>^|ۺ+AўYnw|h[d%+^FM`Wpۂ{wXiWeRpCV)tO˞!?r73TU^X (K# LwEΠpshՆGHǸ[ [ qy6` <Щ1DM.vQeNܔuF:®u4mveщ&߉n^sQaW_ew6k+[Ѐ7H>Y;PE"1ԛa:({=zk|XKz\MkÔ{y0ѕDM1F(ͧ,1gY{L 52lv* X>!ˣŬ"&D0Ȯ'R:tsh{h۟sT*D#L0MÄr="5roq-yeיHpK8 g!0X^Xɩȩ(v}_\%h72b5Š_yfuBsǐy6gn_oeTUA$7yM1ec*P)V []jqۙ QBlS2u̹D/4^JBLViQ}*' Cfan؄;66BJF:6L]_[ PţR"