Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Small Business

    Massive Check Fraud Operation Run by Hackers Revealed at Black Hat

    By
    Brian Prince
    -
    July 28, 2010
    Share
    Facebook
    Twitter
    Linkedin

      A three-month investigation by SecureWorks has uncovered an innovative check fraud operation that is estimated to have counterfeited $9 million in checks in the past year.

      Gone are the days when thieves had to use low-tech methods such as check kiting to defraud banks. According to SecureWorks, a group of Russian cyber-criminals are using a mix of malware, money mules and SQL injection to get their hands on data from check image repositories run by services that archive checks on behalf of businesses.

      “You write a check, it goes off to some processor somewhere, and at some point at the end of the chain it will get scanned electronically … [and archived] in some database somewhere,” explained Joe Stewart, director of malware research at SecureWorks. “That’s what these guys were hitting with this botnet.”

      From the Black Hat security conference in Las Vegas, Stewart pulled the covers off a 1,000- to 2,000-strong network of computers being used in a complicated scam to steal check information and wire money overseas. Using SQL injection vulnerabilities in Web sites of check archiving services, the attackers download images of checks used by businesses-along with bank routing numbers, accountholder names and other associated information.

      Next, the scammers use off-the-shelf commercial check printing software utilized by legitimate companies to print counterfeit checks that are then given to money mules to deposit. The mules are tasked with wiring the money to bank accounts in St. Petersburg, Russia, where Stewart speculated the money may be transferred into Web money and then converted into cash.

      “The quicker [the attackers] can get the money wired out … the better their chances are of not getting discovered and having a bank withdraw the funds from the account,” Stewart said. “So they are very, very urgently trying to convey to the mule, ‘you got to get this processed as fast as you can.'”

      Stewart uncovered the operation after analyzing a variant of the Zeus Trojan that established a virtual private network (VPN) connection between infected computers and a remote server using the point-to-point tunneling protocol functionality built into Microsoft Windows. The VPN tunnel allowed the attackers to proxy traffic back to the bots, bypassing any firewalls or network address translations that would ordinarily block incoming connections from the Web.

      Ironically, the attackers did not take the additional steps of encrypting the VPN traffic, nor did they route the Zeus “phone-home” traffic over the VPN, Stewart said.

      A SecureWorks analysis of a copy of a database the scammers left in a public location on the Internet revealed the names and addresses of 2,884 job seekers who responded to recruitment e-mails as well as account information and check templates for five companies. For a two-week period, counterfeit checks totaling $40,880 written on these accounts were set to be printed and sent to 14 money mules.

      It’s not clear just how much of that money made it to Russia, however. In interviews with six of the money mules, SecureWorks found that several became suspicious of the operation, and in one case a bank declared a check invalid.

      “All of the mules thought that they were initially signing up for legitimate jobs and were certainly anxious to get a job, so it was quite disappointing to them,” Elizabeth Clarke, vice president of corporate communications for SecureWorks, told eWEEK.

      “People caught on when they got the second set of instructions that says, ‘OK, now you are going to send the money to St. Petersburg in this amount,'” Stewart said. “It becomes very real.”

      SecureWorks has contacted the FBI and advised businesses to use “positive pay” services provided by banks to help ensure only authorized checks are paid out.

      “There [are] a lot of different weaknesses … these guys are taking advantage of all over the place,” Stewart said. “The desperation of job seekers, the easy access to their e-mail accounts through job sites, the SQL injection flaws or the weak authentication schemes that everybody uses-all of this has to be in place for them to do this on this scale.”

      Avatar
      Brian Prince

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×