Search this site

FINANCIAL TERROR‎ > ‎

Financial Terror Plots & Patsies


Title: Zeus Trojan Arrests Highlight Sophisticated 'Money Mules' Operation
Date:
October 1, 2010
Source:
Computer World

Abstract: Court documents released in connection with indictments announced on Thursday in a massive international cybercrime operation that resulted in millions of dollars being plundered from domestic bank accounts provide a fascinating -- if scary -- glimpse into how the crooks operated.

The US Attorney's Office in Manhattan announced on Thursday that it had charged 37 individuals for their role in a scheme which involved the use of a sophisticated banking Trojan program and numerous "money mules" to steal from dozens of U.S. business accounts.

The charges in the US followed similar arrests in the UK, where authorities on Tuesday charged 11 Eastern European citizens in connection with the same scam. The operation in the U.S. was code-named ACHing Mules, in apparent reference to the fact that unauthorized automated clearing house (ACH) transactions were typically used to siphon money out of business accounts.

All of the individuals charged in the U.S. so far are from Russia and East European countries and were either money mules that helped transfer stolen money out of the U.S, or individuals who managed or recruited them.

Most of those charged on Thursday entered the country on J-1 non-immigrant visas, which are frequently used by students in cultural exchange programs and other short-term training programs. The visas allow those holding them to remain in the country for months at a time and permit them to open U.S. bank accounts.

A statement released by the Attorney's office said the actual thefts were perpetrated out of Eastern Europe by crooks who used the Zeus banking Trojan to break into computers at small businesses and small municipalities.

The malware was used to steal online banking credentials which were then used to access bank accounts belonging to the small business or municipality. The perpetrators would then withdraw money from the compromised accounts, typically in amounts just less than $10,000, and transfer it to fraudulent U.S. bank accounts set up by the money mules.

The mules would quickly withdraw the funds and send it to the perpetrators after retaining a portion of it -- about 10% -- for themselves.

One example is Ilya Karasev, a 22 year old Russian who has been charged with conspiracy to commit bank fraud, and two other charges. The conspiracy charge alone carries a maximum penalty of 30 years in prison.

Court documents describe Karasev as a mule who first entered the country on a J-1 Visa in May 2008 and then converted his status to a F-1 student Visa in December that year.

Karasev's misdeeds are alleged to have begun in April this year, when he opened a fraudulent bank account at TD Bank in New York using a fake Belgian passport issued under the fictitious name Fransoise Lewenstadd.

A few days later he opened another fraudulent bank account at another TD Bank branch this time using a Greek passport under the name of Alexis Harris. He opened a third account with the same bank a few months later this time using yet another foreign passport and the name Fortune Binot.

In addition to TD Bank, Karasev also opened several similar fraudulent accounts at Bank of America and JPMorgan Chase using his assumed identities. Over a matter of several months, the accounts were used to receive tens of thousands of dollars stolen from numerous small business accounts.

In each case Karasev would withdraw the bulk of the money almost as soon as it hit the fraudulent account using ATMs and over the counter transactions.

In some cases Karasev would make debit card purchases using the stolen funds. The court documents did not specify how Karasev would then transfer the money to the actual perpetrators in East Europe.

Karasev was one of over 24 individuals who belonged to an alleged money mule organization that was responsible for receiving funds stolen using the Zeus Trojan. The mules worked with computer hackers and individuals who could provide fake passports in helping them carry out their operations, according to court documents.

In many cases, the mules used three to four fake passports and identities to open multiple bank accounts, including two or three with the same bank.
One of the alleged ring leaders of the mule organization was Artem Tsygankov, a 22-year old Russia who like the others entered the U.S. on a J-1 visa. According to indictment papers, Tsygankov is alleged to have been responsible for recruiting numerous mules in the U.S.

Another individual, Sofia Dikova was described in court documents as the one in charge of obtaining the fake passports that were used in the scam. Dikova also acted as a mule occasion. Both Tsygankov, and Dikova face up to 30 years in prison if convicted on the consiparcy to commit fraud charges alone.

In addition to the charges by the U.S Attorney's office, Manhattan District Attorney Cyrus R. Vance, Jr., announced on Thursday the indictments of another 36 individuals for what was described as their participation in several large scale identity theft and cybercrime rings.

That group was allegedly responsible for stealing more than $860,000 from 34 corporate and individual accounts in the US, according to a statement from the District Attorney's office (Computer World, 2012).

Title: Zeus Trojan Still Active Despite High Profile Arrests
Date:
October 4, 2010
Source:
Computer World

Abstract:
Despite high-profile busts in the US, UK and Ukraine of cybercriminals using Zeus malware to steal from online accounts, Zeus will evolve and remain an effective theft tool for a long time, security experts say.

"There's a community building it and supporting it," says Eric Skinner, CTO of Entrust. "There's no one person to take down. If one person stops updating, somebody else will pick up the task. It's not like when you shut down a software company and the product ceases to be developed."

That about sums up the main strength of Zeus, which experts agree is the major malware framework available today. It's available, it's affordable, it works and its toolkit makes modifying it simple. And the core people who do the major development work have managed to elude capture, hiding behind layers of shifting command and control servers, ISPs, domain registrars and international borders.

“Even if we work with law enforcement, we're still not getting them," says Pedro Bueno, malware research scientist at McAfee Labs. "It takes several hops to get to them. We are real close to them but are never able to get to the final destination where they are."

The Zeus banking Trojan steals usernames and passwords from Windows machines so criminals can use them to illegally transfer money out of victims' accounts. A relatively small group of eastern Europeans are considered to be the main developers responsible for creating new releases of the platform, which has been around since 2007.

For example, researchers recently discovered that a Zeus add-on helps defeat attempts by banks to thwart access by thieves who have used Zeus to steal usernames and passwords of online banking customers. After users login, the banks send SMS messages to their cell phones containing one-time codes that the customers enter.

This two-factor authentication makes it more difficult for criminals to break into accounts, but the developers of Zeus found a way. A mobile Zeus Trojan grabs the one-time code and sends it to a ZeuS command and control server where criminals can use it to break into accounts, says Derek Manky, project manager for cyber-security and threat research at Fortinet. "That's an enhancement," he says.

Another recent development ties instances of the software to particular machines, so purchasers of ZeuS can't copy it endlessly or resell it. So far, there is no known way to break this licensing safeguard, Bueno says.

Developers also sell a ZeuS toolkit that lets purchasers customise it to their uses and modify its look so it can keep ahead of antivirus vendors trying to identify signatures that can be used to block it, Skinner says. They can also tailor the Trojan to the requirements of breaking the security of specific banks, he says.

Plus it's easy to use, Manky says. "It's easy for anybody to pick this up without any sort of qualifications," he says. "There's no need to be very technically adept." As Skinner notes, users of ZeuS can buy technical support for it. "It's pretty professional," he says.

The people behind ZeuS are good at hiding, says Manky. The use multiple ISPs, multiple command and control servers, multiple domains and base this infrastructure in multiple countries, all of which makes it difficult to trace their whereabouts. Compounding the problem, they frequently shift their infrastructure to new providers and new locations to start over, he says.

All of this portends a long life for ZeuS, says Skinner, but there are things that can be done to curb the success of criminals who use it:

  • Better educated users can help. Phishing, driveby downloads, email scams and malicious PDF files have all been used to spread the Trojan, says Bueno. More alert users avoiding behaviors that make them susceptible could help, he says.
  • Prosecute high profile cases with severe sentences. This will discourage those who might be tempted to create or join a ring, he says.
  • More takedowns of servers storing stolen information by putting the squeeze on ISPs hosting the servers. This makes it more difficult for criminals to set up their infrastructure, he says.
  • Better cooperation between researchers and banks that discover ZeuS rings and law enforcement agencies. Better cooperation between international law enforcement agencies is also needed so they can act quickly on intelligence about suspicious behaviour.
  • Go after criminal middlemen who aren't the ringleaders but who contract to do the technical work of setting up the network needed to carry out the criminal enterprises. Again, this makes it more difficult for the criminals to do business, he says.
  • Banks could take measures to blunt the effectiveness of the frauds. For example, they could contact customers via email or text message to confirm they have actually authorised suspicious transfers.
  • Develop detection systems that can spot ZeuS activity based on events not on malware signatures, Bueno says.
These measures could help, but the flexibility of ZeuS make it certain its attacks will keep coming. "There will be another one," Skinner says (Computer World, 2010).

Title: Scottish Botnet Mastermind Pleads Guilty
Date:
October 26, 2010
Source:
Computer World

Abstract:
The Scottish member of the infamous ‘mAnderson00p’ botnet gang has pleaded guilty to charges of distributing computer Trojans as part of a 2006 spam campaign.

Thirty-three year old Matthew Anderson, who adopted a variety of online names including ‘warpigs’ and ‘aobuluz’, used the cover of an apparently legitimate security business to plan campaigns that installed the ‘Ryknos’ Trojan (aka Breplibot/Stinkx).

These allowed the operation to set up spam botnets and open back doors for data theft. He is believed to have been able to spy on victims using a webcam, and to have stolen private documents for CVs, wills, password lists and personal photographs.

"This organised online criminal network infected huge numbers of computers around the world, especially targeting UK businesses and individuals,” said DC Bob Burls of the Police Central e-Crime Unit.

“Matthew Anderson methodically exploited computer users not only for his own financial gain but also violating their privacy. They used sophisticated computer code to commit their crimes.”

Anderson was aided by two accomplices from England and Finland arrested with him in June 2006, one later released without charge and the other given an 18-day community service order. Sentencing is set for 22 November and is unlikely to be as lenient given that Anderson is now seen as the key member.

At the time of the arrests in 2006, the bust was seen as a landmark in disrupting what was then still a relatively novel crime of creating criminal botnets. With the benefit of hindsight, this was merely an early warning of what has grown pretty much unchecked into a huge are of malware growth, that of hijacking ordinary PCs as spam relays. Botnets are now big business and form the core of e-crime (Computer World, 2010).

Title: Police Charge Alleged SpyEye Trojan Gang
Date:
April 11, 2011
Source:
Computer World

Abstract:
UK police arrested three men late last week in connection with using the SpyEye malware program to steal online banking details.

Two of the men were charged on Friday and appeared in Westminster Magistrates Court in London. Pavel Cyganoc, a 26 year old Lithuanian living in Birmingham, was charged with conspiracy to cause unauthorised modifications to computers, conspiracy to defraud and concealing proceeds from crime. Aldis Krummins, 45, a Latvian living in Goole, was charged with conspiracy to defraud and concealing proceeds of crime.

A third man, a 26 year old whose nationality was not revealed, was released on police bail but must return for further questioning in August, police said.

Police said the three were arrested by the Police Central e-Crime Unit "in connection with an international investigation into a group suspected of utilising malware to infect personal computers and retrieve private banking details."

The investigation began in January and revolved around the group's use of a uniquely modified variation of the SpyEye malware, which harvests personal banking details and sends the credentials to a remote server controlled by hackers, police said. As part of their investigation, police also seized computer equipment and data.

UK police have frequently teamed up with other agencies such as the US Federal Bureau of Investigation and police forces in other European countries to execute raids and arrest cybercrime suspects, but police wouldn't say if arrests were made in other countries as part of this operation.

Security analysts have kept watch on the SpyEye malware for some time. Some say it shares code with Zeus, widely considered the reference in banking malware. Zeus is designed to evade security software, grab online banking credentials and execute transactions as people log into their accounts.

Police have notched some successes against cybercrime organizations using Zeus. Last year, law enforcement agencies in the US and UK arrested dozens of "money mules," or people who were using their own personal accounts to receive stolen funds and transfer the money to other criminal accounts for a slice of the proceeds (Computer World, 2012).

Title: Card 'Blackhat' Gets Prison For PIN Terminal Fraud
Date:
October 17, 2011
Source:
Computer World

Abstract:
One of Europe’s elite ‘blackhat’ card fraud engineers has been sentenced to three years in prison at London’s Old Bailey for helping European gangs steal money using tampered chip and PIN terminals.

Twenty-six year old German national, Thomas Beeckman, was a talented electronics engineer who became a mastermind on how to subvert the technology used in European PIN entry devices, the small machines that customers use to pay using plastic credit or debit cards in shops.

The modified terminals were then re-exported back to the countries from which they had been stolen and introduced back into the chip and PIN system, allowing financial theft on an unspecified scale.

The advance Beeckman’s electronics skill offered the gangs was that the terminals appeared genuine, delaying the point at which fraud would be traced to the physical PIN device itself.

The criminal networks also cloned cards which had been compromised, exporting them to countries such as the US, which has no PIN security at the point of sale.

"By putting this individual behind bars the Dedicated Cheque and Plastic Crime Unit has prevented them from defrauding the banking industry and its customers of significant sums of money,” said detective sergeant Richard Maynard of Scotland Yard’s Dedicated Cheque and Plastic Crime Unit (DCPCU).

“There can be no doubt that the work of our specialist unit over the past few years has played a key part in driving card fraud down, and we continue to provide a clear warning to the organised gangs and those who work with them that we will track them down," he said.

How much Beeckman was paid in return for his Blackhat skills is unknown but he was reportedly able to support a wife and family in Thailand from the proceeds.

The German was eventually caught in June after a tip-off as he entered The Netherlands by bus from the UK. Modified terminals were found on his possession which police believe were to be planted in shops in Belgium and The Netherlands (Computer World, 2011).

Title: Zeus Trojan Masterminds Found Guilty Of £3 Million Online Fraud
Date:
November 3, 2011
Source:
Computer World

Abstract:
The last two people found guilty of being part of the gang behind the UK’s biggest ever cybercrime phishing spree have each been sentenced to nearly five years in jail.

Ukrainians Yuriy Konovalenko, 29, and Yevhen Kulibaba, 33, were the ringleaders of the largely UK-based gang that police believe managed to steal at least £4.3 million ($6.9 million) between September 2009 and March 2010 by deploying the Zeus Trojan to raid online bank accounts in several countries.

The full scale of their crimes might never be known with some estimates putting the sums stolen from the gang’s activities above £20 million, which would make it one of the largest crybercrime heists ever to reach court anywhere in the world. Police have connected the pair directly to almost £3 million of the uncovered thefts.

There has been a slow drip of sentences handed out to the gang members in what turned out to be a hugely complex investigation, ‘Operation Lath’, which saw 13 people charged with a variety of offences connected to the gang’s activities.

Last month, Kulibaba’s wife, Latvian national
Karina Kostromina, was sentenced to two years in prison for carrying out money laundering for the gang.

"These defendants were part of an organised network of computer criminals operating a state-of-the art international online banking fraud, through which they stole many millions of pounds from individuals and businesses in the UK and United States,” said detective inspector Colin Wetherill of the Metropolitan Police’s Police Central E-Crime Unit (PCeU).

"The investigation involved unprecedented levels of cooperation between the Metropolitan Police, the UK banks, the FBI and other UK and international law enforcement agencies,” he said.

The huge success of the gang’s attacks on online bank accounts probably had something to do with timing. The malware family used, Zeus (also known as SpyEye) was not easily detected by some security systems and the banks concerned clearly underestimated the speed with which it could compromise the accounts of users (Computer World, 2011).

Title: FBI Arrest Computer Programmer For Stealing US Treasury Code
Date:
January 23, 2012
Source:
Computer World

Abstract:
The FBI said it arrested a computer programmer in New York this week and charged him with stealing proprietary software code from the Federal Reserve Bank of New York. The software known as the Government-Wide Accounting and Reporting Program (GWA) handles all manner of US government financial transactions.

Stealing the code for his own business

"As alleged in the complaint, between May 2011 and August 11, 2011, Bo Zhang was a contract employee assigned to the Federal Reserve Board of New York (FRBNY) to work on further developing a specific portion of the GWA's source code which the United States has spent approximately £6.1 million ($9.5 million) to develop. In the summer of 2011, Zhang allegedly stole the GWA Code," said the FBI in a statement.

"According to the complaint, Zhang admitted that in July 2011, while working at the FRBNY, he checked out and copied the GWA Code onto his hard drive at the FRBNY; he subsequently copied the GWA Code onto a bank-owned external hard drive; and he connected that external hard-drive to his private office computer, his home computer, and his laptop. Zhang stated that he used the GWA Code in connection with a private business he ran training individuals in computer programming."

"Zhang took advantage of the access that came with his trusted position to steal highly sensitive proprietary software. His intentions with regard to that software are immaterial. Stealing it and copying it threatened the security of vitally important source code," said FBI Assistant Director in Charge Janice Fedarcyk in a statement.

Previously worked for Goldman Sachs 

Now free on bond but due back in court in February, Zhang, 32, of Queens, New York, faces a maximum term of 10 years in prison and a £160,000 ($250,000) fine if guilty.

While the FBI didn't identify which company Zhang currently worked for, Bloomberg.com reported he in the past had worked for at Goldman Sachs Group Inc. (GS) and Bank of America Corp.

Bloomberg.com also said Matt Anderson, a Treasury spokesman, said the department has worked to strengthen security procedures for Federal Reserve contractors working on Financial Management Service projects. "There was no compromise of any transaction data, personal identifying information or federal funds," Anderson said (Computer World, 2012).

Title: FBI Arrests Financial Software Copyright Fugitive On His Return To The US
Date:
February 3, 2012
Source:
Computer World

Abstract:
The FBI today said it arrested a man on charges of illegally reproducing and distributing more than 100 copyrighted commercial software programs who had fled the country after being indicted last year.

Naveed Sheikh, 31, formerly of Baltimore, was arrested at Dulles Airport as he was trying to get back into the US. According to the FBI, a year ago Sheikh knew he was under investigation and fled to Pakistan shortly before being indicted on 13 January, 2011.

According to the FBI, from February 2004 to April 2008, Sheikh reproduced and distributed more than 100 copyrighted commercial software programs for which he allegedly received over £167,000 ($265,000). The copyrighted works are said to be worth millions of pounds.

Sheikh allegedly advertised through his Internet website and sold infringing copyrighted commercial software at prices well below the suggested retail prices of legitimate, authorized copies of the software. Some of the copyrighted works included Microsoft Money 2006 Small Business, Adobe After Effects Pro 7.0, Veritas NetBackUp Pro 5.1, Solid Works Office 2000 Premium, Quicken Premier Home and Business 2006 and Apple iLife 2006.

The FBI said Sheikh advised purchasers that software programs could be mailed to purchasers on compact discs and downloaded from the Internet. Sheikh created DVD-Rs and CD-Rs with copyright infringing software programs and crack codes. Crack codes let people modify software to remove or disable security protections. Sheikh allegedly requested that purchasers send money orders for infringing software to a P.O. box he maintained in Towson, Md., the FBI stated.

Sheikh also permitted customers to pay for infringing software through credit card charges and electronic fund transfers. Sheikh paid a company that hosted Internet domains to register multiple Internet domains, including ezencode.com, lazer-toners.com, and coark.net. Sheikh's computer server, which was located in Scranton, Pa., hosted his website. Sheikh used computers in Bel Air, Md., and other computers to contact and control his computer server, the FBI stated.

The indictment seeks the forfeiture of £167,000 and any property derived from or traceable to the proceeds of the scheme. He could get up to five years in prison. No hearing date has been set (Computer World, 2012).

Title: Police Arrest Online Banking Fraudster
Date:
March 14, 2012
Source:
Computer World

Abstract:
The Metropolitan Police Service's Police Central e-Crime Unit (PCeU) has arrested a man for committing online banking fraud.

A 37-year-old man from Belvedere in Kent was arrested in connection with computer misuse offences.

It follows a recent study from the UK Cards Association, which said that technology had helped to significantly reduce the amount of money lost through credit and debit card fraud to an 11-year low.

An unnamed high street bank had reported to the police that online accounts had been compromised over an 18-month period. The PCeU carried out an investigation which found that accounts had been accessed without authority, money stolen and personal details had been changed.

The police seized computer equipment from the suspect's address, and will now be examining the devices. The man has been taken into custody at a south London police station.

Detective Inspector Mark Raymond at the PCeU said: "Online crime is never victimless. Such offences are indiscriminate and will be fully investigated where allegations are made.

"Online banking is generally very safe providing individuals keep their operating systems and anti-virus software regularly updated to avoid online hackers and fraudsters. Sound independent advice can be found at 'getsafeonline.org'" (Computer World, 2012).

Title: Two Men Jailed Over SpyEye Banking Malware
Date:
July 2, 2012
Source:
Computer World

Abstract:
Two men who used malware SpyEye to steal and use personal banking and credit card data from unsuspecting victims’ online accounts have been jailed for offences under the Computer Misuse Act.

SpyEye is a computer Trojan horse that specifically targets online banking users. Like its older cousin Zeus, SpyEye is no longer being developed by its original author, but is still widely used by cybercriminals in their operations.

Pavel Cyganok, 28, a Lithuanian national living in Birmingham was sentenced to five years, while Ilja Zakrevski, 26, an Estonian national, has been sentenced to four years.

Meanwhile, a third man, Aldis Krummins, 45, a Latvian living in Goole, was found guilty of money laundering in relation to the investigation, and sentenced to two years.

The investigation began in January and revolved around the group's use of a uniquely modified variation of SpyEye, which harvests personal banking details and sends the credentials to a remote server controlled by hackers, police said. As part of their investigation, police also seized computer equipment and data.

Detective Constable Bob Burls from the Metropolitan Police Central e-crime Unit (PCeU) said: “The defendants, during the course of their enterprise, developed a highly-organised IT infrastructure to enable their criminality, including in some cases, the automatic infection of innocent computer users with their malicious code.”

The PCeU was first contacted by Estonian Police in March 2010 about Zavrevski, whom they suspected was targeting UK financial institutions with SpyEye.

The stolen data was stored in databases, known as Command and Control servers, around the world, with one server in the UK.

An investigation found that about 1,000 computers had been infected and connected to this server, and detectives were also able to identify compromised bank accounts of UK, Danish and Dutch citizens, and how they had been misused and defrauded.

The culprits used the stolen banking details to buy additional IT infrastructure and pay for their domestic utilities and lifestyles.

They also used the credit card data to purchase luxury goods online in bulk, which they resold via online auction sites. Some of the £100,000 made from these sales was laundered within online accounts that the cybercriminals controlled.

Zakrevski was linked to the investigation when the police found a computer located in Estonia connected to his online username, ASAP911, which was periodically checking how many infected computers were connecting to the server. He was extradited to the UK and charged in July 2011.

Meanwhile, Cyganok was arrested at his home address in April 2012, and was found to be logged into a number of the command and control servers at the time (Computer World, 2012).

Title: Lloyds Head Of Security For Online Banking Admits £2.5M Fraud
Date:
August 7, 2012
Source:
Computer World

Abstract:
A former head of fraud and security for digital banking at Lloyds Bank has admitted to committing £2.5 million fraud.

Jessica Harper, 50, was accused of filing false invoices to claim payments for more than three years, between September 2008 and December 2011.

Earlier this year, she was charged with one count of fraud by abuse of position for the false claims, which amounted to £2,463,750 in total. She has pleaded guilty of this charge at Southwark Crown Court, according to the BBC.

According to her lawyer Carol Hawley, Harper is currently selling her £700,000 home to repay some of the stolen money.

Harper will be sentenced on 21 September (Computer World, 2012).

Title: RSA: Cybercriminals Plot Massive Banking Trojan Atack
Date:
October 8, 2012
Source:
Computer World

Abstract:
An international gang of cyber crooks is plotting a major campaign to steal money from the online accounts of thousands of consumers at 30 or more major US banks, security firm RSA warned.

In an advisory Thursday, RSA said it has information suggesting the gang plans to unleash a little-known Trojan program to infiltrate computers belonging to US banking customers and to use the hijacked machines to initiate fraudulent wire transfers from their accounts.

If successful, the effort could turn out to be one of the largest organized banking-Trojan operations to date, Mor Ahuvia, cybercrime communications specialist with RSA's FraudAction team, said today. The gang is now recruiting about 100 botmasters, each of whom would be responsible for carrying out Trojan attacks against US banking customers in return for a share of the loot, she said.

Each botmaster will be backed by an "investor" who will provide money to buy the hardware and software needed for the attacks, Ahuvia said.

"This is the first time we are seeing a financially motivated cyber crime operation being orchestrated at this scale," Ahivia said. "We have seen DDoS attacks and hacking before. But we have never seen it being organized at this scale."

RSA's warning comes at a time when US banks are already on high alert. Over the past two weeks, the online operations of several major banks, including JP Morgan Chase, Bank of America, Citigroup and Wells Fargo were disrupted by what appeared to be coordinated denial-of-service attacks.

A little-known group called "Cyber fighters of Izz ad-din Al qassam" claimed credit for the attacks, but some security experts think a nation may have been behind the campaign because of the scale and organized nature of the attacks.

In mid-September, the Financial Services Information Sharing and Analysis Center (FS-ISAC) warned banks to be on guard against cyberattackers seeking to steal employee network login credentials to conduct extensive wire transfer fraud. Specifically, the alert warned banks to watch out for hackers using spam, phishing emails, Remote Access Trojans and keystroke loggers to try and pry loose bank employee usernames and passwords.

FS-ISAC also noted that the FBI had seen a new trend where cyber criminals use stolen bank employee credentials to transfer hundreds of thousands of dollars from customer accounts to overseas locations.

Over the past few years, cyber crooks have siphoned off millions of dollars from small businesses, school districts and local governments by stealing online usernames and passwords and using those credentials to make the transfers.

The latest discussion suggests that they now have individual consumer accounts in their crosshairs, Ahuvia said, warning that the gang plans to attempt to infiltrate computers in the US with a little known Trojan malware program called Gozi Prinimalka.

The malware is an updated version of a much older banking Trojan, Gozi, which was used by cyber criminals to steal millions of dollars from US banks. The group's plan apparently is to plant the Trojan program on numerous websites and to infect computers when users visit those sites.

The Trojan is triggered when the user of an infected computer types out certain words -- such as the name of a specific bank -- into a URL string.

Unlike the original Gozi, the new version is capable not only of communicating with a central command-and-control server but also of duplicating the victim's PC settings. The Trojan essentially supports a virtual machine cloning feature that can duplicate the infected PC's screen resolutions, cookies, time zone, browser type and version and other settings. That allow the attacker to access a victim's bank website using a computer that appears to have the infected PC's real IP address and other settings, Ahuvia said.

"Impersonated victims' accounts will thus be accessed via a SOCKS proxy connection installed on their infected PCs, enabling the cloned virtual system to take on the genuine IP address when accessing the bank's website," she said in her alert.

Victims of fraudulent wire transfers will not immediately know of the theft because the gang plans on using VoIP flooding software to prevent victims from getting bank notifications on their mobile devices, she added.

Consumers need to ensure that their browsers are properly updated to protect against drive by downloads, she said. They also need to watch for any suspicious behavior or transactions on their accounts.

RSA has also notified US law enforcement and its own FraudAction Global Blocking Network about the threat, she said. Banks, meanwhile, should consider implementing stronger authentication procedures and anomaly detection tools for spotting unusual wire transfers (Computer World, 2012).

Title: Cyber Attacks On Banks Inspire Secret Technocratic Network To Protect Financial Information
Date:
October 12, 2012
Source:
Occupy Corporatism


Abstract:
Last month, mainstream media reported on the cyber-attacks to our banking institutions that disrupted business and caused havoc for customers. National Security officials stated that although the attacks have begun to subside, they are remaining vigilant.

A nameless, faceless group of alleged Iranian hackers is being blamed for the attacks to JPMorgan Chase, Bank of America (BoA), Wells Fargo, US Bancorp and Citigroup. Initially, the hacker group claimed they were upset by the 14 minute trailer produced by the US government and distributed by Israeli citizen and FBI informant, Sam Bacile. Now their story is changing and Iran is the culprit behind these attacks.

US intelligence fueled by the Joint Chiefs of Staff’s Intelligence Directorate (J-2) claims that Iran has been focusing on schemes to attack the US using a cyber army to target US financial institutions – although this information is derived from a “highly classified” document.

According to Pentagon analysis, “Iran’s cyber aggression should be viewed as a component, alongside efforts like support for terrorism, to the larger covert war Tehran is waging against the west.”

The cyber threat level of these banks has been raised to “high” by the industry.

Senator Joseph Lieberman was quick to point out that he believed the Iranian government was to blame and that “I don’t believe these were just hackers who were skilled enough … to cause a disruption of the websites … of Bank of America and JP Morgan Chase.”

Lieberman continued: “I think this was done by Iran and the Quds Force, which has its own developing cyber attack capacity,” he continued. “And I believe it was in response to the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions.”

The US cyber attacks have taken advantage of our vulnerability “which is part of why they are doing it,” Lieberman said. “And it’s a warning to us that if we take action against their nuclear weapons development program that they have the capacity to strike back at us.”

Gholam Reza Jalali, head of Iran’s Civil Defense Organization, denies Iranian involvement. “Iran has not hacked the U.S. banks.”

Frank J. Cilluffo, director of the Homeland Security Policy Institute , told the House Committee on Homeland Security that “the government of Iran and its terrorist proxies are serious concerns in the cyber context. What Iran may lack in capability, it makes up for in intent. They do not need highly sophisticated capabilities – just intent and cash – as there exists an arms bazaar of cyber weapons, allowing Iran to buy or rent the tools they need or seek.”

Thanks to this rhetoric, the White House is actively pursuing a cybersecurity executive order that would not only usurp Congress, but also give the executive branch more over-reaching power to declare law without approval by the citizens of the US.

Confidence in the American banking system is dwindling as the cyber-attacks compound the problem. Keeping the public in the dark about the purpose behind the attacks allows the propaganda surrounding them to become more effective.

Mainstream “experts” claim that Islamic cyber terrorism justifies more stringent cybersecurity measures. Banks like JPMorgan Chase and Bank of America support these controls because they facilitate more secrecy within banking institutions.

A fact that is not reported in the mainstream media readily is that denial of service attacks, as the alleged Islamic cyber army chose to enact, are accomplished without any actual hacking. The ATMs, banking information and data is not stolen or disturbed. Denial of service attacks are a lockout of the customer from the public banking website.

This means that the attacks were designed to play on the ignorance of the public. Using the Hegelian Dialectic, financial institutions in tandem with the mainstream media blow the actual problem out of proportion, stirring the psyche of the public to believe that the situation was worse than it was.

Why wouldn’t hackers destroy documents of actually disrupt banking transactions? Because the scheme was perpetrated by the banking cartels in conjunction with the White House to not only bring about draconian cybersecurity, but also explain how a false flag concerning our banking system will occur in the near future.

Supporting this fake threat are “experts” like Rodney Joffe, senior vice president of the cybersecurity firm Sterling, who said: “The nature of this attack is sophisticated enough or large enough that even the largest of the financial institutions would find it difficult to defend against.”

This style of propaganda keeps the average American in fear that somewhere in the stratosphere there are Islamic extremists waiting to destroy the US. It is the same fear-mongering that occurred just after 9/11 to gain support for the coming “war on terror” – which never seems to end when the terror is state-sponsored.

Verizon Communications has jumped into the mix to assist in investigations into cyber attacks. Verizon, along with the federal government through the authority of the National Cybersecurity and Communications Integration Center (NCCIC) are perfecting control tools.

The “campaign” seeks to identify the nameless, faceless perpetrators and commandeer their computers. More information is considered classified.
At a recent conference last month called the Cybersecurity Summit, influential members of the cyber-world gathered to discuss how they will implement controls on the internet to stop the Islamic cyber army.

The items up for discussion revolved around building infrastructure that “protect” commerce for public and private institutions with regard to cybersecurity. And with technological advances motivating the market, these think-tankers believe that the executive branch of the government must act before it is too late.

Speaking at the conference were:

• Janet Napolitano, secretary of DHS
• Sean McGurk, director of control system security for Verizon
• Paul Nguyen, vice president of cyber solutions for Knowledge Consulting Group
• Dr. Catherine Lotrionte, associate director of law, science and global security at Georgetown University

The banking institutions have decided to join forces to fight the cyber-attacks, along with the federal government so that technological vulnerabilities are identified and eliminated. Morgan Stanley and Goldman Sachs are discussing converging on a shared data center where secret banking information can be kept under wraps so that hackers cannot steal information as well as sound an alarm when other banks are under attack.

This new network of technocrats will privatize customer banking information in the name of security while allowing the banksters to further hide their questionable dealings. Banks across America will be able to communicate in covert means that will never be released to the general public. The days of banking scandals are over because their network will prevent them for being caught (Occupy Corporatism, 2012).

Title: Bangladeshi Man Arrested After Allegedly Trying To Blow Up Fed Building In NYC
Date:
October 17, 2012
Source:
Fox News


Abstract:
Federal authorities arrested a Bangladeshi national Wednesday morning for allegedly plotting to blow up a Federal Reserve Bank in New York City's lower Manhattan, mere blocks away from the site of the terrorist attack of Sept. 11, 2001. The bank is one of 12 branches around the country. 

The 21-year-old suspect, Quazi Mohammad Rezwanul Ahsan Nafis, attempted to detonate what he thought was a 1,000-pound bomb in front of the Fed building on Liberty Street, but the device was a fake supplied to him by undercover FBI agents who had been tracking his activity, the FBI's Joint Terrorism Task Force said Wednesday afternoon.

The supposed explosives posed no threat to the public, the FBI said.

A criminal complaint accuses Nafis of having overseas connections to Al Qaeda and travelling to the U.S. in January to recruit individuals to form a terrorist cell and conduct an attack on American soil. He came under the guise of going to school in Missouri on a student visa. One of Nafis' potential recruits was an FBI source, who alerted authorities, the FBI said.

A federal law enforcement official told Fox News that there was no evidence Nafis was directed by Al Qaeda to carry out this attack, though he appears to have thought he was working for the terrorist group.

At one point, according to criminal complaint, Nafis told undercover agents: "I don't want something that's like, small. I just want something big. Something very big ... that will shake the whole country, that will make America, not one step ahead, change of policy, and make one step ahead, for the Muslims ... that will make us one step closer to run the whole world."

A U.S. official told Fox News that President Obama was Nafis' first target, but the criminal complaint only refers to "a high-ranking official." The complaint also mentions the New York Stock Exchange as a proposed target.

The FBI cites a written statement obtained from Nafis in which he said he wanted to "destroy America" and determined that the best way to achieve that goal was to target the economy. He also referenced quotes from "our beloved Sheikh Osama bin Laden."

Nafis appeared in federal court in Brooklyn to face charges of attempting to use a weapon of mass destruction and attempting to provide material support to Al Qaeda. Wearing a brown T-shirt and black jeans, he was ordered held without bail and did not enter a plea. His defense attorney had no comment outside court.

"Attempting to destroy a landmark building and kill or maim untold numbers of innocent bystanders is about as serious as the imagination can conjure," FBI Acting Assistant Director-in-Charge Galligan said. "The defendant faces appropriately severe consequences."

NYPD Commissioner Raymond Kelly noted that there have been 15 terrorist plots targeting the city since the attacks of Sept. 11, 2001.

"Al Qaeda operatives and those they have inspired have tried time and again to make New York City their killing field," Kelly said. "After 11 years without a successful attack, it's understandable if the public becomes complacent. But that's a luxury law enforcement can't afford" (Fox News, 2012).

Title: Barnes & Noble Says PIN Pads In 63 Stores Hacked
Date:
October 23, 2012
Source:
Yahoo News


Abstract:
Barnes & Noble Inc. said Tuesday that devices used by customers to swipe credit and debit cards have been tampered with in 63 of its stores in nine states.

The company warned customers to check for unauthorized transactions and to change their personal identification numbers, or PINs. It didn't say how many accounts may have been compromised.

But The New York Times, citing a high-ranking company official it did not name, reported that hackers had made unauthorized purchases on some customer credit cards.

The New York-based bookseller said in a statement Tuesday only one of the devices, known as PIN pads, was tampered with in each of the 63 stores. The stores are in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island.

All the PIN pads in its nearly 700 stores nationwide were disconnected on Sept. 14 after the company learned of the tampering. Federal authorities are helping in its investigation.

Barnes & Noble said it is working with banks and card issuers to identify compromised accounts so that additional fraud-protection measures can be taken.

Customers at its book stores will now have to ask cashiers to swipe credit or debit cards on card readers connected to cash registers, a process that is secure, Barnes & Noble said.

Anything bought on Barnes & Noble.com or with the chain's Nook devices and app were not affected, the company said. It also said its customer database is secure.

Barnes & Noble is only the latest major retailer to be a victim of a serious data breach. In one of the largest, more than 45 million credit and debit cards were exposed to possible fraud because of hackers who broke into the computer system of TJX Cos., the parent company of retailers T.J. Maxx and Marshall's, starting in 2005 (Yahoo News, 2012).

Title: Prison, Massive Fine For French Rogue Trader
Date:
October 24, 2012
Source:
Yahoo News

Abstract:
The Paris appeals court has upheld former Societe Generale trader Jerome Kerviel's conviction for covering up massive losses, sentencing him to three years in prison and ordering him to pay back a staggering €4.9 billion (about $7 billion) in damages.

A lower court convicted him in October 2010 of forgery, breach of trust and unauthorized computer use in one of history's biggest trading frauds. The appeals court upheld the conviction and the sentence Wednesday.

Kerviel had sought an acquittal, saying the bank had turned a blind eye to his exorbitant trades in 2007 and 2008 as long as they made money (Yahoo News, 2012).