Cybercrime ring steals up to $1 billion from banks — Kaspersky

A multinational gang of cyber criminals has stolen as much as $1 billion from as many as 100 financial institutions around the world in about two years, Russian computer security company Kaspersky Lab said on Saturday.

The company said it was working with Interpol, Europol and authorities from different countries to try to uncover more details on what it being called an unprecedented robbery.

The gang, which Kaspersky dubbed Carbanak, takes the unusual approach of stealing directly from banks, rather than posing as customers to withdraw money from companies’ or individuals’ accounts. It said the gang included cyber criminals from Europe, including Russia and Ukraine, as well as China.

Carbanak used carefully crafted emails to trick pre-selected employees into opening malicious software files, a common technique known as spear phishing. They were then able to get into the internal network and track down administrators’ computers for video surveillance.

In this way, Kaspersky said, the criminals learned how the bank clerks worked and could mimic their activity when transferring the money.

In some cases, Carbanak inflated account balances before pocketing the extra funds through a fraudulent transaction. Because the legitimate funds were still there, the account holder would not suspect a problem.

Kaspersky said Carbanak also remotely seized control of ATMs and ordered them to dispense cash at a predetermined time, when a gang member would be waiting to collect the money.

“These attacks again underline the fact that criminals will exploit any vulnerability in any system,” Sanjay Virmani, director of Interpol Digital Crime Center, said in a statement prepared by Kaspersky. “It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.”

source: interaksyon.com

Cybercrime hits financial firms hardest: survey

LONDON — Cybercrime is the second most common type of fraud reported by financial firms, more than double the level across other industries, as criminals turn increasingly to technology as their main weapon against banks, a survey showed.

Some 39 percent of financial services companies that suffered from economic crime last year said they had been hit by cybercrime, compared to 17 percent in other industries, according to the survey by consultancy PwC.

Banks in Europe and the United States are being told by regulators to toughen their defenses against cyber attacks, which have grown more frequent and severe as criminals and “hacktivists” become more sophisticated. Banks are often targeted for financial gain, but sometimes it is to disrupt business.

Hundreds of bankers took part in simulated “cyber attacks” last year in New York and London to test their resilience to such threats.

PwC said its survey even appeared to underestimate the scale of attacks, saying its experience showed a clear majority of financial firms had suffered cybercrime last year.

“Cybercrime is growing and the methods are constantly evolving. We see no abatement in attacks on banks’ infrastructure,” said Andrew Clark, a partner in PwC’s forensics practice.

Some 45 percent of financial firms were victims of fraud last year, PwC’s 2014 global economic crime survey showed. The survey, based on responses from 1,330 companies in 79 countries, showed theft was responsible for the highest share of economic crime, followed by cybercrime, money laundering, accounting fraud and bribery and corruption.

External fraudsters are behind most of the economic crime. The survey said most internal frauds were committed by junior staff or middle managers.

The profile of the typical internal fraudster is a male aged 31-50, with a university education.

source: interaksyon.com

Israeli government websites under mass hacking attack

JERUSALEM — More than 44 million hacking attempts have been made on Israeli government web sites since Wednesday when Israel began its Gaza air strikes, the government said on Sunday.

Finance Minister Yuval Steinitz said just one hacking attempt was successful on a site he did not want to name, but it was up and running after 10 minutes of downtime.

Typically, there are a few hundred hacking attempts a day on Israeli sites, the ministry said.

Attempts on defence-related sites have been the highest, while 10 million attempts have been made on the site of Israel’s president, 7 million on the Foreign Ministry and 3 million on the site of the prime minister.

A ministry spokesman said while the attacks have come from around the world, most have been from Israel and the Palestinian territories.

“The ministry’s computer division will continue to block the millions of cyber attacks,” Steinitz said. “We are enjoying the fruits of our investment in recent years in developing computerized defence systems.”

Steinitz has instructed his ministry to operate in emergency mode to counter attempts to undermine government sites.

Both sides in the Gaza conflict, but particularly Israel, are embracing the social media as one of their tools of warfare. The Israeli Defense Force has established a presence on nearly every platform available while Palestinian militants are active on Twitter.

“The war is taking place on three fronts. The first is physical, the second is on the world of social networks and the third is cyber,” said Carmela Avner, Israel’s chief information officer.

Last month, U.S. Defence Secretary Leon Panetta said cyberspace is the battlefield of the future, with attackers already going after banks and other financial systems. U.S. banks have been under sustained attack by suspected Iranian hackers thought to be responding to economic sanctions aimed at forcing Tehran to negotiate over its nuclear program.

source: interaksyon.com

US cybersecurity bill dead after second Senate rebuff

WASHINGTON — Senate Majority Leader Harry Reid declared a US cybersecurity bill, opposed by business and privacy groups, dead on Wednesday after it failed a test vote for the second time.

The bill would have increased information sharing between intelligence agencies and private companies. It also would have set voluntary standards for businesses that control electric grids or water treatment plants.

Business groups opposed the bill as overregulation and privacy groups worried it might open the door to Internet eavesdropping.

“Everyone should understand cybersecurity is dead for this Congress,” said Reid, a Democrat, adding, “Whatever we do on this bill, it’s not enough for the Chamber of Commerce.”

Reid invited President Barack Obama to issue an executive order “to fully protect our nation from the cybersecurity threat.”

The measure fell nine votes short of the 60 needed to limit debate on the bill and open the way to a final vote.

A trade group, the Software Alliance, said Congress should give top priority next year to bolstering security.

Backers had hoped to move the bill during the post-election session. Homeland Security Secretary Janet Napolitano said recently that attacks on US financial institutions and stock exchanges showed the need for more cyber safeguards.

Defense Secretary Leon Panetta said last month that unnamed foreign elements had been targeting computer control systems that operate chemical, electricity and water plants and those that guide transportation.

Senator Susan Collins, the senior Republican on the Senate Homeland Security Committee, said the risk from a cyber attack was huge.

“In all my years on the Homeland Security Committee, I cannot think of another issue where the vulnerability is greater and we’ve done less,” Collins said.

source: interaksyon.com

350 foreigners nabbed as authorities crack Internet fraud ring

MANILA, Philippines -- More than 350 foreigners, mostly Taiwanese and Chinese, were arrested Thursday by agents of the Criminal Investigation and Detection Group and the Presidential Anti-Organized Crime Commission in what authorities called the “biggest and most resolute operation” against cybercrime.

Among those arrested were the alleged financiers of the Internet fraud ring, Filipino-Chinese Maria Luisa Tan and Johnson Tan Co.

CIDG Director Samuel Pagdilao Jr. said the suspects were arrested during raids on more than 20 homes in subdivisions in Quezon City, Manila, Marikina, Cainta and Antipolo Cities Thursday morning.

CIDG deputy director for operations Senior Superintendent Keith Singian said the suspects would call potential victims in China over the Internet and, posing as Chinese police, tell them their bank accounts were being used to launder money for terrorist activities.

They would then advice their victims to transfer their funds to a “safe account” the fraudsters would provide.

Most of the victims, said Singian, would comply out of fear.

The modus operandi used to be common in China until authorities cracked down in 2010, driving crime rings to move their operations overseas and rely on the Internet to dupe their victims.

On May 27, authorities also arrested 37 Chinese for a similar scam.

All the suspects arrested Thursday were brought to the Police National Training Institute (PNTI) in Camp Vicente Lim, Laguna where cases for violation of the Access Device Act are being readied against them.

source: interaksyon.com