TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentral TechCentral
    NEWSLETTER
    • News

      Where to next for Dimension Data

      5 July 2022

      Zapper is said to seek fundraising at huge valuation

      5 July 2022

      Stage-5 load shedding to continue until Thursday

      5 July 2022

      Big step forward for Cell C as debt deal approved

      5 July 2022

      Eskom unions accept 7% wage offer

      5 July 2022
    • World

      Bitcoin hints at a bottom – but it may be different this time

      5 July 2022

      China, US war of words erupts over lunar missions

      5 July 2022

      Tether fails to calm jittery nerves

      4 July 2022

      EU to impose wide-ranging new rules on the crypto industry

      3 July 2022

      Crypto hedge fund Three Arrows files for bankruptcy

      3 July 2022
    • In-depth

      The bonfire of the NFTs

      5 July 2022

      The NFT party is over

      30 June 2022

      The great crypto crash: the fallout, and what happens next

      22 June 2022

      Goodbye, Internet Explorer – you really won’t be missed

      19 June 2022

      Oracle’s database dominance threatened by rise of cloud-first rivals

      13 June 2022
    • Podcasts

      How your organisation can triage its information security risk

      22 June 2022

      Everything PC S01E06 – ‘Apple Silicon’

      15 June 2022

      The youth might just save us

      15 June 2022

      Everything PC S01E05 – ‘Nvidia: The Green Goblin’

      8 June 2022

      Everything PC S01E04 – ‘The story of Intel – part 2’

      1 June 2022
    • Opinion

      South Africa can no longer rely on Eskom alone

      4 July 2022

      Has South Africa’s advertising industry lost its way?

      21 June 2022

      Rob Lith: What Icasa’s spectrum auction means for SA companies

      13 June 2022

      A proposed solution to crypto’s stablecoin problem

      19 May 2022

      From spectrum to roads, why fixing SA’s problems is an uphill battle

      19 April 2022
    • Company Hubs
      • 1-grid
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»In-depth»The modern way to rob a bank

    The modern way to rob a bank

    In-depth By Editor30 July 2014
    Facebook Twitter LinkedIn WhatsApp Telegram Email

    hacker-640

    The number of physical robberies on banks has fallen dramatically in recent years, but the amount of money banks are losing through electronic methods has rocketed. In 2013, for example, the annual fraud indicator estimated the annual cost of fraud in the UK was £52bn what it was five years before. So it’s easy to put up CCTV cameras, bulletproof glass and alarm bells, but in an electronic world there are infinite ways to commit fraud.

    In fact, there are so many targets in an electronic world that criminals can focus their efforts on the customer, the bank or the merchant. With virtually no footprint at all, criminal gangs can install malware within any part of the e-commerce infrastructure and either steal user credentials or modify transactions. It may be tempting to see this as a victimless crime, but large-scale fraud can have serious implications on the global financial market, not to mention user trust.

    Individuals have been finding ways around electronic security for decades. Well known examples include John Draper (aka Captain Crunch), who in the 1970s used a whistle tuned to 2,6kHz that was given away in cereal packs to fool the pitch-controlled security system on the US telephone network, allowing him to make long-distance calls free of charge. Then there was Vladmir Levin, from Russia, who siphoned off millions from Citibank customers in the early 1990s by finding a way around their dial-up wire transfer service.

    These days, any “script kiddie” can create their own targeted attack on the finance system. You don’t need extensive programming skills or even a deep knowledge of how the e-commerce infrastructure works. A key target is the end user, since they tend to be the weakest link in the chain.

    The latest reminder came with the recent attacks on Boleto Bancário, the Brazilian inter-bank payment system, which were announced earlier this month. Known colloquially as Boleto, a vast amount of low-dollar transactions were hijacked by the latest malware, most probably set up by Brazilian organised crime gangs. With the theft amounting to nearly US$4bn, it could be the largest fraud in history.

    Boleto is the second most popular payment method in Brazil after credit cards and has around 18% of all purchases. It is typically used to pay phone and shopping bills. One reason it is popular is that many Brazilians don’t have a credit card, and even when they do have one, they are often not trusted.

    The fraud was very simple. It tricked customers into installing a piece of malware on their system and then waited until they visited their bank’s website. It spread using what is called spear phishing, which is the most common method these days, where users are sent e-mails with links on them. When the user clicks on them, they will run a program on their computer, and install the malware.

    The malware used what is called a man-in-the-browser attack, where the malware sits in the browser, including Google Chrome, Mozilla Firefox and Microsoft Internet Explorer. It is known commonly as a Eupuds, which is classified as an information-stealing Trojan that stays alive by writing itself on to a user’s hard drive and modifying the relevant Windows registry key so that it starts every time the computer is booted up. As well as infecting browsers using Windows operating systems, it can also steal information through the likes of Windows Live/Hotmail and Facebook.

    In the case of Boleto, it worked by detecting the traffic between the browser and server by searching for specific relevant strings linked to bank sites. It then recorded all the information that had to be submitted about the recipient of the Boleto transaction. It then submitted the transfer for payment and modified it by substituting an attacker’s account for the recipient’s one. As many as 200 000 IP addresses were infected and 83 000 user e-mail credentials were stolen in a scheme that had been going on for two years.

    Of the statistics received, all the infected machines were running Windows. The majority were running Windows 7 (78,3%), with Windows XP second (17.2%). Of the browsers detected, the most popular was Internet Explorer (48,7%), followed by Chrome (34%) and Firefox (17,3%); and the most popular e-mail domain used to steal user credentials was hotmail.com (94%). The reason that the impact was so great is that Boleto is only used in Brazil, thus malware detection software has not targeted it since it is a limited market.

    All the same, the threat should have been detected more quickly. The first signs of the Zip file containing the malware appeared in 2010. Cisco Systems was highlighting the distribution of the spam e-mails in 2012 and more warnings highlighted the threat last year.

    These attacks should serve as a wake-up call for the finance industry and governments around the world. What is most worrying about this type of fraud is that it could compromise the whole of the finance industry. It could even bring down major finance companies and even nation states with a single large-scale event.

    As long as there’s one person willing to click on a link in an e-mail, there is the potential for fraud. This is why the focus is moving towards end users.The Conversation

    So, what’s the solution? Users need to watch what they click and protect their systems by installing the latest upgrades from the likes of Microsoft and having up-to-date antivirus software. Even then, these are dangerous times to bank.

    • Bill Buchanan is head of the Centre for Distributed Computing, Networks and Security at Edinburgh Napier University
    • This article was originally published on The Conversation
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticlePretoria schools get free Wi-Fi
    Next Article Schindehütte hearing to resume

    Related Posts

    The bonfire of the NFTs

    5 July 2022

    The NFT party is over

    30 June 2022

    The great crypto crash: the fallout, and what happens next

    22 June 2022
    Add A Comment

    Comments are closed.

    Promoted

    Hot Ink certifies and diversifies to maintain competitive printing edge

    5 July 2022

    Increased flexibility with Dell Precision Mobile Workstations

    5 July 2022

    The 5 secrets of customer experience in the cloud era

    5 July 2022
    Opinion

    South Africa can no longer rely on Eskom alone

    4 July 2022

    Has South Africa’s advertising industry lost its way?

    21 June 2022

    Rob Lith: What Icasa’s spectrum auction means for SA companies

    13 June 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.