At
first, Shawn Ballesty thought the delay in his rent payment arriving in the
landlord's account was normal.
Then the
landlord rang again: "Hey mate, your rent wasn't paid," Ballesty
recalls his landlord saying, knowing he made the online transfer himself.
"So
I thought, I'll send it again, just in case, then sort it out with the
bank."
Once
more, a payment was made and a receipt issued, but the money didn't arrive.
The
Commonwealth Bank traced the transfers and advised both had been hijacked and,
invisibly to Ballesty, deposited into a third party's account with another
bank. A computer at Ballesty's business - All Mounting and Diecutting Services,
on Sydney's northern beaches - was infected, the bank explained.
A
banking trojan - malicious software - had been installed on it without his
knowledge. Ballesty was just one of thousands of people across Australia and
the world to have their business bank account fleeced by cyber criminals.
Such
malware is often distributed via infected email or instant message links sent
via spam, attachments, pirated software or visits to infected websites.
"It
got out of control, they were intercepting it while I was doing stuff
[online]," Ballesty says.
Along
with the rent, other smaller amounts were taken: a total of $18,000 stolen in
less than a week.
Australian
banks have been quietly working to deal with the problem, in particular a
trojan called Carperb, which has infected about 150,000 PCs in Australia. Once
installed, it presents a fake transaction page and allows the attacker to view
the victim's browser in real-time.
The
malware has been customised for clients of the Commonwealth Bank, ANZ, Westpac,
the Bank of Queensland, Bendigo Bank, Adelaide Bank, Teachers Mutual Bank,
DefenceBank, Suncorp, Bankwest and NAB, according to the Russian security company
Group-IB, which is helping the banks.
"Right
after the user goes online and wants to make a transfer, they will intercept
his session on the browser and spoof the destination of the transfer absolutely
silently," Andrey Komarov, head of international projects, says.
Fake
CommBank Android security app targets mobile customers
Spam
comes from bad neighbourhoods
But
banks aren't the only ones fighting. In June Microsoft and the FBI - aided by
authorities in more than 80 countries, including Australia - launched a major
assault on one of the world's biggest cybercrime rings, which is believed to
have stolen more than $US500 million from bank accounts in the past 18 months.
The
operation was aimed at a different trojan, Citadel. The Citadel botnet - a web
of 1400 networks of 5 million zombie computers infected with malware - has been
used, Microsoft says, to steal from dozens of financial institutions including
American Express, Bank of America, Citigroup, eBay's PayPal and HSBC. The
company alleges Citadel is controlled by a boss known as Aquabox who sells
malware kits on the internet underground and takes a cut from the money stolen.
The software disables antivirus programs on infected PCs to stay undetected.
Other
banking trojans act in similar ways. After a three-year manhunt, 24-year-old
Nigerian man Hamza Bendelladj is facing charges in the US in connection with
selling and supporting SpyEye, which also allows hackers to hijack victims'
bank accounts as they log in from their own computers.
"At
the highest level, most of the internet is operated by responsible
organisations, but you have a few folks that have bad seeds that are going to a
level of sophistication - real criminal enterprises," says TJ Campana,
director of security at Microsoft's Digital Crimes Unit at its US headquarters
near Seattle.
These
are tech-savvy groups and individuals committing fraud online, mostly financial
fraud. But there's a war taking place on the internet.
It's a
war between those who say they are trying to make it more expensive for
criminals to bypass their security, and the criminals trying to stay a step
ahead of their suitors.
The war
on spam - the mainstay of malware spread, fake drug marketing and other scams -
began several years ago.
According
to independent researcher and author Brian Krebs' analysis of spam data from
security vendor Symantec, spam volumes have decreased from 6 trillion messages
in 2008 to about 1 trillion at the end of 2012. Just three years ago spam
accounted for more than 90 per cent of global email volume. In January, it
dropped to 64.1 per cent.
Joint
operations between law enforcement in several countries, Microsoft, security
vendors such as Symantec and McAfee, and security researchers have netted major
crackdowns on spam senders (Mt Colo ISP was closed in September 2008) and spam
botnets (Waledac in January 2010, Rustock and Kelihos in 2011, Bamital in
January). Control and command servers for the zombie networks distributing the
ZeuS and SpyEye malware were also cut off in March, and arrests relating to
cyber financial fraud are taking place more regularly.
Does
that mean the good guys are finally winning?
"That's
a tough question," Campana says. "Spam still exists, but when we talk
to the Windows Live team, they have a pretty good service in filtering out
spam, they think they're getting there."
Campana
makes no apologies for Microsoft's role in cybercrime fighting. "Malware
is bad for our customers, it causes this very bad experience on our products.
We want to make it easier for our customers to protect themselves and harder
for the bad guys to make money.
"If
you infect one of my customers, you are getting them to send spam, to commit
fraud," he says.
The
actions, mostly driven through the company's legal manoeuvring of civil
lawsuits, help it defend its revenue streams on several fronts. By reducing
spam and malware spread, it reduces pressure on its Windows Live (previously
Hotmail) infrastructure, reduces the likelihood of infection on its customers'
PCs, protects its Windows brand and reduces the drain on its advertising
revenue caused by click-fraud also perpetrated by botnets.
Krebs
says the takedowns and arrests are positive steps in the fight against
cybercrime, but they may not be a deterrent for all. "It seems clear that
only a very tiny fraction of people involved in cybercrime ever are brought to
justice for their role in this economy," Krebs says.
"I
spend a great deal of time on a large number of underground forums dedicated to
credit card and identity theft and all manner of cybercrimes, and it seems that
not only are the numbers of forums that help people get started in this
industry increasing, but these forums are now more popular than ever."
Krebs
says most online scammers make little money and rely on user-friendly
downloadable tools offered by other members of the underground. He believes
there is only a relatively small number of organised cyber criminal
organisations. Campana says there may be only a handful of "families"
in Eastern Europe, Brazil and Asia. Many of them are already under active
criminal investigations.
"The
reality is the folks who are offering turkey solutions - be they cash-out
services, malware writers, bot installation kits or exploit kits, or spam
rentals - really drive the underground economy. And business is booming,"
Krebs says.
We're
not losing
Dmitri
Alperovitch of CrowdStrike, a security consultancy to corporations and
governments, says most countries want to collaborate to identify and prosecute
cyber criminals, but, like all crime, cybercrime will always be with us.
"It's
certainly becoming harder for criminals to get away with it as prosecution is
starting to catch up and arresting these crooks more often but others continue
to join their ranks all over the world," he says.
"I
think spam is one area where the volumes have dropped down precipitously. Of
course, low-volume phishing attacks and web-based scams have taken their place,
so it's hard to call it a complete victory."
While it
is hard to say who is winning, Phil Kernick, security expert with CQR, says
society is not losing. "Criminals are making more money than they ever
made, but so is society - the internet is tremendously useful," Kernick
says.
Corey
Nachreiner, director of security strategy for Watchguard Technologies, says
everyone needs to understand how cyber criminals operate in order to protect
themselves. "Some are specifically targeting very small victims because
they stay under the radar.
"I
don't think home consumers should go crazy with it, but they need to realise
they need to be careful with visiting a website that can infect their
computer."
The bank
returned Ballesty's money, but not before his business accounts were frozen,
without him being able to process wages and other payments for a week. A
security adviser from the bank even delivered a list of security measures the
business must adopt, including staff cyber-awareness training and a warning it
won't refund moneys lost to the same scam again.
Ballesty
says he and his staff are a lot more cautious with their online activities now,
even on their breaks and outside work hours.
- with
Liam Tung
(www.watoday.com.au)
Tidak ada komentar:
Posting Komentar