disLEXia

Tuesday, 22. July 2003

IDENTITÄTS-DIEBSTAHL: Cracker räumt Online-Konten ab

Einem unbekannten Cracker gelang bei Südafrikas größter Bank die Selbstbedienung: Mit einem Keylogger-Programm stahl er Zugangscodes direkt bei den Kunden. Die müssen nun nachweisen, dass sie sich ausreichend geschützt haben.

Über das Online-Banking gibt es zahlreiche Legenden: Lange Jahre zögerte das Gros der Kunden, über das Web überhaupt Geld zu bewegen. Inzwischen gilt das als weitgehend sicher - und hartnäckig hält sich die Legende, die Banken würden erfolgreiche Hacks, wenn es sie geben würde, schon stillschweigend vertuschen. Der Kunde jedenfalls müsse keinen Schaden erwarten.

Harry de Villiers, Rechtsanwalt in Südafrika, weiß das jetzt besser. Als Kunde von Südafrikas größter Bank Absa gehört er zu einem bisher kleinen Kreis von Kunden, deren Konten in den letzten Tagen durch einen Cracker erleichtert wurden. Drei Fälle erkennt die Bank bisher an, sechs weitere werden augenblicklich untersucht. Insgesamt 530.000 Rand (rund 61.500 Euro) zog der Cracker bisher ab, 300.000 allein bei Villiers.

Ihn aufzuspüren wird nicht leicht. "Auf Seiten der Bank", versichert Absa-Sprecher Richard Peasey, "gab es keine Sicherheitsverletzung". Absa sei mitnichten gehackt worden, vielmehr setze der unbekannte Cracker direkt bei den Kunden an.

Wahrscheinlich, vermuten Sicherheitsexperten, jubele der Cracker den Kunden ganz gezielt per E-Mail einen so genannten Trojaner unter. Der aktiviere ein Keylogging-Programm, das von da an jeden Tastaturanschlag protokolliere und an den Cracker weiterleite. Die entsprechenden Mails landen auf einem unter falschem Namen eröffneten Hotmail-Account.

Nach und nach erfahre der Cracker so Zugangspassworte und PIN-Nummern. In den meisten Banking-Systemen bedarf es zu einer Abhebung aber darüber hinaus so genannter TAN-Nummern, die nach ihrem ersten Gebrauch verfallen. Das deutet darauf hin, dass der Cracker auch einen Echtzeit-Zugang zum Rechner der Betroffenen geschaffen hat: Er fängt die TAN-Nummern ab und gebraucht sie in der Folge im Namen ihrer eigentlichen Besitzer. Für die Bank besteht dabei kaum eine Möglichkeit festzustellen, ob sich nun Kunde oder Cracker im System befinden: Das ganze, sagt Pearsey, sei ein klassischer Fall von ID-Diebstahl, und kein Hack des Banksystems.

Auch, wenn das zunächst anders klingt, sind dies keine guten Nachrichten für Banking-Kunden. Bei einem Hack des Banksystems könnten diese gegenüber der Bank Schadensersatzansprüche geltend machen. Bei einer Methode, die beim Kunden ansetzt, müssten sie zunächst einmal nachweisen, dass sie zumindest versucht hatten, sich hinreichend zu schützen. Selbst dann bleibt die Schadensersatzfrage unklar.

Banksprecher Pearsey gibt an, man sei dem Cracker bereits auf den Fersen. Das ist noch nicht einmal unwahrscheinlich: Alle Geschädigten erstatteten ihre Anzeigen bei der gleichen Polizeibehörde, leben am gleichen Ort. Das erklärt auch, wie der Cracker so gezielt einzelne Bankkunden "ansprechen" konnte: Wahrscheinlich begann der Crack mit einer Beobachtung einer örtlichen Bank und ihrer Kunden.

Mit rund 400.000 Online-Kunden ist Absa Südafrikas größte Online-Bank. Insgesamt nutzen etwa 1,2 Millionen Südafrikaner die Möglichkeiten des Online-Banking.

Presseerklärung: http://www.absa.co.za/ABSA/Media_Releases/Article_Page/0,1551,424,00.html

Absa leads fight against Internet fraud

Publication Date : 20 July 2003

A small number of Internet account holders in South Africa have just become victims of the latest international trend in Internet fraud called identity theft. Absa and the rest of the banking industry are working together to combat this new crime.

“Fraudsters are beginning to realise how difficult it is to breach bank security systems and are now targeting the home computers of account holders by stealing their electronic identity, mainly their PIN and access account numbers,” says Richard Peasey, Absa Group Information Security Officer.

An Absa investigation has confirmed that so far, only three clients in the Western Cape have had money moved from their accounts after the fraudster managed to gain unauthorised access to their computers and load software called key-stroke logging software which automatically copied everything they typed on their computers and sent it back to the fraudster without their knowledge. The software therefore transmitted information about the bank accounts typed in by the clients to the fraudster. The fraudster was then able to use this information to electronically impersonate the client and gain access to their bank accounts. A further six cases are under investigation.

“Absa's forensic team is progressing with the investigation, ” says Peasey. All Absa transactions are monitored 24 hours per day, seven days a week, all year round.

Absa has also called a meeting of all the information security officers in the banking industry to find ways of stopping this form of crime. “At Absa and all the other banks, the peace of mind of our clients is our first priority and whenever we as the industry are faced with a new security problem like this, we work together to ensure the safety of clients’ money,” confirms Peasey. Absa’s forensic team is working with industry experts to resolve the matter.

“All the banks including Absa have been putting information on their websites and in their banking halls for Internet banking clients about safety precautions that they should take to protect their personal information. “Internet banking is safe and clients need to be more vigilant than ever to ensure that it stays safe,” says Peasey. He says that the safety precautions that clients should be taking include:

To prevent key-logging:

Make sure that no-one has unauthorized access to your PC. Ensure that you have the latest anti-virus applications loaded on your PC. Your local supplier will provide you with details in this regard. Make sure that the software that is loaded onto your PC via a third party is licensed. Update your operating system and browser with the latest Microsoft patches to protect your PC from exploitation. These can be downloaded from the Microsoft website http://www.microsoft.com Do not open suspicious or unfamiliar e-mails. Ensure that you have control over the shared folders on your PC as a shared folder could make your PC vulnerable to unauthorized installation of suspicious software. A shared folder can be identified by a blue icon shaped in the form of a hand.

General safety tips:

It is important to ensure that you are at the Absa website. This you do by checking the Absa Security Certificate by clicking on the security icon. Ensure that you are on the secure Absa Internet banking website by checking that the URL begins with “https” rather than “http.” The initial connection to www.absadirect.co.za will redirect the connection to an available Internet banking server. Always ensure the secrecy of your PIN number. Never disclose your PIN number to anyone – this includes bank staff members. A bank staff member will never ask you for your PIN. When entering your PIN information make sure that you cannot be seen – you never know who might be watching. Be especially vigilant of security cameras trained on your PC.
08:56 | permanent link | mail this

Hackers using home PCs to defraud clients

Hackers using home PCs to defraud clients Related links

Monday July 21, 2003 15:07 - (SA)

Hackers could be using home computers to steal thousands of rands from Absa Bank's clients -- and not the system of the bank, the Banking Council said in a statement today.

"Because they are finding it increasingly difficult to breach the banks' own security systems, they are beginning to turn to weaker links outside of these systems, for example, internet service providers or the customers' own PCs.   "In this specific instance, it appears that the loophole was not in the banks' system but that home computers are being compromised," council spokeswoman Claire Gerbhardt-Mann said.   She said the banking industry should seek a solution to the problem and prevent fraudsters who continue to try new ways of robbing people of their money.   The Sunday Times reported that a hacker or "internet burglar" had been illegally transferring money from the accounts of Absa clients, apparently after obtaining their banking details by sending them "spy software" -- an email message that, when opened, sets itself up to record certain keystrokes on the computer and transmit these to a given address.   Thus the hacker obtains the victim's bank account number and personal identification number (PIN).   Experts from the police Commercial Crime Unit in Cape Town were investigating the illegal internet transfer of funds from Absa accounts as reported in the Sunday Times, police spokesman Superintendent Riaan Pool said on Sunday.   He said the police team was being assisted by a team from the bank. Police had received 10 complaints of fraud with the amount involved totalling R530,000.   The complaints were all laid at the same Cape Town police station in the course of the past two or three months, Pool said.   Gebhardt-Mann said the way the way this particular scam was perpetrated was that emails were being sent to the public, and when these were opened a virus was downloaded on to the computer which copied whatever was typed in.   "This information is then sent to the fraudsters," she said.   The Banking Council advised the public to make sure that no one had unauthorised access to their computers.   Gebhardt-Mann advised bank customers to install the latest anti-virus applications on their computers, exercise control over the shared folders, keep their PIN secret and to never disclose their PIN to anyone, including bank staff.

Sapa

Sunday Times South Africa Jul 21 2003 10:57AM ET [moreover Computersecurity]

http://www.sundaytimes.co.za/2003/07/20/news/news01.asp

Hacker cleans out bank accounts

Hundreds of thousands of rands stolen via Internet from Absa clients. By Edwin Lombard

A HACKER is targeting clients of South Africa's largest bank and has managed to steal hundreds of thousands of rands by breaching their accounts over the Internet.

The Police Commercial Crimes Unit confirmed this week it was investigating nine cases involving thefts from Absa accounts. Absa is the leading South African Internet banker with about 35% of the market and about 300 000 online clients.

Police and bank officials say it appears the perpetrator used "spyware" to gain access to the personal computers of the victims, and, having found out their Internet banking information, had transferred money out of their accounts.

Total losses of R230 000 have been reported to police - but one victim said late on Friday that he had discovered another R300 000 missing from his account.

Another victim, Helene van Tonder, a bookkeeper from Bellville, said her whole R15 000 salary had disappeared from her bank account the day after she was paid.

"When I went to the ATM on June 27, all my money was gone. When I contacted the bank, they said I must go and lay a charge at the police."

Van Tonder said the bank reimbursed her money and told her that somebody had gained access to her account via the Internet. She had, however, cancelled her Internet account with the bank.

Police spokesman Riaan Pool said police did not yet have all the details of how the hacker had worked but they knew that there was only one perpetrator.

"It is a hacker. The police are following up extremely good clues," he said.

Absa refused to refer to the culprit as a "hacker" and would only refer to the crime as "identity fraud" committed by a person who had gained access to clients' accounts through their own personal computers using the Internet.

Absa's group information security officer, Richard Peasy, said the bank's "security systems and processes had alerted the bank to suspicious activity before these clients knew about it.

"The transactions were frozen and the process for dealing with potentially fraudulent transactions was instituted," he said.

However, attorney Harry de Villiers said R300 000 had gone missing from one of his trust accounts when he went to check his statements on Friday. Fortunately, his trust accounts were insured. He said the bank had only alerted him to R10 000 that was mysteriously transferred into one of his accounts earlier in the week.

De Villiers made a report to the police late on Friday. His complaint is in addition to the nine already being investigated by the police.

He said when he checked his accounts more closely later, he discovered that the hacker had transferred amounts of R227 000 and R93 000 to another account.

De Villiers said further inquiries revealed that the person had bought 15 laptop computers by transferring some of the money into the account of the computer company and the rest into an account at a different bank.

Peasy said the crook had gained access to personal information of account holders through their own computers and said it had nothing to do with the bank.

He said the bank had already identified suspects and Absa's forensic team was working with the police.

"As with other banking channels, no fraud can take place on Internet banking accounts without the fraudster obtaining the client's Internet banking access account number and PIN number," he said.

Peasy said it appeared the fraudster had sent unsuspecting clients an e-mail, which, when it was opened, installed software that recorded information.

"It is a new trend called spyware. This has got nothing to do with the bank. It records keystrokes, like your account and PIN number, and then it e-mails the information to a Hotmail mailbox," he said.

Peasy refused to say how many Absa clients had been defrauded or how much money was involved, saying it was "a forensic issue".

http://www.sundaytimes.co.za/zones/sundaytimes/newsst/newsst1058764362.asp

Police on trail of bank hacker

Police experts from the commercial crime unit in Cape Town were investigating the illegal internet transfer of funds from Absa bank accounts as reported in the Sunday Times of July 20, a spokesman reported yesterday.   Superintendent Riaan Pool said the police team was being assisted by a team from the bank.   The Sunday Times reported that a hacker or "internet burglar" had been illegally transferring money from the accounts of Absa clients, apparently after obtaining their banking details by sending them "spy software" - an email message that, when opened, sets itself up to record certain keystrokes on the computer and transmit these to a given address.   Thus the hacker obtains the victim's bank account number and personal identification number or PIN.   Police had received ten complaints of fraud, said Pool, with the amount involved totalling R530,000. The complaints were all laid at the same Cape Town police station in the course of the last two or three months.   He could not divulge further information because of the sensitivity of the investigation, said Pool.

Sapa

http://www.sundaytimes.co.za/zones/sundaytimes/newsst/newsst1058781448.asp

Absa forensic team probes internet fraud

Monday July 21, 2003 12:30 - (SA)

South African banking group Absa's forensic team is probing several cases of internet fraud. This follows incidents where three clients in the Western Cape have had money moved from their accounts by a fraudster who gained unauthorised access to their computers.

Absa said in a statement that the fraudster gained unauthorised access to these clients computers and loaded software called key-stroke logging software which automatically copied everything they typed on their computers and sent it back to the fraudster without their knowledge.

The software therefore transmitted information about the bank accounts typed in by the clients to the fraudster, who was then able to use this information to electronically impersonate the client and gain access to their bank accounts.  A further six cases are under investigation, it said.

Absa said in a statement that a small number of internet account holders in South Africa have become victims of the latest international trend in internet fraud called identity theft.  Absa and the rest of the banking industry are working together to combat this new crime.

"Fraudsters are beginning to realise how difficult it is to breach bank security systems and are now targeting the home computers of account holders by stealing their electronic identity, mainly their PIN and access account numbers," said Richard Peasey, Absa Group Information Security Officer.

"Absa's forensic team is progressing with the investigation," said Peasey.

All Absa transactions are monitored 24 hours per day, seven days a week, all year round.

Absa has also called a meeting of all the information security officers in the banking industry to find ways of stopping this form of crime.

"At Absa and all the other banks, the peace of mind of our clients is our first priority and whenever we as the industry are faced with a new security problem like this, we work together to ensure the safety of clients' money,"

Peasey added. Absa's forensic team is working with industry experts to resolve the matter.

"All the banks including Absa have been putting information on their websites and in their banking halls for internet banking clients about safety precautions that they should take to protect their personal information.

"Internet banking is safe and clients need to be more vigilant than ever to ensure that it stays safe," he said.

I-Net Bridge

09:22 | permanent link | mail this

Hackers leak Quake IV assets

Hackers leak Quake IV assets

by Lisa Byron

ID SOFTWARE has reacted fiercely to hackers having leaked a large number of unauthorised Quake IV assets onto the web. The US developer and its publisher Activision issued a statement this morning, warning that they will refuse to work in future with any games magazines and specialist websites who run these images. "On Friday 18th July a large number of unauthorised Quake IV assets were leaked onto the web," offered the statement. "We do not know the source of these leaked assets. Please be warned that id Software has instructed Activision that we are not to work with any magazine which uses any of these assets. If any magazine does so, id Software will not allow any assets for id games to be sent to these magazines in the future."

MCV Jul 21 2003 11:37AM ET [moreover Computersecurity]
09:23 | permanent link | mail this

Hackers break into ATMs security system

Hackers break into ATMs security system

By Azhar Mahmood

KARACHI: Hackers have broken into some banks' ATM security system compelling them to modify systems to combat the new electronic attackers, sources in banking industry said on Monday.

The affected banks have so far failed to trace them and many among them have preferred to keep silence on the issue in order to avoid backlash from customers, sources said.

The attacked banks have not yet started any joint efforts to curb the rising problem of e-raiding under the supervision of central bank.

Sources said a top private bank, which has serious stakes in the ATMs has cautioned its ATM card holders by sending them a notice captioned "Compulsory Change of Pin Code for ATM Cards".

The notice says, "The holders of newly issued ATM cards will be required to first of all change their personnel identification number, generally called as PIN with some different 4 digits of their own choice, which they will keep confidential.

"After one-month, from the date of last PIN changed, ATMs will automatically illustrate an option to change the previous PIN. The facility for changing PIN at any time will, however, remain available to the card holders."

In Pakistan, the ATM card holders manifest a unique tendency to finance ATM accounts by channalising funds from foreign currency accounts. In July 2002 the total FCAs of $3,839.5 billion went down to $2,589.5 billion by the end of June 2003, said the latest official statistics of the SBP.

Sources said according to the first ever census on electronic banking conducted by SBP, the recent massive drop in ATM business of Rs13.948 billion up to March, 2003 was a direct result of $1.250 billion decline in overall foreign currency accounts (FCAs) of the country.

Sources said the funds transfer from FCAs to ATM accounts has however declined for last one year but the overall ATMs business is still facing serious problems.

Sources said the recently established Payment System Department (PSD) in the SBP has started monitoring electronic banking and a draft of new prudential regulations on electronic banking has been issued to solicit views of the bankers and stakeholders.

The PSD is busy evolving a new security system for smooth and safe transaction of electronic baking keeping in view the requirements and standards of the committee on payment systems and technical committee of the international organisation of securities commissions, sources said.

Sources said the central bank is at the same time busy in setting up real-time growth settlement system (RTGS) for safe banking transactions but it will take almost a year to start. The system will make the SBP the first central bank of South Asia to have this state-of-the-art system.

Sources in PSD said, "Payment system stability is a core central banking function. Efficient and well functioning payment system reduces systematic and operational risks, lowers transaction costs, aids in efficient use of financial resources, helps in financial market to become more liquid and promotes stability in the financial system."

Jang Group Jul 21 2003 6:33PM ET [moreover Computersecurity]
09:49 | permanent link | mail this

Missing Computer Adds to Airport Screeners' Woes

Forwarded from: William Knowles <wk@c4i.org>

http://www.nynewsday.com/news/local/queens/nyc-screen0721,0,3811514.story?coll=nyc-manheadlines-queens

By Glenn Thrush
Staff Writer
July 21, 2003

[Federal officials are quietly scouring the Washington, D.C., area for
a stolen laptop computer loaded with vital information on dozens of
airport baggage and passenger screeners that could be used to forge
IDs.

The computer, property of the federal Transportation Security
Administration, contains screeners' names and addresses, along with
social security numbers, birthdates and other personal data. It was
stolen from an agency staffer's car in late May, according to TSA
spokeswoman Chris Rhatigan.

"We are working furiously to get it back and we've sent out a message
to let all of our screeners know they need to safeguard their personal
information," Rhatigan said.

There's no indication the theft was terrorism-related, but Washington
police and transportation officials are worried that the highly
sensitive contents could get into the wrong hands, she said.

"We're not giving out too much information on this because we don't
want to provide a road map for the terrorists," Rhatigan said.

The laptop is password-protected and contains other security features
that should make it hard for all but a hardened hacker to access, she
said.

Word of the missing computer comes just two weeks after a pair of top
TSA officials resigned amid criticism that the agency has performed
background checks on 22,000 of 55,000 employees, while failing to vet
85 criminals who got jobs at U.S. airports.

In June, Homeland Security chief Tom Ridge announced a cost-cutting
plan to lay off 6,000 screeners by the fall. Kennedy and Newark
Liberty International airports, stand to lose 396 and 273 full-time
positions, respectively, or about 20 percent of their screeners.
LaGuardia Airport will lose 36 or about 4 percent.

The TSA is fighting efforts by unions to organize the screeners. Union
activists and screeners gathered on the steps of City Hall yesterday
to accuse the agency of covering up security breaches and bullying
employees who complain to their supervisors.

"We don't have any whistleblower protection, so when we complain about
something that isn't right we can be fired or transferred," said
Miguel Shamah, a screener at LaGuardia. "That creates a danger because
the truth isn't getting out." Rhatigan called the comments
irresponsible and accused union organizers of "trying to scare the
flying public."

• ==============================================================*
  "Communications without intelligence is noise; Intelligence
  without communications is irrelevant." Gen Alfred. M. Gray, USMC
  ----------------------------------------------------------------
  C4I.org - Computer Security, & Intelligence - http://www.c4i.org
  ================================================================
  Help C4I.org with a donation: http://www.c4i.org/contribute.html
  
• ==============================================================* [isn]

disLEXia, a research project by Maximillian Dornseif