[ISN] Russian hacker arrested in bank extortion case

From: InfoSec News (isnat_private)
Date: Thu Feb 07 2002 - 22:46:38 PST

  • Next message: InfoSec News: "[ISN] Microsoft developers feel Windows pain"

    http://www.infoworld.com/articles/hn/xml/02/02/06/020206hnrussian.xml
    
    By Sam Costello 
    February 6, 2002 10:17 am PT
    
    IN MID-JANUARY, RUSSIAN law enforcement, with help from the U.S.  
    Secret Service and U.S. Federal Bureau of Investigation (FBI),
    arrested a computer hacker who had attempted to extort $10,000 from a
    U.S. bank, according to a Secret Service agent.
    
    The hacker, whose name was not revealed, was arrested after breaking
    into a server owned by financial ASP (application service provider)  
    Online Resources (ORCC) and attempting to extort money from one of
    ORCC's client banks, said Ray Crosier, the company's president and
    chief operating officer.
    
    McLean, Virginia-based ORCC offers online banking, electronic payment
    and other financial services over the Internet to 525 financial
    institutions in the U.S., Crosier said.
    
    ORCC uses a two-stage system by which it allows customers of its
    client financial institutions to use its services, Crosier said.  
    First, when registering for online accounts through their banks, users
    are sent to registration servers, with each financial institution that
    ORCC deals with having its own dedicated server. After registration is
    completed on the first server, all information and transactions are
    handled through a second server, he said.
    
    The hacker was able to break in to a registration server used by the
    client due to an unpatched security hole on the server, Crosier said,
    declining to release the name of the company whose data was stolen.  
    Crosier also said that the situation with that client was unique among
    ORCC's customers as the configuration used on the server was
    customized and not present elsewhere at ORCC.
    
    By breaking into the registration server, the hacker was able to grab
    customer records that included names, addresses and bank account
    numbers, Crosier said. Because only registration was handled on the
    server, however, the hacker was unable to commit fraud, move funds or
    gain access to data from other banks served by ORCC, he said.
    
    The intrusion into the server happened in early 2001, though the
    Russian did nothing for nearly eight months with the data he obtained,
    according to Crosier. In late 2001, the hacker began sending e-mail to
    ORCC's client bank, saying that he would post the data he'd obtained
    from the server on the Internet if he was not paid $10,000, according
    to Secret Service agent Brian Palma.
    
    After the extortion demand, ORCC contacted the Secret Service and the
    bank to whom the demand was made contacted the FBI, Crosier said. The
    Secret Service New York field office then began a dialogue with the
    hacker, asking questions about how he wanted to receive the money,
    where to send it and the like, Palma said.
    
    Such negotiations are part of standard procedure when dealing with
    extortion cases, Palma said, and give agents the time used during the
    negotiations to try to track down the suspect.
    
    In this case, those procedures worked, as the Secret Service was able
    to trace the hacker's e-mail messages, Palma said. The FBI contacted
    Russian law enforcement and the hacker was arrested Jan. 16, he said.  
    Although the Secret Service did pay the $10,000 the hacker demanded,
    what's left of it was seized, as was the computer equipment purchased
    with the money, Palma said.
    
    The hacker, who has a history of similar crimes in Russia, will be
    prosecuted, according to Palma.
    
    ORCC's Crosier sent an e-mail to ORCC's clients in late January
    explaining the situation to them and reassuring them that "none of
    them were ever at risk at any time," he said. Only two of ORCC's
    customers contacted Crosier after the e-mail was sent, he said.
    
    "We feel good about having caught the guy," Crosier said.
    
     
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Feb 08 2002 - 02:53:30 PST