http://www.stuff.co.nz/stuff/0,2106,3896626a28,00.html By LANE NICHOLS 12 December 2006 A 16-year-old who police sent on a computer training course to improve his behaviour has admitted using a computer in an attempt to defraud banks of nearly $45,000. The Upper Hutt teenager faces 26 fraud charges after hacking into people's internet banking accounts in August and September. Police say he posted a computer virus on an internet message board and used it to capture details from people's personal computers. Westpac, ANZ and ASB were all hit. The biggest transaction involved $6323, but the banks agreed to reimburse the losses. The scam, combined with the boy's age, has raised fresh questions about the security of internet banking. It is just six months since banking ombudsman Liz Brown said banks had been slow to introduce two-factor authentication measures to fight internet fraud. Judge Pat Grace remanded the youth to a secure residential facility in Palmerston North when he appeared in Upper Hutt Youth Court yesterday. "You had set up quite a sophisticated operation to obtain some $50,000 from unsuspecting users of the internet. "With the seriousness of this offending, I must be considering a custodial sentence as far as you are concerned, and because of that I'm going to decline your application for bail." The youth, who cannot be named, has also admitted unrelated charges of kidnapping, aggravated robbery, threatening behaviour, unlawfully taking a motor vehicle, reckless driving, failing to stop and a string of driving offences. He is understood to owe about $35,000 in fines. The computer fraud is believed to have been committed at his parents' home while he was unemployed. The court is awaiting a psychological and social workers' report before hearing submissions on which court he should be sentenced in. He faces up to five years' imprisonment if sentenced in the district court. Constable Chris Muir said the youth decoded large amounts of information from people's computers to get account numbers and passwords. "He just keeps the things he wants. He is a very clever boy." It was possible that others had been targeted but had not complained to police. About $15,000 had been recovered. The outstanding money had mainly been sent to the bank accounts of several co-offenders, who were also before the courts. "It's very concerning that someone can basically sit at home and get everything off the internet and do what they want." The police electronic crime lab's national manager Maarten Kleintjes said internet banking fraud was becoming more sophisticated. He would not say if it was increasing, because banks shared the information with police in confidence. Two-factor authentication - in which customers are issued with a new security code each time they log on - was the best way to guard against internet banking fraud. Though it was compulsory in many countries, several major New Zealand banks - Westpac, ANZ and National - were yet to introduce the technology. "The attacks are now being taken to a new level whereby people's machines are deliberately infiltrated with very sophisticated spyware, Mr Kleintjes said. "They basically take control of your machine. They access your bank accounts but also steal your identity." _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Mon Dec 11 2006 - 22:43:57 PST