[ISN] Russians target Net bankers

From: InfoSec News (alerts@private)
Date: Tue Jan 23 2007 - 22:21:02 PST


By Lee Rondganger 
The Star
January 24, 2007 

A Russian cyber-criminal syndicate, specialising in the development of 
software to hack into bank accounts, is selling its software to South 

And the banking industry is losing millions.

Recently, well-organised local hacking syndicates have been able to gain 
access to South African accounts by using the software.

The Russian syndicate sells its software on the Internet for R10 500, 
and it is designed to evolve to circumvent anti-virus and anti- spyware 
software on computers.

While the banking industry refuses to divulge its losses, it is 
estimated the potential loss could be in excess of R50-million.

Pat Pather, group head of IT at Standard Bank, whose team of experts 
have been tracking the syndicates over the past year, said the Russian 
syndicate have also hit the accounts of people worldwide.

"What these guys do is that they develop the software in Russia, use it 
against European banks, and once it works, they will sell it to other 
syndicates around the world.

"We are aware of local syndicates using the software and we have 
identified a few members of the syndicates," Pather said.

Internet cafs are the primary target for the syndicates, he said.

Richard Archdeacon, the UK-based director of IT security firm Symantec, 
said authorities world-wide were battling Russian cyber-criminals, who 
had become more sophisticated.

"This whole element of cyber-crime has now become industrialised. It is 
now a major criminal business, with the different parts you would expect 
from big business.

"In these syndicates you have research-and-development people; you've 
got the hackers, who are the engineering department developing the 
attack codes; and you've got people who handle distribution and 

"What makes it more difficult to fight is that you don't know where 
these guys are based because you will have a guy sitting in Russia who 
will launch an attack from a server based in the US," said Archdeacon.

In October last year, the Scorpions, Standard Bank and a UK security 
consultancy firm arrested Abdul Malik Parker (28), the alleged African 
head of an international online banking syndicate. Parker is out on R20 
000 bail.

The arrest was the first time authorities in South Africa were able to 
nail the alleged ring leader of an online banking syndicate.

Parker, who carried out his alleged hacks using a laptop and a 3G card, 
has been linked to a syndicate operating in Russia, but authorities are 
not sure whether it is the same syndicate selling the software.

The Scorpions have since linked Parker to 120 incidents of online fraud 
affecting the clients of all of South Africa's major banks.

Hundreds of international banking clients, including those in the UK, 
France, Sweden and Australia, have also allegedly fallen victim to 
Parker's syndicate.

The Scorpions and Standard Bank have since identified another syndicate 
operating in South Africa, and investigations are said to be at an 
advanced stage.

Pather said the modus operandi of the syndicate was simple: a syndicate 
member buys the Russian-designed software, goes to an Internet caf and 
installs the key loggers -which track a person's key strokes - at the 
terminals. A user's key strokes are then captured by taking what can be 
described as a photo of the computer screen. These screen-shot photos 
will provide the hacker with the Internet banker's username, password 
and even passwords to the Internet mailbox.

All of South Africa's major banks offer "one-time" passwords", which are 
usually sent via SMS to a person's cellphone. However, many people also 
get one-time passwords via e-mail.

Having captured the details, hackers can access the mailbox where the 
one-time password is sent and log into that person's online bank 
account. Banks have encouraged customers to switch to SMS-based one-time 
passwords, leading to fraud levels declining, said Pather.

Gilbert Swartz, chief executive of the South African Banking Risk 
Information Centre, warned people about conducting banking transactions 
at Internet cafs because of the risk that syndicates pose.

Absa spokesperson Errol Smith said that, in addition to the Russians, 
there were various other syndicates operating in South Africa.

"The most important thing we tell our customers is to always ensure that 
they don't become victims, and the only way to do that is to have 
adequate security on their PCs, such as patches and anti- spyware and 
anti-virus software," Smith said.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Tue Jan 23 2007 - 22:25:18 PST