http://www.thestar.co.za/index.php?fArticleId=3642294 By Lee Rondganger The Star January 24, 2007 A Russian cyber-criminal syndicate, specialising in the development of software to hack into bank accounts, is selling its software to South Africans. And the banking industry is losing millions. Recently, well-organised local hacking syndicates have been able to gain access to South African accounts by using the software. The Russian syndicate sells its software on the Internet for R10 500, and it is designed to evolve to circumvent anti-virus and anti- spyware software on computers. While the banking industry refuses to divulge its losses, it is estimated the potential loss could be in excess of R50-million. Pat Pather, group head of IT at Standard Bank, whose team of experts have been tracking the syndicates over the past year, said the Russian syndicate have also hit the accounts of people worldwide. "What these guys do is that they develop the software in Russia, use it against European banks, and once it works, they will sell it to other syndicates around the world. "We are aware of local syndicates using the software and we have identified a few members of the syndicates," Pather said. Internet cafs are the primary target for the syndicates, he said. Richard Archdeacon, the UK-based director of IT security firm Symantec, said authorities world-wide were battling Russian cyber-criminals, who had become more sophisticated. "This whole element of cyber-crime has now become industrialised. It is now a major criminal business, with the different parts you would expect from big business. "In these syndicates you have research-and-development people; you've got the hackers, who are the engineering department developing the attack codes; and you've got people who handle distribution and logistics. "What makes it more difficult to fight is that you don't know where these guys are based because you will have a guy sitting in Russia who will launch an attack from a server based in the US," said Archdeacon. In October last year, the Scorpions, Standard Bank and a UK security consultancy firm arrested Abdul Malik Parker (28), the alleged African head of an international online banking syndicate. Parker is out on R20 000 bail. The arrest was the first time authorities in South Africa were able to nail the alleged ring leader of an online banking syndicate. Parker, who carried out his alleged hacks using a laptop and a 3G card, has been linked to a syndicate operating in Russia, but authorities are not sure whether it is the same syndicate selling the software. The Scorpions have since linked Parker to 120 incidents of online fraud affecting the clients of all of South Africa's major banks. Hundreds of international banking clients, including those in the UK, France, Sweden and Australia, have also allegedly fallen victim to Parker's syndicate. The Scorpions and Standard Bank have since identified another syndicate operating in South Africa, and investigations are said to be at an advanced stage. Pather said the modus operandi of the syndicate was simple: a syndicate member buys the Russian-designed software, goes to an Internet caf and installs the key loggers -which track a person's key strokes - at the terminals. A user's key strokes are then captured by taking what can be described as a photo of the computer screen. These screen-shot photos will provide the hacker with the Internet banker's username, password and even passwords to the Internet mailbox. All of South Africa's major banks offer "one-time" passwords", which are usually sent via SMS to a person's cellphone. However, many people also get one-time passwords via e-mail. Having captured the details, hackers can access the mailbox where the one-time password is sent and log into that person's online bank account. Banks have encouraged customers to switch to SMS-based one-time passwords, leading to fraud levels declining, said Pather. Gilbert Swartz, chief executive of the South African Banking Risk Information Centre, warned people about conducting banking transactions at Internet cafs because of the risk that syndicates pose. Absa spokesperson Errol Smith said that, in addition to the Russians, there were various other syndicates operating in South Africa. "The most important thing we tell our customers is to always ensure that they don't become victims, and the only way to do that is to have adequate security on their PCs, such as patches and anti- spyware and anti-virus software," Smith said. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Jan 23 2007 - 22:25:18 PST