I believe that people are massively underestimating the scale of this issue. But suffice to say that the issue exists and it is exponentially growing. What people have to think about in terms of handling this kind of attacks is that this is no different to terrorism or crime, and has to be handled with a judicious combination of the carrot and stick, the demand and supply side. From the demand side, you need to check that people use passwords, dont be stupid enough to write down their pin numbers, be careful with their cards and cash. On the supply side, that's where governments need to come in. You see, while this can be done electronically, the money has to emerge physically somewhere. in other words, the hacker and the spending of the money has to emerge in a physical place somewhere, some bank, some country, some store somewhere. And that's where you go hit them. In this particular case, one has to go after Russia, Eastern European Countries, Nigeria, Dubai, China and other places like that. There are many ways of doing so. Work with the local national technology associations who would be careful of their reputations such as NASSCOM in India. Put in a global treaty with teeth and work through national security, police and intelligence agencies. Put in security and hacking controls into trade treaties. You can never make data 100% safe, but you can raise the cost of breaking data security. The cost at this moment is near zero!.
==========
Surge in hack attacks against banks - report
The number of online hack attacks against banking organisations has soared 81% in the first half of this year, according to figures released by US security services provider SecureWorks.
SecureWorks says in June 2006 to December of 2006, it blocked attacks from approximately 808 hackers per bank per month, but since the beginning of 2007 up until June, the average number of hackers launching attacks at each bank has risen to 1462.
The vendor says it also recorded a 62% increase in the number of attacks targeted at its credit union clients. In the second half of 2006 SecureWorks blocked attacks from 1110 hackers per credit union per month. That number rose to 1799 hackers per credit union per month in the first half of this year.
Don Jackson, security researcher for SecureWorks, says: "The amount of stolen financial data we have found since the first of the year has been daunting."
"With the Gozi, Prg and BBB trojans alone, we found millions of dollars of data sitting in their stolen repositories," adds Jackson. "These data caches contained thousands of bank account and credit card numbers, social security numbers, online payment accounts and user names and passwords, and we are finding new caches of stolen data everyday."
SecureWorks says most of the hackers it sees stealing financial data are located in Russia and Eastern Europe, but there is also a growing number of hackers operating out of China.
Earlier this week California-based e-security firm Finjan warned that new crimeware is being used to steal banking customer data from infected PCs.
The MPack toolkit, which is used to infect PCs with malware designed to steal personal and financial data, is more dangerous than phishing attacks, says Finjan.
Stolen data is being sent to the criminals over a secure communication channel (SSL) to avoid detection, and users whose PCs were infected by this crimeware will not notice any change to their normal online browsing experience.
During July 2007, the vendor identified 58 criminals using the MPack toolkit to successfully infected over 500,000 unique users.
Yuval Ben-Itzhak, CTO of Finjan, says because this attack happens on the customers' own PC and is encrypted, it makes it extremely difficult to detect.
"After the customer fills in the login form on their Web site and clicks on the log in button, the crimeware, running on the infected user machine, intercepts the communication," explains Ben-Itzhak. "The crimeware sends the intercepted UserID and password to the criminal's server, instead of sending to bank's server. The customer thinks they are still on the bank's web site but they are actually sending data to the criminal's server over an encrypted connection."
Ben-Itzhak says even though the Web page has the look and feel of a normal bank page, it is actually reconstructed in real-time by the crimeware and is displayed over a pre-established SSL connection.
The same technique is used when browsing to other online financial service providers and for each company the crimeware will send a customised set of crafted forms and pages, designed to harvest the data needed to log into that particular service.
Ben-Itzhak warns that the crimeware is being spread by legitimate Web sites that have been infected by toolkits that have embedded an iframe placed on the main page of the referring site, which points to the malicious code. Once the main page is loaded by the user's browser the embedded malicious code is loaded as well.
1 comment:
Great work.
Post a Comment