backtop

Print E-mail del.icio.us 14 comment(s) - last by malware.. on Jan 24 at 9:02 PM
Walking into a bank with a ski mask is old fashioned

Swedish bank Nordea was the target of one of the largest online heists.  The bank lost between 7 to 8 million Swedish kronor (a little over $1.1 million USD) in a phishing scam that had been taking place over the last 15 months, according to ZDNET UK.

Officials say the "bank robbers" used phishing emails to lure bank customers into opening emails with attachments entitled "raking.zip" or "raking.exe."  The attachments were disguised as anti-spam software, but contained a Trojan which security companies called "haxdoor.ki."

Close to 250 Nordea customers were taken by the fraud.  It was also said that attacked customers did not have anti-virus software on their computers.  Security officials claim Russian organized criminals are responsible for the heist, with no less than 121 people suspected to be involved.  Even more damning, Swedish police traced computer servers first in the U.S. and then to Russia.

"Haxdoor.ki" is typically know to install keyloggers to record keystrokes, then hides itself using a rootkit.  When users attempted to activate their Nordea accounts online, the Trojan automatically responded by bringing the customer to a fake bank homepage. 

When the customers entered their personal information, including bank numbers and passwords, the website would load to an error page claiming that the site was having technical difficulties.  The criminals then used the gathered information on the real bank page and withdrew funds from customer accounts.

Nordea claimed it knew that a few of the transactions had been false due to the unusual activity under the accounts, but a majority of the transactions had been small withdrawal amounts, therefore making it difficult to identify real transactions from the fraudulent ones.  Nordea spokesman Boo Ehlin claimed that most of the fraudulent cases were small amounts that the company thought were ordinary.

Currently, a police investigation is underway and the bank is reviewing its security procedures.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
don't blame the customer, Nordea should know better
By tim c on 1/22/2007 11:21:00 AM , Rating: 2
I am familiar with two online banking sites,( and have some experience of others). One is incredibly vulnerable, the other is messy but has become extremely secure. It might that be that banks are so obsessed with compliance & profits that they no longer have any professional pride in their work. The keypad loggers can easily be overcome by an onscreen virtual pad for passwords; it is prudent to have a "site last accessed at hh/mm/dd/mm/yy" on the statement page. And guess what: if banking federations and watchdogs were to collate statistics for phishing, they just might identify the substandard websites (clue:the UK is wide open). There are loads of other security ideas, but let's allow the software people to make some $$$
PS found this site via google news




By fic2 on 1/22/2007 11:38:20 AM , Rating: 2
I have to agree. I had one bank that when I called to verify something they asked for my online password. I asked if they could see this in plain text. The answer was yes. I closed the account. What dumb*ss system allows someone to see the plaintext password?


By vdig on 1/22/2007 2:05:10 PM , Rating: 2
That... sounds way too easy. Far and away too easy.

Anybody and everybody likes the concept of an easy buck or a million. Those who are unethical have way more options, though.

Quit making this scam sound easy. We don't need more people joining the criminals in the phish pond. Tough enough to repel them as is.


By frobizzle on 1/23/2007 8:39:39 AM , Rating: 2
How secure or insecure a site is would have no bearing in this particular case. These customers did the single most dangerous thing they could do - open an email attachment of questionable origin - and from that point on, the bank could be using 512 bit mega-encryption and it wouldn't matter. The customer's PC was compromised! All bets were off at that point.
So, to get back to the title of this thread, I do nlame the customer.


what can you say
By cciesquare on 1/22/2007 4:44:40 AM , Rating: 2
I mean what can you say?

It just comes down to ignorance on both the customer and bank side.

Banks should have been clearer on email policy in regards to asking for passwords, directed to links, or in this case downloading and installing something.

The customer should be fully aware that in this day and age email fraud is common. If you are suspecious call your bank directly and ask about it, or go to your local bank and ask. Its that simple. Laziness hurts you as an excuse.

This will happen more and more. Its not sophisticated, its simple human engineering. These thieves didnt use anything spectacular or extradinary, just ignorance of those whom they targeted.

These victims' lives are going to get more complicated because not only do these theives have their bank accounts they probably have other private info like credit card accounts and logins for those accounts.

Here's the worst part, some of these customers probably wont clean their computer and for those customers it will happen again.




RE: what can you say
By Hare on 1/22/2007 4:57:36 AM , Rating: 5
quote:
Banks should have been clearer on email policy in regards to asking for passwords, directed to links, or in this case downloading and installing something.

It's hard to blame anyone. I'm a Nordea customer and they clearly state in their papers that they will NEVER contact you with phone or email about passwords or other personal information. This is also in the actual password-card! The problem is that people are just too gullible and don't know how the Internet works. Most older people can't even understand that there could be someone trying to steal their passwords etc.

Nordea uses a separate pin each time you login to the bank. In addition to that you need your own customer id number. After logging in you must verify your transaction with a separate key. This is definately secure enough. If someone must be blamed it's the customer.

Nordea has been targetted many times in scandinavia with phishing attacks and it has been in the news over and over again. By now everyone should know from the media coverage and their documents not to fall for these scams.


It's all too transparent who pulled this one off...
By mpc7488 on 1/22/2007 12:21:55 PM , Rating: 1
quote:
Security officials claim Russian organized criminals are responsible for the heist,


I'll bet it was AllofMP3.com!!! Everyone knows they are the source of all evil in Russia. (And by everyone, I mean the RIAA.)




By oTAL (blog) on 1/23/2007 3:02:21 PM , Rating: 2
For old times sake:
In Soviet Russia the bank withdraws money from you!!


By 8NP4iN on 1/23/2007 9:13:34 PM , Rating: 2
In soviet russia, the bank... hummm u writted it first


Ignorance
By TimberJon on 1/22/2007 10:55:46 AM , Rating: 2
Thats the problem. People DON'T know how bad it is. And how sophisticated hacking and phishing is. How minimal security is when there are ethical hacking courses available everywhere. They buy home PCs and connect up and buy everything, without knowing about anti-spam or Firewalls.

I say the computer companies should get sued, for pushing advertising so hard for their budget systems. People think its a great deal but are not warned of the dangers. Product Boxes should suggest what brands and types of software to purchase to protect their system, AND/OR provide a coupon of some type to aid in the purchase of said software.




RE: Ignorance
By JTMoney1014 on 1/22/2007 11:28:09 AM , Rating: 2
I hope that you are kidding about the computer companies being sued TimberJon. That would be one of the most ridiculous lawsuits of all-time, not to mention just plain dumb. You can't honestly believe it is the fault of computer companies that these things are happening.


The Friendly Net Neighbours !
By nah on 1/22/2007 3:13:49 AM , Rating: 2
Is this a case for our friendly neighbourhood Spider-Man ?




By malware on 1/24/2007 9:02:57 PM , Rating: 2
The nordea rootkit derived attack could not have been stopped by any security software, This is Microsoft's official technical bulletin on rootkits; http://www.microsoft.com/technet/sysinternals/util...
in particular this paragraph;

Is there a sure-fire way to know of a rootkit's presence
In general, not from within a running system. A kernel-mode rootkit can control any aspect of a system's behavior so information returned by any API, including the raw reads of Registry hive and file system data performed by RootkitRevealer, can be compromised. While comparing an on-line scan of a system and an off-line scan from a secure environment such as a boot into an CD-based operating system installation is more reliable,{ otherwise known as whitelisting} rootkits can target such tools to evade detection by even them. The bottom line is that there will never be a universal rootkit scanner, but the most powerful scanners will be on-line/off-line comparison scanners that integrate with antivirus.

In short, Microsoft is telling the world, Windows can never be secured from rootkit attacks. And yet the token vendors, and security software vendors, continue to spout garbage about the subject, and charge squillions of dollars for solutions that do not work against new rootkit attacks, thewy can only address "known threats"......what a joke, albeit an expensive one at that, guess the terrorists of the world will continue to have free funding for a long while yet.




but
By sprockkets on 1/22/2007 10:11:44 AM , Rating: 1
It says the email had "anti spam software", did the email have anything to do with the bank period? For that matter, they could have gone to the real site and got the information that way.




"Let's face it, we're not changing the world. We're building a product that helps people buy more crap - and watch porn." -- Seagate CEO Bill Watkins









botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki