From Russia with impunity
Posted on | July 16, 2008 | 2 comments
By all accounts, Rostov-Na-Danu is a picturesque, culturally-rich city of 1.1 million on the banks of the Don River, near the Sea of Azov in Southern Russia. Established in the mid 1700s, it has served as a hub for commerce and politics for millenia. Now, in the 21st century, the quaint city has emerged as home base of a gang of cyber bank robbers operating with impunity. The Coreflood Gang is likely stealing millions in a steady flow from tens of thousands of individual online banking accounts, mainly in small withdrawals of less than $5,000. Shortly after my 400-word story about the gang’s operations was published today on page 4B of USA Today, a reader called me with a complaint: he appreciated the info, but wanted to know what he could do to protect himself from exposure to Coreflood. The short answer: stop doing online banking.
Threats of having your Web-connected PC compromised at home or at work are so multitudinous and varied that it has become background noise. Internet-enabled data theft and financial fraud has become a mature, centi-billion global enterprise, that uses best-practicesâ€â€for market saturation and stealth. Long gone are the days when sloppily-written worms, like MS Blast or Sasser, would circle the globe and grab front page headlines. Today, backdoors get planted on your PC when you navigate to trusted web sites. And Trojans that turn your PC into a spam-spreading bot and harvests all your sensitive data are root-kitted deep into your harddrive.
SecureWorks researcher, Joe Stewart (one of the ace virus hunters featured in Zero Day Threat) discovered how the Coreflood Gang uses a common Windows system management component, called PsExe, to spread infections all across a network, from inside network firewalls. SecureWorks and Spamhaus helped shut down the two hub servers the Gang had rather brazenly rented from a U.S. Internet Service Provider to carry out the attacks. But the gang simply rented two replacement hubs from another U.S. ISP, and continues to do business as usual. Such is the sate of cyber crime that security firms and law enforcement believe it is better NOT to shut down these two servers. The logic: doing so might compel the gang to patronize a purely criminal, so-called bulletproof ISP, such as the Russian Business Network. “We’d rather know where they’re at,†says Stewart. “The more we forced them to move around the more they’ll evolve and likely go deeper undergroundâ€Â
photo of Joe Stewart
Comments
2 Comments »
RSS feed for comments on this post.
This is very enlightening.
I’ve been using Quicken for years to retrieve financial data. And, I never go directly to my bank’s website.
Even with a firewall, and up-to-date virus protection, can I assume that is unsafe to use Quicken to get financial data?
Comment by Michael — 7/30/2008 @ 12:17 pm
Loved the book; for years I have held back (For good reason obviously) using online banking. If it was just my security concerns, I’d be a bit more hopeful, but seeing the state of online banking in general, there is NO WAY I would leave my personal data out there for the bank to compromise and/or allow to be taken.
Kudos for bringing this to the light of day; I think many people don’t understand what exactly they are doing when they conduct an online transaction, nor do I think they understand the criminal element and how much knowledge and understanding they have.
Comment by Kevin — 7/30/2008 @ 6:28 pm