Hacking Business Accounts

July 21st 2009 06:22 pm

A couple of months ago I talked to an attorney at a regional law firm. He mentioned that some of his clients had lost tens to hundreds of thousands of dollars to fraudulent wire transfers. I surmised that it was due to rootkits that allowed someone to remotely perform a wire transfer. I also wondered if this was a local or widespread phenomenon.

Apparently it’s widespread. Here’s Brian Krebs talking about business bank accounts being wiped out in the Post’s Security Fix. Somebody is making a lot of money out of this.

Bookmark and Share

Posted under Security | 2 Comments »

2 Responses to “Hacking Business Accounts”

  1. Kudos to banks for implementing “multi-factor” security requiring both A. User name/password AND B. private key for authentication … that one worked out well. ha..

    I just had a computer forensic case come in last week that was exactly this.. Client’s bank flagged 2 large wire transfers as fraudulent activity that almost wiped their account. They hire us to figure out the who/how/what @#$@ happened..! Make a long story short things turn into a malware analysis real quickly as I found a nasty little thing ~~ “9129837.exe” a trojan w/ root kit like characteristics.

    The phishing scheme that delivered the trojan was so advanced, the fake bank web site that prompted for the user/name password, actually validated the credentials against Verisign before it even bothered passing it along to the suspect!! Then it drops the executable (wiping some of its traces) scooping up digital signatures among some other goodies.

    If you ask me, based on what I have learned from you =) , this security is like putting the fresh made chocolate chip cookies and hundred dollar bills both in the same cookie jar.. then leaving the cover wide open. Kind of asking for it in my opinion. They need to incorporate other variables that are “outside of the jar” sort of speak. What happened to the good old RSA tokens.. ?

    http://garwarner.blogspot.com/2009/06/bank-of-america-digital-certificates.html

    [includes minor edit by blogger]

    nides1 on 23 Jul 2009 at 9:41 pm #

  2. I have to say that the Bank of America phishers are pretty brazen – it’s incredible to think they’re telling people to install new public key certificates.

    The sad thing is that I know people will fall for it.

    Actually, though, that makes the attack really too complex. It gives forewarning of where the domain will be for the actual attack.

    Rick (l) Admin on 24 Jul 2009 at 12:19 pm #

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.