Tuesday, July 07, 2009

Malware Robs Kentucky Bank Online

This is an absolutely fascinating blow-by-blow account of a malware attack from Brian Krebs of the Security Fix blog. The attack allowed the hackers to steal $415,000 from an online bank account. The attackers, cybercriminals in the Ukraine, stole the money from the bank account of a county government in Kentucky.

The story has all the elements of a great cybermystery, along with a cast of two dozen co-conspirators in the U.S. The hackers used the county government's own Internet connection, and then set up fake accounts for the co-conspirators to handle the ill-gotten funds wired to their accounts.

They also took over the account of a local judge with access to the bank account, even going so far as to change his e-mail address, so alerts about fraudulent activity would never get to the judge. Instead, they would go to the attackers, who would, of course, ignore them.

What's really interesting here is that these tricks allowed the attackers to bypass classic fraud detection schemes, such as PC fingerprinting. After all, they were using the county's own Internet connection. That shouldn't raise any red flags, right? And, even so, the attackers would get any e-mail alerts.

The investigation is still continuing, so there's still a few missing details and pieces of information.
Also, as footnote, Krebs is in my personal Hall of Fame of security blogs for his outstanding coverage of security issues. Security Fix is one of those must-reads that should be bookmarked by every security professional.


Post a Comment

<< Home