Thursday, July 17, 2008

Is your Internet banking safe? Take a Guess!

Read this. then go to your bank and talk to an officer about what levelm of security they have and how it works.

In most banks Internet banking is an attractive way to get customers and it saves them a ton of money in paper, printing, postage, handling. BUT, many banks and other organizations have ridiculously weak security and authentication systems.

Notice in this article how the new Internet crooks are getting information about YOU from secondary organizations like county schools which have much weaker security than the banks themselves.

Are we screwed?

Yes, pretty much because the bad guys are investing more time, energy, and urgency into figuring out how to break in than we as a society are spending. Also, federal and state politicians are largely not well versed in IT. Sen McCain who may be President has said he promises to learn how to operate a computer and will try to get his own e-mailo although he says he sees no reason to do e-mailing! YIKES!

The article "Russian Cybercrooks Target High Bank Balances Online" by Byron Acohido appeared on Wednesday, 16 July 2008, USA Today.

The piece starts, "Call them the Coreflood Gang. A ring of cyber bank robbers from southern Russia has quietly perfected a way to get a beachhead inside company networks. Once inside, it infects every PC within reach with a custom-made data-stealing program called Coreflood. The goal: go rip off bank accounts online."

This is a very disturbing development since we have often actually referred to on-line banking when we want to reassure people about the safety of Internet activities.

The article continues "Over the past 16 months, the Coreflood Gang has infected swaths of PCs inside thousands of companies, hospitals, universities and government agencies ..."

"It's spying on you, capturing your log-ons, user names, passwords, bank balances, contents of your e-mail," SecureWorks researcher Joe Stewart says. "It can capture anything."

Coreflood is part of a class of malicious software, called banking trojans, designed primarily to help crooks break into bank accounts online. The number of banking trojans detected on the Internet this month topped 24,800, up from 3,342 at the start of 2006, security firm F-Secure says.

An infection usually starts when you visit a Web page implanted with a snippet of malicious coding. By simply navigating to the tainted page, your browser gets redirected, unseen, to a hub server that downloads the data-stealing program onto your hard drive.

Dozens of gangs specialize in banking trojans. They have it much easier than phishing scammers, who must lure victims into typing sensitive data on spoofed Web pages, says F-Secure researcher Patrik Runald.

"This is very organized crime," Runald says. "These gangs are hiring people and making tons of money."

The Coreflood Gang is among the most sophisticated. Stewart recently analyzed 500 gigabytes of stolen data stored on a rented hub server. He pinpointed 378,758 Coreflood infections inside thousands of organizations, small and large.

A workplace PC can get a new infection each time someone logs on. The most infections: a county school district with 31,425, a hotel chain with 14,093 and a health care company with 6,744. About 230 networks turned up with 50 or more Coreflood infections, while 35 networks each had 500 or more.

Gang members cull the stolen data for log-ons and account statements, especially bank accounts online with high balances. Next, they log into the accounts and make online cash transfers into "drop" accounts they control.

After having two hub servers shut down by the tech security community in May, the Coreflood Gang rented two new hubs and picked up where they left off. Today, they continue operations unimpeded, says Stewart.

Companies infiltrated by the Coreflood Gang need to rethink how they do network security. Employees surfing the Internet on work PCs ought to take pause. "If you don't understand the threats that are out there, then you probably should not be banking online," Stewart says.

So this is worth a very rapid and robust response. Unfortunately these institutions are in the throes of a gut wrenching financial crisis as you well know from watching or studying the news. They therefore don't have the cash to improve security. in fact, as they downsize and slash budgets your money will be less and less safe every month.

Is this a crisis?

You decide. is the security of people's bank accounts important or not?

Call your Congressman or woman today.







Labels: , , , ,

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft - www.ftc.gov/idtheft