With cyber crooks now targeting banks, you need to know how to protect your money. Banks are the next target for cybercrime, Information Communication Technology (ICT) players have warned. UUNET Managing Director Tom Omariba says cyber crooks are perfecting the art of hacking into people’s or organisations’ bank accounts through replication of domain names. They then use the information to access banking details that enable them withdraw money from their victim’s accounts. “Some crooks register domains very similar to existing entities and try to target customers of those entities with a view to getting information and using the information for fraudulent purposes. Specifically, banking details have been obtained from customers and used to steal money from the customers,” said Mr Omariba. “This is on the increase and it is time we dealt with it as a country.” He said Internet Service providers (ISPs) have mechanism to detect this kind of fraud, with interventions varying from one customer to another, and depending on the level of controls ISPs have over the customers’ systems. “However, in the event of an fraud, there exists an arrangement where a domain name can be disabled at the international level if the aggrieved party seeks proper intervention and show evidence that their domain is being used for abuse,” explains Mr Omariba. He said Kenya needs to get into a level where the registration of domain names is properly vetted so that the country has the right entities registering the right domains. Kenya’s domain names are registered by the Kenya Network Information Centre (Kenic). As an owner of the domain names, it can vet the domain names for cases of abuse and deregister them. “As soon as fraud is detected, KENIC should take action, including bringing down somebody’s domain name, after following a clear mechanism for reporting,” he explained. Keeping your bank accounts safe from cybercriminals Finjan recently released a report about yet another case of high tech bank robbery. This theft consisted of a number of steps as well as social engineering to accomplish its task. The first step involved infecting victims’ computers with a Trojan. This was accomplished using the LuckySpoilt toolkit which exploits browsers and allows hidden installation of payloads; in this case a sophisticated Trojan called “URL Zone Bank Trojan” was installed on the victim’s computer. Once installed the Trojan would contact a command and control system. As stated previously, this Trojan was quite sophisticated in that its use was not to simply steal money but to do so intelligently and cover the perpetrator’s tracks as best possible. The command and control system instructed the Trojan on how to operate. The Trojan would receive instructions such as the minimum amount to transfer, the maximum, which accounts to transfer the money to and the minimum account balance. The Trojan would then piggy back on an actual transaction done by the victim. When the transaction is complete, the Trojan would then intercept the response by the bank, modify the values to show the actual amount the victim wanted to transfer and thus hiding the real amount the Trojan transferred to an unintended account. The Trojan would also fake the available balance reported by the bank to hide the fraudulent transaction. As long as the victim checks his banking statements online from his infected computer he will never be aware of the stolen money. This ensures that the theft is likely to remain hidden until the next bank statement, or until the victim access his account from an ATM thus counteracting the best practice of checking your balance online periodically to detect fraudulent activity. The final step of this scheme involves social engineering. The perpetrators “hire” another set of victims to act as unknowing money mules. This is done by posting fake online jobs, most likely of mystery shoppers. Mystery shopping is a technique used by businesses that employ a person to pretend to be a normal shopper who goes to buy items and record their experience as a way to measure various matrices such as employee efficiency, customer service and overall shopping experience. The Trojan would transfer the money to the money mules bank account not to the perpetrators directly thus further covering the tracks. The mules would then be asked to perform tasks which include keeping a cut of the transferred money as a commission for their services and transfer the rest to the perpetrator in some other untraceable fashion such as money transfer services that require simply a password to retrieve the funds. This scheme netted the perpetrators a whopping average of €16,500 daily which would mean more than €5 million per year if the scheme is successful and runs unchecked. What we learn from this lesson is to not fully trust your computer. Trojans and root kits are sometimes designed to make your computer lie to you and as such it is not enough to check your accounts periodically using just your computer. While it is a very good practice, in this case it is not enough in terms of protection. It is recommended to check your bank balances once a month by either requesting that the bank sends you periodic statements on your activity or maybe via a short visit to an ATM. Some banks also offer services where they notify you by SMS regarding transactions and the amount spent. When available this can be a very good tool to monitor your accounts activity. Source: SmartbizAfrica