Monday, April 10, 2006
Hackers redirect banks' web sites
Florida banks hacked in new spoofing attack
Hackers redirected users after changing banks' Web sites
News Story by Robert McMillan
MARCH 29, 2006 (IDG NEWS SERVICE) - Three Florida banks have had their Web sites compromised by hackers in an attack that security experts are calling the first of its type.
Earlier this month, attackers were able to hack servers run by the Internet service provider that hosted the three banks' Web sites. They then redirected traffic from the legitimate Web sites to a bogus server, designed to resemble the banking sites, according to Bob Breeden, special agent supervisor with the Florida Department of Law Enforcement's Computer Crime Center.
Users were then asked to enter credit card numbers, PINs and other types of sensitive information, he said.
According to Breeden, the affected banks are Premier Bank, Wakulla Bank and Capital City Bank, all small, regional banks based in Florida.
This attack was similar to phishing attacks that are commonly used against online commerce sites, but in this case hackers had actually made changes to legitimate Web sites, making the scam much harder for regular users to detect.
Phishing attacks generally require users to click on a bogus Web link, but this attack worked on users who had typed in the correct URL for the banks in question.
Breeden said he had not seen this particular tactic used before. He called it a troubling development.
"The bad guys have created a way to take away the safety of typing the address of your bank," he said. "We have to address it now and say to people, 'Even if you do go to your online bank's Web site, you need to be very careful.' "
Though Breeden said the scam was operational for only "a matter of hours" and probably affected fewer than 20 banking customers, the technique appeared to be very effective at extracting sensitive information. "Probably some very smart people fell for this," he said.
The banks' Internet service provider, ElectroNet Intermedia Consulting, does not house consumer data, so any information obtained by the hackers would have to have been provided directly by victims, the Tallahassee, Fla.-based company said.
The Florida Department of Law Enforcement is investigating the crime with the help of ElectroNet and the affected institutions, ElectroNet said.
The hacking was contained within an hour of being detected, according to ElectroNet. However, it did not say when the attack began or how much time had passed before it was discovered.
Although scammers have traditionally targeted large financial institutions with phishing attacks, that is now changing, according to Rich Miller, an analyst at Internet research company Netcraft Ltd. "Lately we've seen phishing attacks move down the food chain and target much smaller, regional banks," he said.
Small banks such as those in the Florida scam can sometimes make easier targets, Miller said. "The big banks are able to put more resources into securing their sites," he said.
Like Breeden, Miller had not seen this type of attack attempted previously.
The three banks in question could not be reached to comment for this story, but Premier Bank is now asking customers to change their passwords after the bank was notified of a phishing scam, according to a note on the company's Web site.
Hackers redirected users after changing banks' Web sites
News Story by Robert McMillan
MARCH 29, 2006 (IDG NEWS SERVICE) - Three Florida banks have had their Web sites compromised by hackers in an attack that security experts are calling the first of its type.
Earlier this month, attackers were able to hack servers run by the Internet service provider that hosted the three banks' Web sites. They then redirected traffic from the legitimate Web sites to a bogus server, designed to resemble the banking sites, according to Bob Breeden, special agent supervisor with the Florida Department of Law Enforcement's Computer Crime Center.
Users were then asked to enter credit card numbers, PINs and other types of sensitive information, he said.
According to Breeden, the affected banks are Premier Bank, Wakulla Bank and Capital City Bank, all small, regional banks based in Florida.
This attack was similar to phishing attacks that are commonly used against online commerce sites, but in this case hackers had actually made changes to legitimate Web sites, making the scam much harder for regular users to detect.
Phishing attacks generally require users to click on a bogus Web link, but this attack worked on users who had typed in the correct URL for the banks in question.
Breeden said he had not seen this particular tactic used before. He called it a troubling development.
"The bad guys have created a way to take away the safety of typing the address of your bank," he said. "We have to address it now and say to people, 'Even if you do go to your online bank's Web site, you need to be very careful.' "
Though Breeden said the scam was operational for only "a matter of hours" and probably affected fewer than 20 banking customers, the technique appeared to be very effective at extracting sensitive information. "Probably some very smart people fell for this," he said.
The banks' Internet service provider, ElectroNet Intermedia Consulting, does not house consumer data, so any information obtained by the hackers would have to have been provided directly by victims, the Tallahassee, Fla.-based company said.
The Florida Department of Law Enforcement is investigating the crime with the help of ElectroNet and the affected institutions, ElectroNet said.
The hacking was contained within an hour of being detected, according to ElectroNet. However, it did not say when the attack began or how much time had passed before it was discovered.
Although scammers have traditionally targeted large financial institutions with phishing attacks, that is now changing, according to Rich Miller, an analyst at Internet research company Netcraft Ltd. "Lately we've seen phishing attacks move down the food chain and target much smaller, regional banks," he said.
Small banks such as those in the Florida scam can sometimes make easier targets, Miller said. "The big banks are able to put more resources into securing their sites," he said.
Like Breeden, Miller had not seen this type of attack attempted previously.
The three banks in question could not be reached to comment for this story, but Premier Bank is now asking customers to change their passwords after the bank was notified of a phishing scam, according to a note on the company's Web site.
Tuesday, April 04, 2006
European phishing gangs targeted
Microsoft is launching legal action against 100 phishing gangs based in Europe, the Middle East and Africa.
By the end of March, 53 cases will have begun said Microsoft, with all 100 filed by the end of June.
Seven of the criminal groups behind fake websites that trick people into handing over confidential information are known to be in the UK.
The legal cases follow investigative work undertaken by Microsoft, national police forces and Interpol.
Caught case
"This is specific action against people that we have identified as being behind phishing sites," said Jerry Fishenden, national technology officer for Microsoft UK.
Phishing e-mails try to make you enter personal and login details on fake webpages made to resemble real bank sites.
Mr Fishenden said phishing had grown enormously over the last couple of years. By the end of 2005 there were known to be more than 7,000 unique phishing sites on the net.
But, said Mr Fishenden, this did not mean that there were 7,000 separate gangs at work. Many of the sites were repeat performances by established groups.
Many of those sending out the phishing e-mails were organised crime gangs who ran a scam for a few days off a net domain and then quickly moved on before the site was shut down or investigators caught up.
The phishing gangs make their money in different ways, said Mr Fishenden. Some use the login information to steal money directly from accounts, others sell the data on to those that can use it and some conmen get money for every compromised computer they seed with ad-serving software.
The numbers of phishing sites in operation was being swelled by the appearance of "kits" that show people how to set themselves up as computer conmen.
A couple of years ago, said Mr Fishenden, phishing e-mails were easy to spot because they were littered with spelling errors and the fake sites did not look authentic.
Now, he said, unless users knew what to look for in e-mail messages or used add-on tools for their browser to flag up the fake pages, it was easy to get caught out.
The legal action in Europe, the Middle East and Africa follows similar action in the US in which Microsoft has filed 117 lawsuits against phishing suspects and which has also led to the closure of more than 4,700 phishing websites.
By the end of March, 53 cases will have begun said Microsoft, with all 100 filed by the end of June.
Seven of the criminal groups behind fake websites that trick people into handing over confidential information are known to be in the UK.
The legal cases follow investigative work undertaken by Microsoft, national police forces and Interpol.
Caught case
"This is specific action against people that we have identified as being behind phishing sites," said Jerry Fishenden, national technology officer for Microsoft UK.
Phishing e-mails try to make you enter personal and login details on fake webpages made to resemble real bank sites.
Mr Fishenden said phishing had grown enormously over the last couple of years. By the end of 2005 there were known to be more than 7,000 unique phishing sites on the net.
But, said Mr Fishenden, this did not mean that there were 7,000 separate gangs at work. Many of the sites were repeat performances by established groups.
Many of those sending out the phishing e-mails were organised crime gangs who ran a scam for a few days off a net domain and then quickly moved on before the site was shut down or investigators caught up.
The phishing gangs make their money in different ways, said Mr Fishenden. Some use the login information to steal money directly from accounts, others sell the data on to those that can use it and some conmen get money for every compromised computer they seed with ad-serving software.
The numbers of phishing sites in operation was being swelled by the appearance of "kits" that show people how to set themselves up as computer conmen.
A couple of years ago, said Mr Fishenden, phishing e-mails were easy to spot because they were littered with spelling errors and the fake sites did not look authentic.
Now, he said, unless users knew what to look for in e-mail messages or used add-on tools for their browser to flag up the fake pages, it was easy to get caught out.
The legal action in Europe, the Middle East and Africa follows similar action in the US in which Microsoft has filed 117 lawsuits against phishing suspects and which has also led to the closure of more than 4,700 phishing websites.
