Subscribe via RSS
Archives by Date
August 2008
July 2008
June 2008

See all Archives
Archives by Category
'Canes
Afghan Update
Ammo and Munitions
Armor
Around the Globe
Av Week Extra
Axe in Iraq (and Elsewhere)
Bizarro
Blimps
Blog Bidness
Body Armor Blues
Bomb Squad
Brownshoes in Action
Bubbleheads, etc.
Cammo Green
Catch the "Buzz"
Chem-Bio
Civilian Apps
Cloak and Dagger
Commandos
Comms
Contingency Ops
Cops and Robbers
Cyber-warfare
Data Diving
Defense Tech Poll
Dissent Tech
Drones
DT Administrivia
Eat DT's Dust
Extra! Extra!
Eye on China
Fast Movers
FCS Watch
Fire for Effect
FOS Files
Friday Funnies
Gadgets and Gear
Going Green
Grand 'Ol Osprey
Grand Ole Osprey
Ground Vehicles
Guns
Homeland Security
In the Weeds with Eric
Info War
Iraq Diary
Jarhead Jazz
JSF Watch
Just War Theories
Lasers and Ray Guns
Less-lethal
Logistics
Los Alamos and Labs
M4 Monopoly
Medic!
Mercs
Missiles
Money Money Money
Most Wanted
MRAP Edge
Net-Centric
Nukes
Old Skool
Our Shrinking Planet
Planes, Copters, Blimps
Politricks
Polmar's Perspective
Popular Mechanics
Rapid Fire
Raptor Watch
Red Team
Retro-Futuro
Robots
Roll Your Own
Sabra Tech
Ships and Subs
Snipertech
Space
Special Ops
Star Wars
Strategery
Stray Trons
Tactical Development
Terror Tech
The Deadlies
The Defense Biz
The Peoples' Site
The Sunday Paper
The Tanker Tango
The View from Av Week
Those Nutty Norks
Training and Sims
Trimble on the Case
Video Lounge
War Update
Ward'z Wonderz
You can run...

See all Archives
Newsletters

Edited by Christian Lowe | Contact

Cyber Attack: Online Bank Heist

onlinebank.jpg

If someone enters a bank and hand the teller a note, demanding money, it is on the evening news. If someone does the same thing in five banks, it hits the national news. If someone does it to 400 banks online – NOT A WORD. This is not a hypothesis it is a fact.

The cyber weapon used in the 400 bank robberies is called SilentBanker. Security professionals are concerned over the discovery of a banking Trojan which steals user data that impact more than 400 banks worldwide. The information that SilentBanker collects gives it the ability to reroute money to another account owned by the attackers or who they represent. This is done without the user's knowledge until he receives his bank statement.

Trojan: (short for Trojan Horse) is a piece of malicious software which appears to perform a certain action but in fact performs another. In addition, trojan horses are notorious for installing backdoor programs.

This appears to be just the beginning of the attack. The Trojan first appeared in December 2007 and continues to spread around the world. SilentBanker is more powerful that originally thought. The malicious code is so smart that if it is missing information needed to complete the transaction, the trojan enables the attackers to add extra code to the authorization page asking the user for that missing data. The rapid increase in sophistication and complexity of the latest cyber attack tools is a clear trend that is challenging the cyber security industry to stay ahead of the criminals and terrorists.

No one knows who is collecting the money, nor how they intend to use it. Could it be for drugs, terrorist attacks, purchasing of weapons or just very sophisticated bank robbers? One thing is for sure, this is just another example of our vulnerability.

PROTECTION: Make sure your anti-virus software is updated and operational. Vigilance is also a powerful defense. Check your bank statements and balances regularly and report any suspicious activity to your bank immediately.

-- Kevin Coleman
February 19, 2008 08:00 AM | Cyber-warfare | 

Comments

bewitching the strategy has the same impact to determine where those saboteurs of projects and thieves even hackers are.

Posted by: Donabell C. De Apera at March 17, 2008 04:59 AM


I love fighting those thieves and identity thefts that uses fake names in stealing money and sabotaging many military people and abused those civilians using drugs and gossips.

It is a real cynical strategy that gave the total entrapment to those people who uses many innocent people in killing.

With the strategy i found, i can make my blog much more difficult to steal due tot he circumstances that makes them in vain in real battle and war.

I love spy games and making my life in total distress to awaken the scientist part of my brain that gave many power even in mysteries.

With this, i love to sent my blog as one of those project and the part of my volunteering job world wide to gave the soldiers like me that are ill due to sabotage.

Posted by: Donabell C. De Apera at March 17, 2008 04:57 AM


MAC

Good point and I can not see how they can say low. This is a very complex piece of code and we already have seen one major managed security services provider find SilentBanker type communications taking place behind all the security in place at three of their clients. I say SilentBanker type communications because they are looking for the trojan but have not found it yet but they have found transmission to the foreign web sites that SilentBanker send the stolen data to.

Given they found this behind a commercial firewall that is properly configured, fully updated anti-virus software, intrusion detection sensors and other commercial security protection - tells me this is not a low level risk. If that is not enough - 400 Banks being hit is far from low!

Posted by: Kevin at February 21, 2008 09:00 AM


You should probably mention that Symantec rates this as a Low threat level, and lists the number of known infections at "0-49"...

http://www.symantec.com/security_response/writeup.jsp?docid=2007-121718-1009-99

Posted by: Mac at February 21, 2008 08:18 AM


The comments re: SSH are correct _IF_ the trojan is written to grapple with SSH rather than the far-easier aspects of SSL or other common, browser-based so-called "security."

The devil is always in the details, e.g., the implementation.

For example, it would be easier to prevent man-in-the-middle attacks if the system I described required the user to obtain meatspace authentication ... let's say a mini-CD. The user would run the mini-CD, which would first check for the presence of decent and recently updated virus protection software on the user's disc.

If the virus protection did not exist, then the widget does not install.

If it exists, then the CD installs the widget.

The widget would create an SSH tunnel.

On the bank end, the server authenticates the connection with hash generated by the widget and the user's log-on account.

Sure, sure, the determined intruder can hack a crack at most any system. Write a virus that cracks strong encryption used by the mini-CD and spoofs hash in just the right way.

But having to do all this it bank-by-bank ancd user-by-user makes mass theft harder.

Posted by: Lewis Perdue at February 20, 2008 10:16 AM


"And how much effort would it be for banks to require a direct SSH connection? Damn little."

A SSH connection to the bank will have zero impact against Trojans. Banks are already "secured" using a secure tunnel protocol: SSL and yet SSL does not stop Trojans.

It doesn't matter if the connection is encrypted, if there is a Trojan on the computer it can log/monitor/record/intercept/edit anything the user does.

Recent Trojans now wait until the user has successfully logged into the bank web site and then proceeds to conduct unauthorized transactions - in other words, they do not even need to know the password!

Internet Security is complex.

http://www.securityabsurdity.com/failure.php

Posted by: Visitor at February 20, 2008 12:44 AM


An SSH connection to the bank will do nothing really, neither will PGP authentication since the the Trojan has infected the system itself and was able to pick up the password when you typed it in. The virus could easily be adapted to pick up the SSH password. Nevertheless, what in the world will the user do once they SSHed into one of the bank's machines? Run some scripts? Sure....

All I can really say is, if you're using Windows, make sure that you never come close the Internet Explorer, use Firefox or Opera. That, and an updated anti-virus is your main line of defense. Also, take a look at Spybot Search and Destroy to clean your spyware on a regular basis.

But honestly, sucks to be you if you're using Windows. If you really want security, choose a Mac or an Ubuntu Linux loaded Dell or HP for your next computer purchase. Both Linux and Mac are easy to use if you take just _a little bit_ of time to learn them, the former is getting easier with every release and the latter is already high quality and very easy to use.

Posted by: Arthur at February 19, 2008 11:42 PM


First of all this trojan is different and appears to be based on the STORM worm. The complexity of SilentBanker and STORM is unlike the trojans of the past. The latest versions are self morphing thus changing itself to avoid virus signatures. IF that is not bad enough we have see STORM versions that are self defending. If you start to delete it, it copies itself to another location. A major Managed Security Service provider took our detailed data about SilentBanker and ran it against their logs of activities for their For those of you who want to stick you head in the sand go ahead. But for the rest of us that have to protect a company or our country this signals a new level of complex threat that existing security software and hardware does not provide adequate protection.

Posted by: Kevin at February 19, 2008 11:31 PM


To the poster "jon": You said: "What I am trying to say is, don't worry folks. Your computer isn't going to eat you."


That's because you're completely IRRELEVANT as a target to any cyber-criminals, and I bet that thousands of hackers didn't exactly take too long to find that out after leafing through your "My Documents" folder! But how many vicious hacker attacks do the F.B.I., the C.I.A., the Pentagon, the N.A.S.A. and all the World's banks etc. have to endure each day?

Do you really claim that the banks "should stop worrying" about malware spying on their (= on OUR) secrets just because you're convinced that "the coast is clear"?

Ah, I know:

"Do not fear: It's only Reality that's deluded!"

Posted by: freefallingbomb at February 19, 2008 11:05 PM


I run regularly a virus check on mu computer. Almost every time, it shows a Trojan Horse. After investigating it, it seems like I get it from the net while I am surfing. Very good idea to run virus check.

Posted by: SteveA at February 19, 2008 10:51 PM


Who are you guys, and what did you do to Christian? I come here for intelligent analysis, not press release regurgitation.

I am getting tired of the sensationalist propaganda warning of impending doom from the internet you guys keep pushing. There is nothing that the SilentBanker trojan does that literally thousands of trojans haven't tried before.

I haven't run a virus scanner on any of my home machines or over 10 years, and never once been infected by a virus or trojan. I am just careful, and run an online scanner every once in a while. What I am trying to say is, don't worry folks. Your computer isn't going to eat you.

Posted by: jon at February 19, 2008 08:03 PM


Damn. I thought you only became a pro-level blogger if you could write in something close to the language of the blog. I waz rong.

Posted by: max at February 19, 2008 02:50 PM


"And how much effort would it be for banks to require a direct SSH connection? Damn little.

It would be a trivial programming task to create a browser widget to use an open source SSH client such as Putty. And a stronger level of encryption based on PGP.

All this could be automated so the most clueless of users could do it. "

That would certainly help to thwart the trojan-in-the-loop, but what about logging keystrokes? All the trojan has to do is watch for traffic to a list of known websites and start logging keystrokes. Also, how much would an SSH connection help if the trojan is already hooked into the browser?

Still, something does need to be done to beef up security. Perhaps the banks should start compiling a blacklist of account numbers that the money is being sent to. It won't stop the problem all together, but it would certainly slow it down a bit.

Posted by: Steve Smith at February 19, 2008 02:14 PM


Please send your articles through an editor, the errors are painful to read.

Posted by: Nicholas Kamm at February 19, 2008 11:37 AM


And how much effort would it be for banks to require a direct SSH connection? Damn little.

It would be a trivial programming task to create a browser widget to use an open source SSH client such as Putty. And a stronger level of encryption based on PGP.

All this could be automated so the most clueless of users could do it.

But bank execs are fat, dumb overstuffed drones who don't care if their customers get screwed. After all, they can just double credit card rates to recoup the money ... just like BofA just did.

Posted by: Lewis Perdue at February 19, 2008 10:00 AM


Post a comment




Remember Me?


Please enter the code as seen in the image below to post your comment.