Sources within Absa say the software that was used to fraudulently move funds from a number of Absa bank accounts last week has been identified as eBlaster, a program intended to help parents and employers monitor e-mails and curb Internet surfing.
The software, developed by Spectorsoft, a company based in the US state of Florida, can be purchased legitimately. However, its stealth remote installation has opened itself up to the same abuse that it was designed to protect against.
Sources within Absa have told ITWeb that eBlaster has been identified as the means by which individual passwords and account information were recorded and sent to the suspects, who in turn used the information to access accounts and transfer the funds.
Stealthy monitoring
According to the Spectorsoft product literature: "eBlaster lets you know exactly what your employees or family members are doing on the Internet, even if you are thousands of miles away. eBlaster records their e-mails, chats, instant messages, Web sites visited and keystrokes typed -- and then automatically sends this recorded information to your own e-mail address. Within seconds of them sending or receiving an e-mail, you will receive your own copy of that e-mail."
The tool records keystrokes, Web sites visited and total time spent on each site, and provides instant notification and has a stealth operating mode so the person using the targeted computer is unaware that he or she is being monitored. It can also be installed using a stealth mode.
The marketing literature warns: "Assuming that the receiving e-mail client will allow the receipt of a .EXE file attachment and that the user opening the e-mail clicks on the file attachment, then eBlaster will automatically install itself on that computer. Once installed on the remote computer, eBlaster will send recordings from that computer to your e-mail address."
The Spectorsoft literature includes the warning: "Very important: You must be the owner of the computer to which you are remotely installing eBlaster. If you are not the owner, or have not received permission from the owner to install eBlaster on that computer, you could be in violation of state or local law by monitoring the activities of property that does not belong to you."
Spy vs spy
Strictly speaking, eBlaster is not the same as the "spyware" monitoring applications that are used for advertising marketing information. Also known as "adware" for advertising support software, it is mainly used in the distribution of free software over the Internet that is accompanied by banner adverts. The advertising companies bundle in spyware to record the recipient`s Internet surfing habits and in theory this is supposed to be done anonymously.
Paul Esselaar, Internet law expert and MD of Trustenforce, says: "By installing this software, the employer will not only know if the employee is chatting to his mistress on company time, but he will also have access to that person`s Internet bank username and password. In short, putting eBlaster software on a person`s computer takes privacy infringement to its logical extreme.
"Many companies demand written acknowledgement from their staff to monitor their online and Internet activities, but companies do not reciprocate the deal," he says.
Esselaar says the eBlaster application shares similar characteristics to a program developed by US law enforcement agency, the FBI, called "Carnivore" that was used to track down and prosecute a mafia boss in 2001.
"That program tracks down organised crime suspects` passwords and e-mails, allowing for convictions. eBlaster exhibits some very similar characteristics," Esselaar says.
News that money was fraudulently transferred from up to 10 Absa bank accounts caused widespread concern among Internet banking clients at the weekend. Most of the account holders are located in the Bellville area north of Cape Town, and include bookkeepers and attorneys in charge of trust accounts.
Absa`s internal investigation unit is working with the police`s commercial crime unit to track down the culprits.
Herman Singh, director of online banking at Standard Bank, says many individuals share their passwords and other details with second-parties, which explains why most of the accounts hacked were located in one area.
"A main problem is that people often use private Internet banking services to conduct their business transactions and so share the details with other people whom they know and think they can trust," he says.
Singh says Standard Bank has had no known cases of the accessing of its clients` Internet accounts by using the keystroke method.
Share