Subscribe

Online fraud 101

By Alex Kayle for RSA
Security Summit 2009, 27 May 2009

Online fraud no longer involves an individual hacking into another person's computer from their basement, but has boomed into a financially lucrative underground market of organised crime.

So says Uri Rivner, head of new technologies at RSA, the security division of EMC, who yesterday revealed at the ITWeb Security Summit, in Midrand, how to become a successful online fraudster.

The online fraud supply chain is split into two main areas, noted Rivner: the harvesting side and the cash out side. The harvester steals data via malicious devices, such as malware and Trojans, while the cash out fraudster acts as the kingpin that organises the criminal activity.

The cash out fraudster has the victim's credentials and then monetises on them. Rivner said 80% of the stolen money goes to the cash out fraudster, while 20% goes to the harvester.

In order not to get caught by the authorities, the fraudster commits money laundering via a mule account. Rivner describes a mule is an individual who is unaware of the fraudulent activity.

According to Rivner, the mule's role is to move the money out of the country. The fraudster pretends he is from a charity and requests the mule (who believes he is helping the charity) to transfer the money across the border into another account in another country.

Underground marketplace

Rivner pointed out that the communication channel between fraudsters usually takes place over an underground online forum with buyers and sellers, similar to that of eBay. Except the buyers and sellers are looking to purchase or sell fraudulent services and malware.

Security Summit 2009 Expo

Visit the Security Summit Expo taking place from 26 to 28 May at Vodaworld, Midrand. Tickets cost R150 and more information is available online here.

Some examples of popular Trojans that cyber criminals are using include Silent Banker and Sinowal/Torpig, which are not for sale.

“Zeus Trojan kit is the most popular and it sells for $1 000 and Limbro goes for $350 in the underground fraud market.

“Limbro infects the machine via a vulnerability through the Internet browser and injects additional fields into a legitimate online banking Web site trying to lure the user to give confidential information,” he explained.

“The infected legitimate online Web site asks for the user's PIN number and password. You would have no visual clue that something is wrong with your machine. They use whatever means to get the fraud going, even having a telephone number and pretending to work for the bank.”

Share