Caution: Do You Bank Online?

If so, you had better be paying attention — and so better your bank.

There are reports circulating of an “impending” massive cyberheist operation that is targeted at consumers who use online banking services — which is, unfortunately, a huge percentage of people.

There have been multiple “denial-of-service” attacks aimed at large banks over the last couple of months; you have probably seen the reports and might have even been impacted by them. This is a bit different, however, in that it looks like perhaps those were preparatory actions — or intended to insert some sort of “worm.”

In any event it’s not good; reports are that the “ringmasters” are in Russia and Eastern Europe, long a hotbed of this sort of activity.

The gist of the attack is that most US banks do not require “two factor” authentication before initiating a wire transfer. This is especially important because once a wire transfer is confirmed it is really gone, and in general cannot be recalled. It appears that they intend to deploy (or may have already deployed!) trojan horse programs that capture keystrokes, obtain login information and then en-masse initiate wire transfers out of the United States from the victims’ accounts before the banks can react, effectively draining huge sums of money and distributing the proceeds among the crooks.

Now there’s always the possibility that the rather-brash braggadocio being displayed by the “distributors” of these threats and announcements is nothing other than a police sting operation. But in Russia nobody is ever really sure. My experience with cyberhackers is that the Chinese are more-interested in commercial advantage (e.g. stealing your source code, CAD drawings, etc) while the Russians and Eastern Europeans, if they break into your network, are more-likely to leave behind some sort of nasty that is intended to find a way to rob you financially. Both are bad news but for the consumer the Chinese hacker is pretty much an annoyance as you don’t have what he wants. The Russian dude is a different matter entirely.

The biggest challenge is that today’s hacker looking to rob you is more-interested in getting some sort of “quiet” keylogger or other trojan into your system. These are very difficult to detect, as they’re not designed to disrupt your system’s operation in any way — just to look for anything that appears to be a password and then sending it on to the criminals. Do not be fooled if you’re on a Mac into thinking you’re impervious either — and in particular be very careful with mobile devices, most of which are far weaker than their desktop counterparts when it comes to security.

I can’t judge the credibility of this threat accurately, but it has attracted the attention of a fair number of folks who are sounding warning bells, and at least thus far the information appears to be reasonably credible. Tickerforum and my home network systems (which include a pretty-robust firewall) attract over a thousand penetration attempts on an average day, and sometimes become the target of various denial-of-service games. That’s all in a day’s “ordinary” for sites around the Internet; this is a bit different as the intent isn’t to annoy or harass, it’s to steal and you’re the target.

Be wary.