Much like traditional bank robbers who gradually escalate the scope and ambition of their thefts, Internet criminals are dramatically upping the ante, leaving businesses and consumers who fear Web-related crimes wondering where the game is going to go next.
It would appear that one of the latest plots to e-nab cash-an attempt by a ring of criminals to steal more than $420 million from the London offices of Sumitomo-was unsuccessful. But Watchfire says the planned robbery is drawing attention to a phishing technique called key-logging, which is rapidly becoming one of the greatest threats faced by financial institutions and consumers.
After the foiled heist, London police warned City financial institutions to be on alert for criminals using technology that records every key stroke made on a computer. Key-logging allows users to steal passwords controlling access to computer systems. In the Sumitomo case, it's still unclear whether the criminals physically installed key-logging hardware after gaining access to the bank, or if they hacked into the systems and installed software from some remote location. Hibis Europe, a fraud consultancy, says this is the first time evidence has emerged of an organized criminal ring using key-logging to attempt an electronic bank robbery.
The investigation took law enforcement officials as far away as Israel, where one of the alleged intended recipients of an unlawful transfer was recently arrested. Sumitomo says it did not suffer any financial loss due to the attack and has not commented further.
Mike Weider, founder and CTO of Watchfire, says there are several ways for end users to protect themselves from key-loggers. Users should make sure their Windows operating system and Internet browser have been patched with the latest updates, and should also get an application firewall on their desktops. It's also important to check credit cards for suspicious transactions, avoid opening e-mails from unknown sources, be aware of phony sites designed to extract personal information, and e-mails that appear to be from financial institutions asking for "updates" on personal information.
Corillian and Quova Team Up to Fight Crime
As phishing shows no short- or long-term signs of abating, Web banking firm Corrillian and Quova, a developer of Web geography services and technology, are teaming in an attempt to ward off attacks.
The firms' combined technology will work to identify the geographic location, ISP and organization associated with each visitor to a Web site. The firms say this will help them identify phishing sites under development, detect fraudulent behavior and examine potential compliance issues.
