The Jackson 5,000

An accused automated teller machine scammer allegedly had a small fortune in $20 bills in his possession when he was arrested in Boston last week.

Anton Venkov was arrested Jan. 28 by the U.S. Secret Service, The Boston Globe reported Saturday. Agents say they found nearly $100,000 in $20 bills in Venkov's car at the time of his arrest. Venkov had not yet entered a plea at the time the Globe article ran.

Venkov, of Toronto, is accused of working with Vladislav Vladev, of Quincy, Mass., and Ivaylo Hristov, of Ontario. All three share Bulgarian roots, and Venkov and Hristov said they are Canadian citizens.

A spokesman for the Norfolk District Attorney's office said the trio are suspected of executing most of the recent ATM thefts in eastern Massachusetts. They allegedly planted skimming devices on Bank of America Corp. and Citizens Financial Group ATMs to steal magnetic-stripe data and small cameras to record PINs as they were entered. The copied stripe data could then be written onto any other magnetic stripe card, such as a hotel key or an unused gift card.

According to an affidavit, Hristov had several gift cards with PIN numbers written on attached notes when he was arrested last week. All three men were spotted by surveillance cameras attaching skimming devices to ATMs and removing them, the affidavit said.

Hacker at Home

The New York Times took a visit to a small town in China to get to know the sort of hacker who could compromise Google Inc.

The hacker, identified only as Majia, did not take credit for the attacks Google disclosed last month, but was able to describe some details of what happened — naming the Trojan horse that was used and where it originated and noting that it was altered in the weeks before the Google attack.

Majia spends his nights hacking into bank accounts and writing code that he sells to other hackers. And, according to the article, Majia has a wide audience for his code.

"In China — as in parts of Eastern Europe and Russia — computer hacking has become something of a national sport, and a lucrative one," the Times story said. "There are hacker conferences, hacker training academies and magazines with names like Hacker X Files and Hacker Defense, which offer tips on how to break into computers or build a Trojan horse, step by step."

Writing malicious code may be as lucrative as draining bank accounts, the article said, as coding is a rare skill even among experienced hackers.

"Only a few of us can actually write code," Majia told the Times. "That's the hard part."

The article ended on an ominous note, with Majia claiming that he has access to "a lot" of unpatched flaws in Microsoft Corp. and Adobe Systems Inc. software.

"We don't publish them," he told the Times. "We want to save them so that some day we can use them."

Cybercrimes

"Scareware" and "ransomware" distributors are upping the ante, making it harder for infected users to continue using their computers without handing over payment details.

The viruses used in these schemes are not stealthy — they blatantly take over a user's computer, changing the desktop background and issuing on-screen alerts about the infection. All of these alerts are also ads for a bogus antivirus product that promises to clean up the mess, MSNBC.com's Bob Sullivan reported Friday in his column "The Red Tape Chronicles."

Modern versions of these viruses interfere in the operation of the computer by disabling other programs or encrypting data until the user pays up.

Unlike conventional viruses, these ones are easy to clean up, since the virus writers typically keep their promise of returning control of the infected computer once they are paid.

"Still, it's a terrible idea to pay," Sullivan wrote. "On a grand scale, you've just subsidized a criminal. But there are far more practical concerns — why would you trust the author of ransomware with your credit card number?"

Last year scammers bilked $150 million from users tricked into making payments, according to the Federal Bureau of Investigation.


It is not unusual for the victim of a cyberheist to sue its bank over losses. It is much more unusual for the bank to sue the victim.

PlainsCapital Bank, the banking unit of PlainsCapital Corp. of Dallas, filed a preemptive suit against Hillary Machinery Inc. on Dec. 31 asking the court to affirm that the banking company had exercised reasonable security measures when it executed more than $800,000 in unauthorized wire transfers initiated using Hillary's online banking credentials, Brian Krebs reported on his "Krebs on Security" blog Jan. 26. PlainsCapital recovered only about $600,000 of the stolen funds.

Hillary, of course, disagrees that its bank's security measures were reasonable. Troy Owens, Hillary's vice president of sales and marketing, told Krebs that the scam was run from computers with Internet Protocol addresses in Italy and Romania. Though PlainsCapital sends clients an e-mail to authorize new computers for online banking access, Owens claims that his company never received those verification e-mails.

PlainsCapital declined to be interviewed for Krebs' story, but the banking unit's president, Jerry Schaffner, told Krebs in an e-mail that "the loss incurred by Hillary Machinery Inc., although regrettable, was not the result of a cyberattack on PlainsCapital Bank."


Roughly half of online banking users use the same username and password at less secure Web sites, a study found.

According to data from the security software provider Trusteer Ltd. of Tel Aviv, 73% of online banking users reuse at least their password at other sites, and 47% reuse both their username and password.

"This dismal password security practice means that if cybercrooks trick a user into giving away his login credentials for a social networking site, for example, they stand a very good chance of getting into webmail and online banking accounts for the same person," an article Tuesday on the U.K. tech news site The Register said.

Trusteer's data comes from users of its Rapport software, which is distributed by banks to prevent their customers from logging in at phishing sites.

Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any comments, ideas, and suggestions about this column.