prime archive http://sjcite.info/ct.html Also cf IntelSec technology http://sjcite.info/intelsectech.html
Dial tone http://sjcite.info/telcom.html
Banking Alert: Global Hackers Steal $45 Million From ATMS
5.11.13 Susanne Posel Occupy Corporatism
http://www.occupycorporatism.com/banking-alert-global-hackers-steal-45-million-from-atms/
Brooklyn US Attorney Loretta Lynch is involved in prosecuting a gang of cyber criminals for hacking into databases of pre-paid debit cards and using them to extract $45 million out of ATMs. Lynch stated that several of the mend arrested in connect with this crime were originally from the Dominican Republic.
In the cyber world, this attack was known as “Unlimited Operations”.
The Department of Justice (DoJ) and law enforcement in Germany, Japan, Canada, Romania and 12 other countries were involved in this investigation.
Lynch said: “The defendants and their co-conspirators participated in a massive 21st century bank heist that reached across the Internet and stretched around the globe. In the place of guns and masks, this cybercrime organization used laptops and the Internet. Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of A.T.M.’s in a matter of hours.”
Twenty-seven countries were affected by this scheme.
Seven individuals have been apprehended in the US while others across the globe are being arrested in connection with this heist.
Authorities say that by using bogus magnetic swipe MasterCard debit cards at ATMs, this cell of thieves withdrew $2.8 million in cash from those hacked accounts in one day. Prosecutors revealed that 2,904 withdrawals resulted in nearly $3 million being stolen.
MasterCard stated that they cooperated with law enforcement investigations; yet detailed how their systems were not affected by these attacks. The Secret Service was contacted by MasterCard after the suspicious activity was performed.
Robert Rodriquez, former agent with the Secret Service and current chairman of the Security Innovation Network (SIN) explained that this was an “old crime”.
Rodriquez said: “The difference today is that the dynamics of the Internet and cyberspace are so fast that we have a hard time staying ahead of the adversary.”
Surveillance cameras at ATMs have caught the image of most of the thieves as they filled backpacks with cash in Manhattan.
Lynch asserts that the cash would be laundered and sent overseas to the ring leader.
Expensive purchases were made in cash to hide the money stolen; such as luxury cars, expensive watches. Prosecutors seized Rolex watches, a Mercedes G63 AMG and a Porsche Panamera.
Internationally, prosecutors say that the National Bank of Ras al-Khaimah PSC (Rakbank) located in the United Arab Emirates and the Bank of Muscat in Oman were attacked into by a virtual criminal flash mob that eliminated withdrawal limits from ATMS and drained accounts.
Authorities say that $40 million was syphoned out in recent attacks which can be added to the $5 million that was stolen last December.
This information was passed to “cashers” or “cashing crews” that were dispatched simultaneously to withdraw funds from ATMs in cities across the world.
Rose Romero, a former federal prosecutor and regional director for the U.S. Securities and Exchange Commission (SEC), said : “Unfortunately these types of cybercrimes involving ATMs, where you’ve got a flash mob going out across the globe, are becoming more and more common.”
Romero expects that more of these types of crime will surface.
Ken Pickering, member of the intelligence firm CORE Security, explained that “once you see a large attack like this, that they made off with $45 million, that’s going to wake up the cybercrime community.”
In 2009, the Royal Bank of Scotland was targeted in a pre-paid scam wherein $9 million was taken in less than 12 hours from ATMs.
Bill Stewart, senior vice president at Booz Allen believes that these hackers displayed sophistication in their utilization of ATMs and cybercrime being carried out on such as vast scale.
Stewart said: “The run of the mill criminals are more common [in cybercrime] than you think. There are still many institutions these days are not practicing good security hygiene. So these kinds of attacks work.”
= = =
Bitcoin exchange seizure 5.15.13
Malware Uses Windows to Extract Customer Data From Cash Registers & ATMs4.1.13 Susanne Posel Occupy Corporatism
http://www.occupycorporatism.com/malware-uses-windows-to-extract-customer-data-from-cash-registers-atms/
Group-IB, a Russian security firm, has discovered Dump Mummery Grabber (DMG) that is a malware focused on extracting data and compromising cash registers and ATMs. DMG can be used to syphon information on customer debt and credit cards from banks like JP Morgan & Chase Co., Citibank, Capital One and law enforcement agencies.
Andrey Komarov, head of international projects and CTO at CERT-GIB, said: “We have found one of the C&C servers for the following POS malware, but in fact hundreds of POS/ATMs were infected and we are still investigating this issue.”
CERT-GIB, a computer security incident response team, has partners with Group-IB to respond to:
• Denial of services attacks (DoS, DDoS)
• Unauthorized use of data processing and storage systems
• Data compromise
• Asset compromise
• Internal/external unauthorized access
• Creation and distribution of malicious software
• Breach of information security policies
• Phishing and unlawful brand use online
• Fraud with online banking and electronic payment systems
DMG is installed at the point-of-sale (PoS) and directly into ATMs with the ease of transmitting data through magnetized strips. Infarct, DMG will steal digital information from those magnetized strips, collecting data such as:
• Primary account number
• Customer full name
• Card expiration date
With the use of a USB port, the malware can have direct communication with the internet. DMG clones credit and debit cards utilizing stolen card numbers with harvested information.
Group-IB believes that the Russian cyber-criminals are involved with Anonymous; having originated in the Ukraine, Armenia, Moscow and the US. The domain address is registered to a Russian corporation named CISLAB.
Allegedly the writer of the malware is Wagner Richard, a member of the Russian Federation. It is suspected that WR is involved in cyber-crime, actively participating in directed denial-of-service attacks (DDoS).
Group-IB admit that they used information from “insiders” to conclude that PoS systems and the software keeping them operational (such as Windows XP and Windows Embedded) can be remotely operated; as well as infected which exploits intrinsic vulnerabilities in ATM networks and the banks connected to them.
DMG is the next generation malware of such programs as Dexter which was previously used to infect PoS stations in retail outlets, hotels and restaurants. Dexter was also directly connected to the internet where the data stolen could be passed quickly to its destination.
Another related program used was vSkimmer which used Windows operating systems to syphon data at the point of payment which then transferred the data to a remote server to be downloaded and removed onto a USB port.
Last year, Kaspersky Lab, a Moscow-based computer security firm has found a new cyber surveillance virus that has been spying on banking transactions, stealing login information for social networks, email and instant messaging in the Middle East – specifically targeting Lebanon’s BlomBank, ByblosBank and Credit Libanais.
And infected computers also include CitiGroup Inc.’s Citibank and eBay’s Paypal online payment system.
This virus’ focus on online banking makes it a potential threat to banking systems worldwide. Researchers are still trying to determine if this virus is simply conducting surveillance on banking transactions or if it is being used to steal money out of targeted accounts.
Being called Gauss by the Kaspersky Lab, who confirmed that the new virus is related to Stuxnet, Flame and Duqu, yet a more sophisticated, state-sponsored cyber-espionage tool.
Gauss is capable of being used as a weapon to attack industrial control systems, just like Stuxnet which was used to go after Iran’s Natanz nuclear power plant facility in 2010. Gauss can encrypt programs that are compressed onto a USB drive and decompress them once the virus is able to contact to a targeted computer. Kapersky Lab stated: “After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same ‘factory’ or ‘factories.’ All these attack toolkits represent the high end of nation-state-sponsored cyber-espionage and cyber war operations.”
The Department of Homeland Security (DHS) said it was analyzing Gauss’ potential threat to the US. Peter Boogaard, DHS spokesperson commented: “The department’s cyber security analysts are working with organizations that could potentially be affected to detect, mitigate and prevent such threats.”
Guass, which is an online banking surveillance virus, has the capability of electronically transferring information out of customer accounts to be redirected to another location. The banking industry would be devastated if suddenly they were infiltrated by Gauss which would cause every banking customer to become insolvent overnight.
This sets the stage for the banking holiday that we’ve all been warned about. For example, the mainstream media would be used to announce that Gauss has infected the all domestic banking computer systems. In order to purge the virus, all banks would need to shut down for a specified amount of time in order to reconfigure their computers. Perhaps on a Friday afternoon, the major banks will all announce that they will shut down to customer activity so they can “get rid of” Gauss from their system. The banks might say that they will reopen to the public on Monday morning.
Customers would not be able to conduct any financial transactions, either in the bank or online over that weekend. And with the promise that everything will be ok on Monday, there is no threat of a banking holiday because the cover story is that a virus must be purged before regular banking can continue.
However this would be a false flag meant to pacify the public to avert mass panic. While the general public would fall for the cover story, the banking cartels would simply electronically transfer all customer funds from private checking accounts out to off-shore banks where they could not be touched and cover their tracks.
Then on Monday morning, while the reports that the banking industry suffered greater infiltration than expected, the DHS and US armed forces would be poised to enact martial law to control the potential for domestic insurrection caused by the realization that every American has had their money stolen from them by the technocrats posing as cyber-criminals.
No comments:
Post a Comment