BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Russian hacking ring specialises in counterfeit checks

From: security curmudgeon <jericho () attrition org>
Date: Tue, 27 Jul 2010 18:26:58 -0500 (CDT)

[This doesn't spell out "data loss", but putting the details together and
  this is an incident. - jericho]

http://blogs.ft.com/techblog/2010/07/russian-hacking-ring-specialises-in-counterfeit-checks/

Russian hacking ring specialises in counterfeit checks
July 28, 2010 12:14am
by Joseph Menn

Most of the organised hacking rings aiming at bank fraud these days are 
stealing login credentials and then taking advantage of the relatively 
recent opportunities provided by online account access, wire transfers and 
other means for mis-shipping electronic funds.

But a newly discovered Russian group was using networks of compromised 
personal computers and techniques for hacking into databases to write $9m 
in counterfeit checks, thought until now to be the purview mainly of 
old-time loners.SecureWorks researcher Joe Stewart infiltrated the network 
of machines used by the gang and found records showing that more than 
3,000 bad checks had been written on more than 1,000 real accounts since 
June 2009. The checks were sent to generally unwitting .money mules. 
recruited from online job sites, who deposited them and wired money to St. 
Petersburg.

The operation had clearly put significant thought into how to stay below 
the radar. It also did serious reconnaissance to figure out how to produce 
credible-looking checks. The masterstroke was identifying and going after 
companies that have thousands of images of checks in one place in order to 
copy the format.

Mr Stewart found two such troves that had been used. One was a .lockbox. 
service that archives pictures of checks for businesses. The other, in an 
unfortunate bit of irony, was an anti-fraud service for check-cashing 
companies.

When consumers turn to check cashers, the establishments often take 
pictures of the client and the check. That way, the same places won.t fall 
prey to the same counterfeiter twice. But the check images were stored in 
a database and the hackers evidently used a company.s credentials to get 
access to them.

.They clearly know how these businesses work on the back end,. said Mr 
Stewart, who will present his findings at the Black Hat security 
conference in Las Vegas this week.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: