Russian hacker arrested in bank extortion case

[InfoSec News <isn () c4i org>]

http://www.infoworld.com/articles/hn/xml/02/02/06/020206hnrussian.xml

By Sam Costello 
February 6, 2002 10:17 am PT

IN MID-JANUARY, RUSSIAN law enforcement, with help from the U.S.  
Secret Service and U.S. Federal Bureau of Investigation (FBI),
arrested a computer hacker who had attempted to extort $10,000 from a
U.S. bank, according to a Secret Service agent.

The hacker, whose name was not revealed, was arrested after breaking
into a server owned by financial ASP (application service provider)  
Online Resources (ORCC) and attempting to extort money from one of
ORCC's client banks, said Ray Crosier, the company's president and
chief operating officer.

McLean, Virginia-based ORCC offers online banking, electronic payment
and other financial services over the Internet to 525 financial
institutions in the U.S., Crosier said.

ORCC uses a two-stage system by which it allows customers of its
client financial institutions to use its services, Crosier said.  
First, when registering for online accounts through their banks, users
are sent to registration servers, with each financial institution that
ORCC deals with having its own dedicated server. After registration is
completed on the first server, all information and transactions are
handled through a second server, he said.

The hacker was able to break in to a registration server used by the
client due to an unpatched security hole on the server, Crosier said,
declining to release the name of the company whose data was stolen.  
Crosier also said that the situation with that client was unique among
ORCC's customers as the configuration used on the server was
customized and not present elsewhere at ORCC.

By breaking into the registration server, the hacker was able to grab
customer records that included names, addresses and bank account
numbers, Crosier said. Because only registration was handled on the
server, however, the hacker was unable to commit fraud, move funds or
gain access to data from other banks served by ORCC, he said.

The intrusion into the server happened in early 2001, though the
Russian did nothing for nearly eight months with the data he obtained,
according to Crosier. In late 2001, the hacker began sending e-mail to
ORCC's client bank, saying that he would post the data he'd obtained
from the server on the Internet if he was not paid $10,000, according
to Secret Service agent Brian Palma.

After the extortion demand, ORCC contacted the Secret Service and the
bank to whom the demand was made contacted the FBI, Crosier said. The
Secret Service New York field office then began a dialogue with the
hacker, asking questions about how he wanted to receive the money,
where to send it and the like, Palma said.

Such negotiations are part of standard procedure when dealing with
extortion cases, Palma said, and give agents the time used during the
negotiations to try to track down the suspect.

In this case, those procedures worked, as the Secret Service was able
to trace the hacker's e-mail messages, Palma said. The FBI contacted
Russian law enforcement and the hacker was arrested Jan. 16, he said.  
Although the Secret Service did pay the $10,000 the hacker demanded,
what's left of it was seized, as was the computer equipment purchased
with the money, Palma said.

The hacker, who has a history of similar crimes in Russia, will be
prosecuted, according to Palma.

ORCC's Crosier sent an e-mail to ORCC's clients in late January
explaining the situation to them and reassuring them that "none of
them were ever at risk at any time," he said. Only two of ORCC's
customers contacted Crosier after the e-mail was sent, he said.

"We feel good about having caught the guy," Crosier said.

 

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.