- Ninja mocked for not knowing how to make a sandwich Wednesday 9:30 PM
- Marvel comics writer discusses misogyny in the industry Wednesday 9:09 PM
- TikTok conspiracy theorists think Juice WRLD is still alive Wednesday 7:03 PM
- Conservatives are protesting YouTube’s new harassment rules Wednesday 5:36 PM
- YouTuber’s ‘creepy’ comment about Taylor Swift’s eggs gets ratioed Wednesday 5:31 PM
- Bloomberg razzed for accidentally making an Alexa Fleshlight Wednesday 5:29 PM
- Who is putting cowboy hats on pigeons? Wednesday 4:33 PM
- Scammer reportedly bribed Facebook employee to keep posts up Wednesday 3:36 PM
- The 1975’s singer criticized for ‘Islamophobic’ rant Wednesday 3:22 PM
- Ready to dish out $52K for Apple’s new Mac Pro? Wednesday 3:03 PM
- N.K. Jemisin and Jamal Campbell discuss their new Green Lantern comic, ‘Far Sector’ Wednesday 3:00 PM
- YouTube says it will be harsher on creators with ‘patterns of harassing behavior’ Wednesday 1:15 PM
- Why one senator stopped a vote on net neutrality Wednesday 12:49 PM
- Man reportedly denied refugee status after officials fail to forward email Wednesday 12:09 PM
- ‘Jojo Rabbit’ star to lead Disney+ ‘Home Alone’ reboot Wednesday 12:08 PM
Hackers stun banks with Trojan heists—and they’re still on the run
A rash of cybercrime reveals all sorts of security failures.
Currently at large somewhere in the world are cybercriminals who have drained the bank accounts of several French companies—all without brandishing guns or cracking safes. They’re highly sophisticated, rather audacious, and too mobile to trace.
Symantec, a computer security software firm, investigated the thieves’ methods as practiced over the course of this year and uncovered an innovative “social engineering” operation. Introducing a remote access Trojan (RAT) to a company’s network, the hackers can harvest all the data they need to transfer funds to offshore accounts, from which they siphon their haul.
Deploying the RAT is tricky, and human error often plays a role, as a case from April revealed: An administrative assistant at a multinational corporation received a link to a suspicious-looking invoice, but this was followed up with a phone call from an alleged company vice president, who in fluent French instructed her to open and process the file. Once she had downloaded the Trojan, it was all over, as Security Watch explained.
The RAT harvested company information, including the company’s disaster plan and its telecom provider details. Using the stolen information, the crooks invoked the disaster plan, claiming a physical disaster. This let them redirect all of the organization’s phones to a new set of phones under their control.
Next they faxed a request to the company’s bank for multiple large fund transfers to offshore accounts. Naturally the bank representative called to confirm; the crooks intercepted the call and approved the transaction.
Because phone calls and convincing French are such critical pieces of the puzzle, Symantec labeled the criminal enterprise “Operation Francophone.” Other jobs have seen them pose as IT employees who need to “upgrade” computer systems (which inevitably requires the “temporary” disabling of certain security factors). In at least one attack, they didn’t even use malware. Again pretending to be IT staff, they emailed requesting a “test” wire transfer of funds that turned out to be real.
It doesn’t look as though OF’s cybercrime spree will come to an end anytime soon, either. “By examining emails and C&C traffic, we were able to determine that the attacker is located in, or routing their attacks through Israel,” Symantec wrote. “Even more surprising, the traffic analysis indicates that the attacker was on the move when they were conducting the attacks. These operational security techniques make the attacker extremely difficult to trace.”
If the architects of OF are ever caught, it should make for a great movie. Until then, employees at large companies should keep security measures robust, and mistrust anyone who calls, emails, or otherwise tries to contact them.
Photo by Will__Martin/Flickr
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'