- Majority of threats made since El Paso and Dayton shootings have been made online Thursday 8:00 PM
- Miley Cyrus tweets about cheating allegations and penis cake drama Thursday 6:32 PM
- ‘The Dark Crystal: Age of Resistance’ dazzles with a timely tale Thursday 6:00 PM
- The DOJ emailed a white nationalist blog post to immigration judges Thursday 5:31 PM
- The Amazon rainforest is on fire–and people are using memes to cope Thursday 4:11 PM
- Microsoft contractors listened in on Xbox users Thursday 2:15 PM
- Anti-vaxxer assaults pro-vaccine lawmaker on Facebook Live (updated) Thursday 2:15 PM
- Oreos licked by singer Lewis Capaldi are being auctioned off on eBay Thursday 1:54 PM
- Zach Braff predicted Sean Spicer would be on ‘Dancing With the Stars’ 2 years ago Thursday 1:38 PM
- NYPD sergeant who watched Eric Garner die punished with lost vacation days Thursday 1:27 PM
- Brie Larson haters have a meltdown over a joke about Thor’s hammer Thursday 1:26 PM
- This comedian attempted to make fun of women on Twitter—and it did not go over well Thursday 1:04 PM
- Logan Paul wants to help the Amazon rainforest Thursday 12:36 PM
- Nutaku announces redesign and filters for LGBTQ porn games (updated) Thursday 12:25 PM
- This video of dozens of inflatable mattresses taking off in the wind is perfect Thursday 12:20 PM
Hackers stun banks with Trojan heists—and they’re still on the run
A rash of cybercrime reveals all sorts of security failures.
Currently at large somewhere in the world are cybercriminals who have drained the bank accounts of several French companies—all without brandishing guns or cracking safes. They’re highly sophisticated, rather audacious, and too mobile to trace.
Symantec, a computer security software firm, investigated the thieves’ methods as practiced over the course of this year and uncovered an innovative “social engineering” operation. Introducing a remote access Trojan (RAT) to a company’s network, the hackers can harvest all the data they need to transfer funds to offshore accounts, from which they siphon their haul.
Deploying the RAT is tricky, and human error often plays a role, as a case from April revealed: An administrative assistant at a multinational corporation received a link to a suspicious-looking invoice, but this was followed up with a phone call from an alleged company vice president, who in fluent French instructed her to open and process the file. Once she had downloaded the Trojan, it was all over, as Security Watch explained.
The RAT harvested company information, including the company’s disaster plan and its telecom provider details. Using the stolen information, the crooks invoked the disaster plan, claiming a physical disaster. This let them redirect all of the organization’s phones to a new set of phones under their control.
Next they faxed a request to the company’s bank for multiple large fund transfers to offshore accounts. Naturally the bank representative called to confirm; the crooks intercepted the call and approved the transaction.
Because phone calls and convincing French are such critical pieces of the puzzle, Symantec labeled the criminal enterprise “Operation Francophone.” Other jobs have seen them pose as IT employees who need to “upgrade” computer systems (which inevitably requires the “temporary” disabling of certain security factors). In at least one attack, they didn’t even use malware. Again pretending to be IT staff, they emailed requesting a “test” wire transfer of funds that turned out to be real.
It doesn’t look as though OF’s cybercrime spree will come to an end anytime soon, either. “By examining emails and C&C traffic, we were able to determine that the attacker is located in, or routing their attacks through Israel,” Symantec wrote. “Even more surprising, the traffic analysis indicates that the attacker was on the move when they were conducting the attacks. These operational security techniques make the attacker extremely difficult to trace.”
If the architects of OF are ever caught, it should make for a great movie. Until then, employees at large companies should keep security measures robust, and mistrust anyone who calls, emails, or otherwise tries to contact them.
Photo by Will__Martin/Flickr
Miles Klee is a novelist and web culture reporter. The former editor of the Daily Dot’s Unclick section, Klee’s essays, satire, and fiction have appeared in Lapham’s Quarterly, Vanity Fair, 3:AM, Salon, the Awl, the New York Observer, the Millions, and the Village Voice. He's the author of two odd books of fiction, 'Ivyland' and 'True False.'