31 October 2014

The Joy of Fraud Fighting

Uri Rivner - BioCatch

77 | posts 316,514 | views 35 | comments

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

Those were the days

14 February 2010  |  4931 views  |  0

Two weeks ago I was cycling in the gym, watching cable TV. Roger Federer was beating Andy Murray live from Melbourne; after losing a point he looked at his tennis racket in puzzlement, as if trying to understand what just happened, and then he resumed winning game after game without even the basic courtesy of showing signs of sweat. Murray gave him a decent British fight, but the outcome was set after set of Swiss precision.

So at some point I started flipping through the other channels, and saw a low-budget film starting. The actor names flashing in and out were mostly unknown, but then the opening scene was about computer viruses and this caught my attention.

A few minutes into the movie I realized this is a 2000 direct-to-video film called Takedown about hacker Kevin Mitnik. The movie is based on a highly controversial novel, but I don’t want to get into that. I’ll just say that watching it brought a wave of romantic nostalgia.

Why romantic nostalgia? Two things. First, Kevin Mitnik was known for shrewdly combining social engineering skills with hacking know-how, and the film does a good work presenting the social engineering elements: calling company employees to get access to non public data; contacting a code developer and tricking him to send over some design documents. Most of the social engineering used for today’s online fraud is very different: it’s almost an exact science, a methodology to maximize response rates to mass phishing, rogue Anti Virus, and crimeware infection links. It’s clever, but in a different way.

Second, because the film takes place in the nineties. The Internet was still in diapers, cellular phones were a novelty, and hackers were still doing it mostly for bragging rights, not for profit. They were engaged in Cybercrime, but not the sort of Cybercrime we have nowadays: Mitnik and his supporters always maintained he never misused any data he stole. Very much like good old War Games.

Today, cybercrime is a nasty business. The vast majority of those involved do it for sheer profit. I’m not saying the weapons they use are not state-of-the-art: in comparison, the tools people like Mitnik developed fifteen years ago seem very much like the computers on board Apollo 11.

But unlike the hacking infrastructure of the nineties, today’s crimeware is primarily built for point-and-shoot functionality like cell phone cameras, so almost everyone can use them – not just the fraudster elite. Take the latest spear phishing attack which spoofed NSA emails; the Trojan used was Zeus 2.0, the most popular Trojan kit on earth – and not a highly complex, custom-built crimeware, which are almost an endangered species these days.

Well, like any nostalgic look-back, I’m probably exaggerating a bit. Today’s top cybercriminals are not less clever and determined; the tools they build are formidable, and in retrospect everything always looks nostalgic. I’ll bet that in fifteen years we’ll look back, sigh, and say: gosh, those were the days.

TagsSecurityOnline banking

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Uri

Brazil vs. Germany: A Surprising Find

12 July 2014  |  2296 views  |  1  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Sweetheart Scams: When Fraudsters Turn to Romance

30 June 2014  |  1757 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

BitCoin Explained: How to Become a BitCoin Thief - part 1

04 December 2013  |  17121 views  |  1  |  Recommends 1 TagsMobile & onlinePaymentsGroupInformation Security

A Message from Hell

01 October 2013  |  2863 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

The Dark Side of Security

11 September 2013  |  2129 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services
name

Uri Rivner

job title

Head of Cyber Strategy

company name

BioCatch

member since

2008

location

Tel Aviv

Summary profile See full profile »
Internet. The perfect fraud frontier. These are the thoughts of Uri Rivner, head of Cyber Strateg...

Uri's expertise

What Uri reads
Uri writes about

Who is commenting on Uri's posts

Ketharaman Swaminathan
Brett King