16 August 2017
visit www.avoka.com

$479,000 heist from small business bank account lends weight to calls for online banking 'lock-down'

16 October 2009  |  10240 views  |  0 anonymous figure in front of stock exchange

Criminals have stolen more than $479,000 from a Pennsylvania housing development authority after infecting its computer system with the notorious Clampi Trojan. The crime is the latest in a rash of heists from small business banking users in the US that has led some industry bodies to suggest radical lock-down procedures for companies banking online.

According to local press reports, the Trojan was installed through a fake Web site purporting to belong to Cumberland County Redevelopment Authority's bank, M&T.

Once installed, Clampi stole passcodes which were used to transfer the money to bank accounts set up by the hackers at 11 different financial institutions. About $109,000 has been recovered since the money was taken on 22 September.

The incident is just the tip of the iceberg, if Bryan Krebs of the Washington Post's SecurityFix blog is to be believed. He reports multiple cases of small business and non-profit organisations failling victim to similar sophisticated Trjoan attacks.

Concern over the upsurge in crybercrime has moved the bank-backed Financial Services Information Sharing and Analysis Centre to issue a confidential alert to members about the dangers posed to small businesses when banking online.

The note recommends that commercial banking customers should be induced to "carry out all online activity from a standalone, hardened and locked-down computer from which e-mail and Web browsing is not possible".

Separately, four members of a London-based cyber gang have pleaded guilty to charges relating to the theft of £600,000 from bank customers, reports the Press Association.

The gang infected victim PCs with a Trojan and waited until they logged in to bank accounts. The software then checked the accounts contained enough money before insinuating itself into online cash transfer procedures.

Victims were presented with a page containing a fake Natwest logo and asked to type in passwords, PIN numbers and telephone numbers. Money was then siphoned off to mule accounts and eventually Eastern Europe.

In total, 138 customers were conned with £600,000 stolen, although Natwest has recovered about £140,000.

Azamet Rahmanov and three co-defendants, who have variously pleaded guilty to the conspiracy and money laundering counts at Southwark Crown Court, will be sentenced next month.

Hacker takes almost $480,000 from authority - The Sentinel

Internet fraud gang faces jail - PA

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Sophisticated cybercrooks cracking bank security efforts

Sophisticated cybercrooks cracking bank security efforts

30 September 2009  |  12977 views  |  0 comments
ID theft malware soars 600% - PandaLabs

ID theft malware soars 600% - PandaLabs

20 August 2009  |  5535 views  |  0 comments
US man charged with stealing 130 million card numbers

US man charged with stealing 130 million card numbers

18 August 2009  |  9805 views  |  0 comments
Aussie police make Trojan banking arrest

Aussie police make Trojan banking arrest

13 August 2009  |  6149 views  |  0 comments
Trojan steals 500,000+ bank and card details

Trojan steals 500,000+ bank and card details

31 October 2008  |  16381 views  |  0 comments
Security experts warn of Trojan.Silentbanker

Security experts warn of Trojan.Silentbanker

15 January 2008  |  10952 views  |  0 comments
Safeway to move to chip and PIN at point-of-sale

Safeway to move to chip and PIN at point-of-sale

24 September 2002  |  7095 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
download the paper nowvisit www.abe-eba.euvisit www.worldpaymentsreport.com

Top topics

Most viewed Most shared
hands typing furiouslyBI and Analytics - A New Perspective
10877 views 0 | 2 tweets | 12 linkedin
Coinbase raises $100mCoinbase raises $100m
9950 views comments | 14 tweets | 14 linkedin
DBS Bank launches online car selling marketplaceDBS Bank launches online car selling marke...
9266 views comments | 13 tweets | 11 linkedin
China preps central clearing house for mobile payments providersChina preps central clearing house for mob...
8992 views comments | 8 tweets | 15 linkedin
HSBC automates documentary trade processing with IBMHSBC automates documentary trade processin...
8169 views comments | 6 tweets | 21 linkedin

Featured job

Find your next job