23 October 2017
Register now

$479,000 heist from small business bank account lends weight to calls for online banking 'lock-down'

16 October 2009  |  10331 views  |  0 anonymous figure in front of stock exchange

Criminals have stolen more than $479,000 from a Pennsylvania housing development authority after infecting its computer system with the notorious Clampi Trojan. The crime is the latest in a rash of heists from small business banking users in the US that has led some industry bodies to suggest radical lock-down procedures for companies banking online.

According to local press reports, the Trojan was installed through a fake Web site purporting to belong to Cumberland County Redevelopment Authority's bank, M&T.

Once installed, Clampi stole passcodes which were used to transfer the money to bank accounts set up by the hackers at 11 different financial institutions. About $109,000 has been recovered since the money was taken on 22 September.

The incident is just the tip of the iceberg, if Bryan Krebs of the Washington Post's SecurityFix blog is to be believed. He reports multiple cases of small business and non-profit organisations failling victim to similar sophisticated Trjoan attacks.

Concern over the upsurge in crybercrime has moved the bank-backed Financial Services Information Sharing and Analysis Centre to issue a confidential alert to members about the dangers posed to small businesses when banking online.

The note recommends that commercial banking customers should be induced to "carry out all online activity from a standalone, hardened and locked-down computer from which e-mail and Web browsing is not possible".

Separately, four members of a London-based cyber gang have pleaded guilty to charges relating to the theft of £600,000 from bank customers, reports the Press Association.

The gang infected victim PCs with a Trojan and waited until they logged in to bank accounts. The software then checked the accounts contained enough money before insinuating itself into online cash transfer procedures.

Victims were presented with a page containing a fake Natwest logo and asked to type in passwords, PIN numbers and telephone numbers. Money was then siphoned off to mule accounts and eventually Eastern Europe.

In total, 138 customers were conned with £600,000 stolen, although Natwest has recovered about £140,000.

Azamet Rahmanov and three co-defendants, who have variously pleaded guilty to the conspiracy and money laundering counts at Southwark Crown Court, will be sentenced next month.

Hacker takes almost $480,000 from authority - The Sentinel

Internet fraud gang faces jail - PA

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Sophisticated cybercrooks cracking bank security efforts

Sophisticated cybercrooks cracking bank security efforts

30 September 2009  |  13117 views  |  0 comments
ID theft malware soars 600% - PandaLabs

ID theft malware soars 600% - PandaLabs

20 August 2009  |  5592 views  |  0 comments
US man charged with stealing 130 million card numbers

US man charged with stealing 130 million card numbers

18 August 2009  |  9866 views  |  0 comments
Aussie police make Trojan banking arrest

Aussie police make Trojan banking arrest

13 August 2009  |  6194 views  |  0 comments
Trojan steals 500,000+ bank and card details

Trojan steals 500,000+ bank and card details

31 October 2008  |  16467 views  |  0 comments
Security experts warn of Trojan.Silentbanker

Security experts warn of Trojan.Silentbanker

15 January 2008  |  11017 views  |  0 comments
Safeway to move to chip and PIN at point-of-sale

Safeway to move to chip and PIN at point-of-sale

24 September 2002  |  7145 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
visit www.vasco.comvisit www.atos.netvisit www.niceactimize.com

Top topics

Most viewed Most shared
Mastercard to roll out blockchain APIMastercard to roll out blockchain API
19551 views comments | 28 tweets | 42 linkedin
HSBC partners Bud for open banking trialHSBC partners Bud for open banking trial
15227 views comments | 23 tweets | 32 linkedin
Sibos 2017: API or the highwaySibos 2017: API or the highway
10995 views comments | 12 tweets | 23 linkedin
Eight banks form joint venture to launch blockchain trade platformEight banks form joint venture to launch b...
9054 views comments | 14 tweets | 28 linkedin

Featured job

Competitive base, commission, benefits
London, UK

Find your next job