ALKHOBAR: Very late last Wednesday night, a notice from the Saudi bank where I have an account appeared in my e-mail inbox. It read:
“AHMED AL-MUSTAPHA KAREEM made an online funds transfer to your online account. The details of this transaction are shown below.
Transfer Date and Time: 15/12/08 at 23:30 a.m.
Transfer Amount: 2300.00
Transfer Description: PAYMENT
To view this transaction and your current balance, please CLICK HERE. If you have any questions related to this message or the funds transfer, please contact AHMED AL-MUSTAPHA KAREEM. Please do not reply to this message.”
I was momentarily startled by the contents of the e-mail. I didn’t know anyone by the name of Ahmed Al-Mustapha Kareem. Fortunately, I followed rule No. 1 of online banking – never click a link in an e-mail to reach your bank account. I checked my account and there was no transaction. I logged off and then went back to the e-mail.
A tiny misspelling in the footer of the e-mail message set off alarm bells. This was a guaranteed phishing scam. If I had clicked on the link within the e-mail, I would have been directed to a site that would have looked exactly like my bank’s website and I would have given up my login information in the process. This message had not been stopped by the extensive security controls on my e-mail. That was a concern. It meant that the message would probably reach every recipient and the fall-out could be serious.
I immediately contacted the Saudi bank’s 24-hour customer service requesting an e-mail address to which I could forward the fraudulent e-mail so the sender’s sites could be quickly shut down. The bank’s response was pathetic. They didn’t have any e-mail address where the mail could be sent. They didn’t have a security officer available to contact after regular banking hours. They asked for the sender’s details. I advised them that the sender had used what appeared to be their legitimate customer service address. In a quandary, the bank’s customer service representative did advise me that they were in the process of notifying some customers who had been hit in another fraud of the urgent need to get to an ATM to change their PINS, but they weren’t able to do anything to help abort this latest attack. Totally frustrated, I sent the e-mail to the only address publicized at their website, and have never heard a word since.
For a few years after the start of online banking, the Kingdom’s financial institutions didn’t face the same problems as the western banking community. It took international cybercrooks a while to learn about Saudi banks. But the recent oil boom helped to spotlight the vast resources of local banks and now customers of those banks are no longer immune to attempts to steal information related to their financial accounts. Saudi credit card numbers are extremely popular with criminals since many local credit card issuers offer consumers no protection against the misuse of their credit cards and Saudi credit card users are painfully unaware of how to protect their card information when traveling abroad, where it is too often stolen.
With the global economy faltering, we can all expect that online criminal activity will rise. In its annual security report, Cisco warned that Internet-based attacks are becoming increasingly sophisticated and specialized. These profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers.
Notable trends in the 2008 Annual Cisco Security Report were:
• The overall number of disclosed vulnerabilities grew by 11.5 percent over 2007.
• Attacks are becoming increasingly blended, cross-vector and targeted.
• Cisco researchers saw a 90 percent growth in threats originating from legitimate domains, nearly double what was seen in 2007.
• The volume of malware successfully propagated via e-mail attachments is declining. Over the past two years (2007-2008), the number of attachment-based attacks decreased by 50 percent from the previous two years (2005-2006).
In terms of specific threats across the Web:
• Spam. According to Cisco, spam accounts for nearly 200 billion messages each day, approximately 90 percent of worldwide e-mail.
• Phishing. While targeted spear-phishing represents about one percent of all phishing attacks, it is expected to become more prevalent as criminals personalize spam and make messages appear more credible.
• Botnets. Botnets have become a nexus of criminal activity on the Internet. This year, numerous legitimate websites were infected with IFrames, malicious code injected by botnets that redirect visitors to malware-downloading sites.
• Social engineering. The use of social engineering to entice victims to open a file or click links continues to grow. Cisco expects that in 2009, social engineering techniques will increase in number, vectors and sophistication.
• Reputation hijacking. More online criminals are using real e-mail accounts with large, legitimate Web mail providers to send spam. This “reputation hijacking” offers increased deliverability because it makes spam harder to detect and block. Cisco estimates that in 2008 spam resulting from e-mail reputation hijacking of the top three Web mail providers accounted for less than 1 percent of all spam worldwide but constituted 7.6 percent of the providers’ mail traffic.
Part of the reason that criminals are getting so much better at online fraud is because they no longer work alone. Symantec’s “Report on the Underground Economy” details an online underground economy that has matured into an efficient, global marketplace. This is a market in which stolen goods and fraud-related services are regularly bought and sold, and where the estimated value of goods offered by individual traders is measured in millions of dollars. The report is derived from data gathered by Symantec’s Security Technology and Response (STAR) organization, from underground economy servers between July 1, 2007 and June 30, 2008.
The potential value of total advertised goods observed by Symantec was more than $276 million for the reporting period. This value was determined using the advertised prices of the goods and services and measured how much these criminals would make if they liquidated their inventory.
Credit card information is the most advertised category of goods and services on the underground economy, accounting for 31 percent of the total. While stolen credit card numbers sell for as little as $0.10 to $25 per card, the average advertised stolen credit card limit observed by Symantec was more than $4,000. Symantec has calculated that the potential worth of all credit cards advertised during the reporting period was $5.3 billion.
The popularity of credit card information is likely due to the many ways this information can be obtained and used for fraud; credit cards are easy to use for online shopping and it’s often difficult for merchants or credit providers to identify and address fraudulent transactions before fraudsters complete these transactions and receive their goods. Also, credit card information is often sold to fraudsters in bulk, with discounts or free numbers provided with larger purchases.
The second most common category of goods and services advertised was financial accounts at 20 percent of the total. While stolen bank account information sells for between $10 and $1,000, the average advertised stolen bank account balance is nearly $40,000. Calculating the average advertised balance of a bank account together with the average price for stolen bank account numbers, the worth of the bank accounts advertised during this reporting period was $1.7 billion. The popularity of financial account information is likely due to its potential for high payouts and the speed at which payouts can be made. In one case, financial accounts were cashed out online to untraceable locations in less than 15 minutes.
During the reporting period, Symantec observed 69,130 distinct active criminal advertisers in the underground economy and 44,321,095 total messages posted to underground forums. The potential value of the total advertised goods for the top 10 most active criminal advertisers was $16.3 million for credit cards and $2 million for bank accounts. Furthermore, the potential worth of the goods advertised by the single most active criminal advertiser identified by Symantec during the study period was $6.4 million.
The underground economy is geographically diverse and generates revenue for cybercriminals who range from loose collections of individuals to organized and sophisticated groups. During this reporting period, North America hosted the largest number of such servers, with 45 percent of the total; Europe/Middle East/Africa hosted 38 percent; followed by Asia/Pacific with 12 percent and Latin America with 5 percent. The geographical locations of underground economy servers are constantly changing to evade detection.
Pamela Warren, senior solution marketing manager, McAfee asserts that “Cybercrooks are gaining an edge over Internet users and those seeking to stop the criminals — largely due to a ‘swiss cheese’ of cybercrime laws worldwide, a lack of prosecutorial and law enforcement resources and low government prioritization.” These were the findings in the 2009 McAfee Cybercrime Versus Cyberlaw Virtual Criminology Report.
Faced with an economic crisis and threats such as terrorism, fighting cybercrime can easily fall to the bottom of governments’ priorities — while it becomes a rising priority for an increasing number of cybercrooks. Plus, there’s a desperate need to improve cross-border cooperation. Warren pointed out that, “Traditional law enforcement still operates within the constraints of traditional physical boundaries, but borders don’t exist on the Internet. Cybercrooks can operate anywhere, making local law enforcement efforts difficult. By fostering international cooperation and information sharing, and by harmonizing our cyberlaws, law enforcement and prosecutors can more effectively find and prosecute criminals.”
What’s really required according to McAfee is a global task force dedicated to transnational cybercrime investigations. The task force would prioritize which crimes they would tackle and provide logistical support to law enforcement agencies in different countries. There’s also a dire shortage of local law enforcement officers with backgrounds in cybersecurity and digital forensics expertise. There are ways to overcome this deficiency but as of yet budgets for the required resources are woefully deficient.
Everyone must join the fight against online crime. Already, we are all paying for the ill-gotten gains of these criminals through higher banking and credit card fees, networks overwhelmed with SPAM and merchants placing restrictions on the delivery of goods purchased online. Consumers should ensure that they protect their computers with up-to-date security software to prevent becoming part of the cybercrime problem. Online service providers, domain registrars and money transfer agencies must install adequate security and cooperate with law enforcement agencies. Businesses, especially in these difficult economic times, need to stop viewing online security as a “financial black hole” and proactively protect their data and networks. Last, it is essential to spread awareness of the increasing threat from cybercriminals and help everyone understand the ways in which these thieves can be thwarted. Do your part — send this article to your friends, relatives and business contacts and urge them to become educated about this issue.
The cybercrooks are already working together. If we don’t quickly become part of the fight against them, it’s only a matter of time before we become their victims!
Comments to: [email protected]
