GCSE/IGCSE and AS/A Level ICT-Applied ICT

In what it is calling Operation Phish Phry, the F.B.I. began arresting 53 people on Wednesday on charges of conducting a vast financial fraud based on phishing — the act of tricking Internet users into revealing their passwords and other information.

The arrests were in Southern California, Nevada and North Carolina, while the authorities in Egypt sought to arrest 47 people whom the F.B.I. said were co-conspirators.

An 86-page indictment, filed in the United States District Court for the Central District of California in Los Angeles, accuses the defendants of tricking people into giving up their bank account information. The F.B.I. said that this was the largest number of defendants ever charged in a cybercrime case, and that they had stolen at least $2 million from 2007 to last month.

The scams victimized people with accounts at Bank of America and Wells Fargo, two of the nation’s largest banks. The online component of the fraud was perpetrated in Egypt, Keith B. Bolcar, the acting chief of the F.B.I.’s Los Angeles bureau, said. The defendants there sent mass e-mail messages that appeared to be authentic communication from the banks, the F.B.I. said.

The people who clicked on those e-mail messages were sent to fake Web sites made to look identical to the real banking sites, where they were asked to enter personal information like their bank account numbers, passwords, Social Security numbers and drivers’ license numbers.

http://www.nytimes.com

Cyber-criminals have developed sophisticated ways to remain undetected, a new report finds.

The report, from security firm Finjan, describes how one gang, based in the Ukraine, stole 300,000 euros (£269,000) in 22 days.

It used a sophisticated piece of malicious software which fooled banks’ anti-fraud systems as well as forging bank statements to hide the thefts.

It also recruited innocent job-seekers as so-called money mules.

Such mules were needed to prevent a direct money trail being traced back to the gang.

The specific attack, monitored during the month of August, was aimed at the customers of several German online banks.

The German police have been informed.

The server used by the gang has been frozen although it is not known whether gang members have actually been caught.

Specific criteria

The gang used infected and fake websites to spread the trojan, a piece of malicious code which, once installed, can access all the data on the infected machine.

From a command and control server hosted in the Ukraine, the code was installed on the computers of bank account holders.

The trojan received specific instructions about how much money to steal from each account as well as the details of the money mule’s account into which the money was transferred.

Finjan’s chief technology officer Yuval Ben-Itzhak said he was surprised at the level of sophistication employed by the gang.

The code included very specific criteria to make sure the bank accounts of victims were not completely emptied and to ensure the amount being stolen was not so high that it would be detected by banks’ anti-fraud systems.

To further obfuscate their crimes, the code used by the gang was able to generate a forged screen showing the transfer of a small amount of money.

The real amount stolen would only be obvious to the victim if they logged into their account from an uninfected computer.

“They wanted to make sure the victim would not find out from their statements. In some cases they deleted transactions completely,” said Mr Ben-Itzhak.

Anti-fraud systems are designed to detect unusual money transfers, as well as strange behaviour on customers accounts.

Read more at http://news.bbc.co.uk/2/hi/technology/8271384.stm