Remember in Ferris Bueller's Day Off, when Principal Rooney watched on his computer as Ferris' number of days absent ticked down..down..down? Ferris had hacked into the school computer and was "adjusting" his attendance record right under the nose of the principal.
Online criminals may be doing the same thing to your bank account. Crimeware operators are stealing money right from under the noses of consumer and commercial banking customers who may not be able to recover the stolen funds.
Crimeware - viruses that get onto your computer and steal money from your bank account
Security researcher Joe Stewart of SecureWorks details the workings of a piece of crimeware dubbed "Clampi". "Clampi is operated by a serious and sophisticated organized crime group from Eastern Europe and has been implicated in numerous high-dollar thefts from banking institutions. Any user whose system has been infected by Clampi should immediately change any and all passwords used on that system for any websites, but especially financial credentials." Full report here.
Here are examples of recent thefts from commercial bank accounts:
- Bullitt County, Kentucky: $415,000 stolen from the county government bank account by a ZeuS trojan infection. The county was able to recover $105,000 but is still out $310,000. The bank points out that the theft occurred on government computers, not bank computers.
- The Western Beaver School District in Pennsylvania had $704,610.35 in school funds transfered out of its bank account to 42 other accounts as far away as Puerto Rico by a virus on a Western Beaver computer system. The bank was able to reverse $263,413.34 of the transfers, leaving the school district with a $441,197.01 loss. The school district is suing the bank to recover the full amount plus interest.
- Slack Auto Parts in Gainesville, GA lost almost $75,000 due to fraudulent transfers of funds from its commercial bank account by a Clampi trojan. Once again, the victim was able to get back $14,000 but is still missing over $60,000.
Brian Krebs of the Washington Post Security Fix blog now reports that users of commercial banking accounts are being warned to take extra precautions with the computers they use to do online banking. Brian reports that the Financial Services Information Sharing and Analysis Center is recommending that its members "carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible."
This guidance reflects an important reality about today's Internet-connected computers. If the same computer used for online banking is also used for general web browsing, email and other Internet activities, there is a strong likelihood the computer will become infected with money- and password-stealing crimeware. We cannot assume that our computers are free of this malware that evades detection by even the best antivirus programs.
In fact, my position is that it is better to assume the computer has been compromised and take special steps to perform online banking as safely as possible. At Authentium we have created SafeCentral for just this purpose. SafeCentral creates a separate Secure Desktop that protects passwords, bank accounts and other information from crimeware.
SafeCentral provides the following protection:
- Block keyloggers: stops crimeware keyloggers from stealing usernames, passwords and other account information
- Blocks screenshots: Prevents crimeware from taking "snaphots" of web pages that display bank account balances and other sensitive details
- Secure DNS: Provides its own secure DNS lookups to stop DNS-changing crimeware from sending you to fake banking sites that steal your account credentials.
- High-tech Protection: Stops code injection attacks that can snoop on banking session even when they are protected by the familiar "HTTPS" and lock icon appearing in the browser.
- Browser Security: Prevents malicious browser plugins from infiltrating the browser and performing real-time fraudulent bank transactions.
As you can see, we built SafeCentral to provide a separate, hardened environment on computers you already own to provide a safer online experience. Even if you buy a separate computer for online banking, we recommend that you also install and use SafeCentral to provide that extra measure of protection.
September 15, 2009: Replaced links to news stories with new, non-broken links