Friday, August 1st, 2008
Click here to listen to hot-and-heavy blog discussion with John Havens on financial institutions in denial about rising cyber threat, Apple and Adobe lacking transparency in issuing updates, and Boeing personnel adopting murderous mindset about catastrophic rudder flaw.
Wednesday, July 16th, 2008
By all accounts, Rostov-Na-Danu is a picturesque, culturally-rich city of 1.1 million on the banks of the Don River, near the Sea of Azov in Southern Russia. Established in the mid 1700s, it has served as a hub for commerce and politics for millenia. Now, in the 21st century, the quaint city has emerged as home base of a gang of cyber bank robbers operating with impunity. The Coreflood Gang is likely stealing millions in a steady flow from tens of thousands of individual online banking accounts, mainly in small withdrawals of less than $5,000. Shortly after my 400-word story about the gang’s operations was published today on page 4B of USA Today, a reader called me with a complaint: he appreciated the info, but wanted to know what he could do to protect himself from exposure to Coreflood. The short answer: stop doing online banking.
Threats of having your Web-connected PC compromised at home or at work are so multitudinous and varied that it has become background noise. Internet-enabled data theft and financial fraud has become a mature, centi-billion global enterprise, that uses best-practices—for market saturation and stealth. Long gone are the days when sloppily-written worms, like MS Blast or Sasser, would circle the globe and grab front page headlines. Today, backdoors get planted on your PC when you navigate to trusted web sites. And Trojans that turn your PC into a spam-spreading bot and harvests all your sensitive data are root-kitted deep into your harddrive.
SecureWorks researcher, Joe Stewart (one of the ace virus hunters featured in Zero Day Threat) discovered how the Coreflood Gang uses a common Windows system management component, called PsExe, to spread infections all across a network, from inside network firewalls. SecureWorks and Spamhaus helped shut down the two hub servers the Gang had rather brazenly rented from a U.S. Internet Service Provider to carry out the attacks. But the gang simply rented two replacement hubs from another U.S. ISP, and continues to do business as usual. Such is the sate of cyber crime that security firms and law enforcement believe it is better NOT to shut down these two servers. The logic: doing so might compel the gang to patronize a purely criminal, so-called bulletproof ISP, such as the Russian Business Network. “We’d rather know where they’re at,” says Stewart. “The more we forced them to move around the more they’ll evolve and likely go deeper underground”
photo of Joe Stewart
Wednesday, June 18th, 2008
Speed and convenience built into our payments-transaction and credit-issuing systems make Internet-enabled data theft and financial scams child’s play. But the cyber criminals’ profits are mere crumbs compared to the hundreds of billions in high interest rates and onerous penalty fees the banking industry has legally harvested from consumers over the past decade.
I’ve been absorbed the past few weeks collaborating on a Page 1 cover story with USA TODAY’s ace banking beat reporter, Kathy Chu. Our investigation found that during the housing bubble banks raised credit card limits to compete with home equity loans, often targeting subprime borrowers. Banks then set in place a matrix of tripwires to get consumers to pay rates as high as 30% and cough up billions in penalty fees (a record $18.1 billion in 2007.)
The credit bureaus profited, as well, selling credit reports by the truck load, thus enabling banks to target subprime borrowers with deceptive promotions; and create a tool called “universal default,” that enables them to boost your credit card interest rate if you pay you cable TV bill late.
Small wonder banking trojans are spiking. There appears to be little incentive for banks and credit bureaus to slow down their security-flawed–but still highly lucrative system–until the public demands it.
Of the three banking reform bills pending in Congress, Sen. Bob Menendez’s proposed Credit Card Reform Act is the most proactive on behalf of consumers. Among other things, Sen. Menendez is calling for a ban on universal default and deceptive credit card offers. You can see a summary of Menendez’s pro-consumer bill here.
You can be sure the banking industry has targeted Menendez’s measure for gutting, if they can’t outright kill it. If you want to weigh in, contact the consumer groups backing Sen. Menendez’s bill. They include: the Center for Responsible Lending; the Service Employees International Union; Demos; the U.S. Public Interest Research Group ; the Consumer Federation of America; the National Consumer Law Center; Consumer Action; Consumers Union; the National Association of Consumer Advocates; and the National Council of La Raza.
