Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Crime Security

Online Banking Trojan Stole Money From Belgians 144

Posted by kdawson from the routing-around dept.
hankwang writes "Belgian authorities uncovered an international network of online banking fraud (Google translation; Dutch original), which has been going on since 2007. The fraud targeted customers of several major banks, which used supposedly secure two-factor systems that require the customer to generate authorization codes from transaction information (random code and amount or recipient's account number) that is manually keyed into a cryptographic device (Flash demo from one of the banks; manufacturer's website). Trojan horses that were planted onto the victims' computers would generate a fake error message and request that the victim re-enter the authorization code. This way, amounts up to €4,000 were transferred to money mules and thence to Eastern Europe. The worrying part is that many cases were never reported to the police, because the bank preferred to refund the money to the victim rather than risking its reputation. The extent of this type of fraud is unknown." The article mentions in passing that similar crimes are occurring in Germany and Sweden.
This discussion has been archived. No new comments can be posted.

Online Banking Trojan Stole Money From Belgians More

Online Banking Trojan Stole Money From Belgians

Comments Filter:

  • sweden??? (Score:5, Informative)

    by lordholm ( 649770 ) on Monday July 26, 2010 @04:44AM (#33027128) Homepage

    The article does not even mention the word Sweden or Zweden. It does however mention Denmark, which is not equal to Sweden.

  • Re:Pay attention (Score:2, Informative)

    by MadKeithV ( 102058 ) on Monday July 26, 2010 @05:02AM (#33027226)
    I use the system mentioned in the article, and I've never noticed the log-in random challenge to have any recognizable number, nor do I recall any communication from my bank (Dexia) that this is so. If this is actually the case, it wasn't made clear to users.

    Potentially even more worrying is that this system is now also being applied to online payments using my Dexia VISA card, which is more vulnerable still because it originates at the merchant's site, and isn't always so easy to verify.

  • Re:Dutch original? (Score:5, Informative)

    by mrvan ( 973822 ) on Monday July 26, 2010 @05:33AM (#33027366)

    Flemish is a dialect of the Dutch language. I know, dialect is generally a political rather than a linguistic term, but:

    - The official languages of Belgium are Dutch and French (and German...), not Flemish and Walloon
    - The written languages are identical (except for some idiom)
    - People can understand each other without effort (except for heavy local dialects, which is the same in most languages)
    - Anecdotally, I think the within-country dialectal differences (e.g. standard Dutch versus Limburgs, Twents; "standard Flemish" vs. West-vlaams etc) are as great as or greater than the between-country differences.

    you should see Dutch and Flemish the way you see British English and American English, minus the spelling differences.

  • Re:Dutch original? (Score:3, Informative)

    by Anonymous Coward on Monday July 26, 2010 @05:39AM (#33027386)

    No, Belgium has three official languages: Dutch, French, and German (the first two account for the bulk of Belgian people). There are three dialect families of Dutch in the Dutch-speaking part of Belgium: Flemish ('Vlaams'), Brabantic ('Brabants'), and Limburgish ('Limburgs'). Sometimes all of these are lumped together under the nomer of 'Flemish', which is not really accurate.

    Anyhow, Flemish is certainly not a different language, and the language you find in written communication, such as the newspaper article in question, is Dutch, not Flemish. There does exist some variation in e.g. vocabulary between the 'Belgian' and the 'Netherlandic' variants, but the original article would be perfectly readable to any Dutchman.

  • Re:Pay attention (Score:2, Informative)

    by Anonymous Coward on Monday July 26, 2010 @05:48AM (#33027434)

    If a trojan has control of your browser, what it sends to the bank doesn't have to be what you typed into the account field...

    No, the user types the recipient's bank account number into his Digipass device in order to generate an authentication code.

    During a legitimate transaction, the website will tell you

    Enter the challenge code 138427, then the amount in euro 5600, then the recipient bank account number 98765432 into your card reader and enter the authorization code in the field below.

    However, a trojan could transform that into:

    The authorization code was incorrect. For extra security, enter the the following three challenge codes 138427, 5600, and 98765432 into your card reader and enter the authorization code in the field below.

    My bank only asks a single challenge code for small transactions; only for larger transactions (1000 euro and up), the extra codes show up. A victim may not have encountered the triple challenge codes often enough to realize that they must indicate the amount and the account number.

  • Re:Not unique to Belgium (Score:4, Informative)

    by arivanov ( 12034 ) on Monday July 26, 2010 @07:01AM (#33027802) Homepage

    No, but Nationwide has been using nagware banners that tell the customers that they NEVER ask them to resync the device for a few months now. From there on to deduce what the scam is is fairly trivial. Even if the scam was not around when they started the hint contained in the warning is sufficient for anyone clued up enough to design the relevant trojan by now.

  • Re:People (Score:3, Informative)

    by smallfries ( 601545 ) on Monday July 26, 2010 @07:05AM (#33027810) Homepage

    The article doesn't say that the trojan was written for Windows either. Are you under the mistaken belief that there are no trojans out there for OSX or Linux?

  • Re:PassWindow could have prevented this (Score:2, Informative)

    by Mattpw ( 1777544 ) on Monday July 26, 2010 @07:34AM (#33027928) Homepage
    There is no simulation, it is a real airgap, the PassWindow is just printed onto an ordinary piece of plastic card just like any barcode. There is no electronics, or software or hardware. The challenge is just an animated gif it works on any device regardless of the situation. The transaction information is encoded into the gif so the trojan only has one avenue of attack which is a long term statistical analysis but we assume every terminal is already compromised like this so we do our own analysis at key generation and determine exactly how many interceptions would be required by the theoretical trojan. With some simple tweaks we can get 10K+ interception rates so it would take decades of normal user interceptions to get enough data to analyse. Of course the server issues a new card to a user if their use rate goes anywhere near the interception rate. In short you end up with semi passive transaction verification so the user cant be tricked into entering in the mule account details because its all done serverside, its also much easier to use, the devices from the article are a major pain and take forever to use.

  • Re:People (Score:3, Informative)

    by speculatrix ( 678524 ) on Monday July 26, 2010 @08:51AM (#33028442)
    Unix has the same architecture and pretty much the same vulnerable technologies as NT based Windows.

    WTF? sure, they both run on computers (usually x86) but there's fundamental differences in everything from the kernel to the drivers!

Slashdot Top Deals

The hardest part of climbing the ladder of success is getting through the crowd at the bottom.

Close