Online Banking Trojan Stole Money From Belgians 144
hankwang writes "Belgian authorities uncovered an international network of online banking fraud (Google translation; Dutch original), which has been going on since 2007. The fraud targeted customers of several major banks, which used supposedly secure two-factor systems that require the customer to generate authorization codes from transaction information (random code and amount or recipient's account number) that is manually keyed into a cryptographic device (Flash demo from one of the banks; manufacturer's website). Trojan horses that were planted onto the victims' computers would generate a fake error message and request that the victim re-enter the authorization code. This way, amounts up to €4,000 were transferred to money mules and thence to Eastern Europe. The worrying part is that many cases were never reported to the police, because the bank preferred to refund the money to the victim rather than risking its reputation. The extent of this type of fraud is unknown." The article mentions in passing that similar crimes are occurring in Germany and Sweden.
sweden??? (Score:5, Informative)
The article does not even mention the word Sweden or Zweden. It does however mention Denmark, which is not equal to Sweden.
Re:Pay attention (Score:2, Informative)
Potentially even more worrying is that this system is now also being applied to online payments using my Dexia VISA card, which is more vulnerable still because it originates at the merchant's site, and isn't always so easy to verify.
Re:Dutch original? (Score:5, Informative)
Flemish is a dialect of the Dutch language. I know, dialect is generally a political rather than a linguistic term, but:
- The official languages of Belgium are Dutch and French (and German...), not Flemish and Walloon
- The written languages are identical (except for some idiom)
- People can understand each other without effort (except for heavy local dialects, which is the same in most languages)
- Anecdotally, I think the within-country dialectal differences (e.g. standard Dutch versus Limburgs, Twents; "standard Flemish" vs. West-vlaams etc) are as great as or greater than the between-country differences.
you should see Dutch and Flemish the way you see British English and American English, minus the spelling differences.
Re:Dutch original? (Score:3, Informative)
No, Belgium has three official languages: Dutch, French, and German (the first two account for the bulk of Belgian people). There are three dialect families of Dutch in the Dutch-speaking part of Belgium: Flemish ('Vlaams'), Brabantic ('Brabants'), and Limburgish ('Limburgs'). Sometimes all of these are lumped together under the nomer of 'Flemish', which is not really accurate.
Anyhow, Flemish is certainly not a different language, and the language you find in written communication, such as the newspaper article in question, is Dutch, not Flemish. There does exist some variation in e.g. vocabulary between the 'Belgian' and the 'Netherlandic' variants, but the original article would be perfectly readable to any Dutchman.
Re:Pay attention (Score:2, Informative)
If a trojan has control of your browser, what it sends to the bank doesn't have to be what you typed into the account field...
No, the user types the recipient's bank account number into his Digipass device in order to generate an authentication code.
During a legitimate transaction, the website will tell you
Enter the challenge code 138427, then the amount in euro 5600, then the recipient bank account number 98765432 into your card reader and enter the authorization code in the field below.
However, a trojan could transform that into:
The authorization code was incorrect. For extra security, enter the the following three challenge codes 138427, 5600, and 98765432 into your card reader and enter the authorization code in the field below.
My bank only asks a single challenge code for small transactions; only for larger transactions (1000 euro and up), the extra codes show up. A victim may not have encountered the triple challenge codes often enough to realize that they must indicate the amount and the account number.
Re:Not unique to Belgium (Score:4, Informative)
No, but Nationwide has been using nagware banners that tell the customers that they NEVER ask them to resync the device for a few months now. From there on to deduce what the scam is is fairly trivial. Even if the scam was not around when they started the hint contained in the warning is sufficient for anyone clued up enough to design the relevant trojan by now.
Re:People (Score:3, Informative)
The article doesn't say that the trojan was written for Windows either. Are you under the mistaken belief that there are no trojans out there for OSX or Linux?
Re:PassWindow could have prevented this (Score:2, Informative)
Re:Note the fraud dates from 2007 (Score:4, Informative)
For sufficiently small values of "properly".
http://onlyinbelgium.eu/belgiums-finest/no-biggie-really [onlyinbelgium.eu]
http://ellisctaylor.homestead.com/belgiumpaedophilescandal.html [homestead.com]
http://onlyinbelgium.eu/belgiums-finest/sure-help-yourself [onlyinbelgium.eu]
Re:People (Score:3, Informative)
WTF? sure, they both run on computers (usually x86) but there's fundamental differences in everything from the kernel to the drivers!