One moment of weakness — a single click on a bogus e-mail link or website — has cost many U.S. companies nearly $1 million apiece, the FBI said. And it has transported them into a world of international intrigue worthy of a spy novel, connecting them to a crime ring linked to six Chinese port cities near the Russian border.
In a sternly worded warning that included a remarkable level of detail for an FBI press release, the agency is warning U.S. businesses and banks to be wary of wire transfers headed to Chinese cities of Raohe, Fuyuan, Jixi City, Xunke, Tongjiang and Dongning.
It’s unclear if the stolen funds remained in China or were transported elsewhere, and U.S. security firms are currently debating the significance of the notice. But the high-dollar value of the thefts, combined with their high-profile destination — any government cybercrime warning that involves China raises eyebrows — has attracted unusual attention in the banking community.
Transactions headed to those Chinese cities should be “heavily scrutinized, especially for clients that have no prior transaction history with companies in the Heilongjiang province,” the FBI said.
Wire transfers — often in the $900,000 range — were repeatedly sent from U.S. firms to legitimate Chinese trading companies in Heilongjiang. Sending the money through international trade firms — which are believed to be victims, also — helped minimize suspicion. In a release dated April 26, the FBI said criminals had recently attempted to steal $20 million and got away with $11 million, a staggering success rate.
Online criminals have shifted their focus away from consumer accounts and onto larger business accounts, experts say. Commercial accounts have larger balances, involve more frequent transactions and the destinations for payment are much more varied, making hacker theft much harder to detect.
“These are small- and medium-sized businesses at the heart of the economic recovery who are devastated by this. In many cases banks do chose to share in losses, but it’s still devastating,” said Terry Austin, CEO of Guardian Analytics, which provides security to banks. He said his firm detected several attempted transactions that fit the scenario laid out by the FBI, including the Chinese destination cities. “This notion that banks and credit unions are under relentless attack — this is just one more example of the size and boldness of attacks — is a story that needs to keep getting told.”
Even if China is merely an intermediary step in the heists, it’s significant that the FBI chose to call out Chinese cities in its release, said Avivah Litan, a bank security analyst for Gartner.
“I have never seen a fraud alert with this much specificity,” Litan said. “It makes you think. There is definitely a Chinese connection, though we don’t really know what it is.”
She speculated that the criminals could be behind other well-publicized computer break-ins that have been blamed on Chinese hackers.
“You would think it could be the same spies for the Chinese government who have been wreaking havoc, and they need to pay for their efforts. Usually bad guys rob accounts to fund other activities. But that’s just speculation,” she said. “It also strikes a familiar chord since perpetrators originating in China are rumored to be behind the recent spate of (advanced persistent threat) attacks against security companies like RSA Security and others, some of which I hear have not been publicly disclosed. It makes you wonder if our intelligence and law enforcement agencies are closing in on loosely organized criminal Chinese rings that perpetrate various types of fraud for financial and political gain, and if the same rings are involved in multiple activities.
The highly-skilled hackers in the FBI warning managed to control computers on both ends of the transactions — hijacking computers than can access small business accounts on the U.S. side, and also computers in China that can access accounts belonging to legitimate trading firms there. That helped them cleverly cloak their activities. It also might be the reason the FBI called out Chinese cities by name, said Mickey Boodaei, CEO of Israel-based Trusteer, a security firm.
“The main reason the FBI issued a release was because they had actionable intelligence about how to ID these transactions and block them and wanted to reach a wide audience of banks and online bankers and let them know they should be really careful,” he said.
The criminals were smart enough to rotate destinations for the money quickly in an effort to further evade suspicion, the FBI said. So there’s no reason to believe hackers haven’t already moved on to other cities. All experts interviewed for this story said they thought the $11 million value of this specific heist represented just the tip of the iceberg. Litan said she believed it’s a $1 billion global problem.
“This is just a very common occurrence now at banks, with criminals robbing small business accounts and moving the money offshore,” she said.
In each case, the FBI said, the money was sent to one of three Chinese banks: “Agricultural Bank of China, the Industrial and Commercial Bank of China, (or) the Bank of China.”
Guardian Analytics’ monitoring software, which Austin says spotted and stopped fraudulent transactions headed to those six Chinese cities, offer a rare detailed glimpse into how the criminals operated.
The target “could be a construction company, a real estate company, a school, a church. Any business that has a commercial account that it uses that to pay suppliers and vendors,” he said.
An employee inside the firm who has the ability to wire funds through those accounts is targeted with an attack. Once he or she takes the bait — perhaps laid through a booby-trapped e-mail, or an infected website — the criminals gain access to a computer and an account at the firm authorized to wire money.
In some cases, the theft involves simply logging into an online merchant account and initiating a wire transfer. But even companies with far more sophisticated security protections have been victimized, Austin said. Some firms require dual authorization for a financial transfer, or at least a phone call for verification. The criminals are smart enough to arrange for a bypass approval, or to reroute the approval phone calls to numbers they control, he said. They even spent weeks observing an account to find out when the balance is highest and watch transaction patterns so criminal wire transfers won’t raise alarm bells, Austin said.
“They often go through a multi-step setup before the crime,” he said.
沒有留言:
張貼留言