Hackers target the home front
Criminals are trying to gain access to banks' computer networks via the weakest link in the security chain: executives who work at home.
One of the UK's leading banks has been forced to admit that organised hacking gangs have been targeting its executives. For the past year, Royal Bank of Scotland has been fighting systematic attempts to break into its computer systems from hackers who have sent personalised emails containing keyloggers to its senior management. This has included executives up to board level and is now the subject of a separate investigation by the Serious and Organised Crime Agency.
The hackers are homing in on the trend for people to work from home. The hackers make the assumption that the computers being used outside the work environment are more vulnerable than those protected by a corporate IT department.
Growing threat
For companies it is a growing threat as home working increases: a recent survey from the Equal Opportunities Commission found that more than 60% of the UK's population wants the option of flexible working.
And the hackers are employing increasingly sophisticated techniques. Each email they send is meticulously built to make it attractive to its target, who the criminals have carefully researched by trawling the internet for information. Once the email is composed, the malware is just as carefully designed: it is often modified to avoid detection by security software.
The keylogger contained in the email installs itself automatically and then collects details of logins and passwords from the unsuspecting user. This means that hackers can, using the usernames and passwords stolen by the keyloggers, connect to VPNs, or Virtual Private Networks, which many companies use to create an encrypted pathway into their networks.
Once inside a bank's network, the hackers can communicate directly with computers holding account information and manipulate funds.
Has this actually happened? In some cases sources claim that the login details of VPNs have been obtained and used though there has been no confirmation that any losses have occurred as a result. The attacks are not believed to have focused on RBS but to have been across the whole of the banking industry.
Royal Bank of Scotland said that the bank had suffered no losses as a result of the attacks and added: "RBS has extremely robust processes in place in order to protect our systems from fraud. Trojan email attacks are an industry-wide issue and are not isolated to a particular area or a particular bank."
The first indication that banks had become the target of such sophisticated attacks emerged two years ago when police foiled an attempt by hackers to steal $420m (£210m) from a London branch of Sumitomo, a Japanese bank. According to reports, the attack on Sumitomo involved the use of both hardware and software keyloggers.
It is not just banks that have been targets. Last year attempts were made to steal information from the Houses of Parliament using malicious email. Messagelabs, the company responsible for monitoring much of the email traffic of the government and big business for suspect software, said at the beginning of the year that criminals have been evolving more sophisticated techniques to attack corporate networks.
According to Mark Sunner, chief technology officer of Messagelabs, the number of malicious emails targeted at individuals has been increasing. Two and half years ago they were being seen once every two months, but now they are seeing one or two a day. This has been accompanied by an increase in quality in the creation of Trojans and spyware.
"The hackers are now aiming to take over computers, particularly those of home users. Some of the malicious software that we are routinely seeing for that purpose will have its own antivirus system built into it so that they can kill off the programs of their competitors."
The criminal gangs, believed to be based in Russia and Asia, routinely use software deployed by legitimate businesses and adapt it to gather information on individuals. "The gangs are taking the lists of addresses from people's machines and they are performing their own mail merges to create databases of names and addresses," says Sunner.
According to Sunner, as well as the usual tactic of hijacking a PC for use as part of a spam network, hackers also mine computers for information on the individual and their contacts. This information can then be used help build a database of personal information that can be used to construct targeted criminal emails.
Social networking sites are also being mined, according to Sunner. These are not just the preserve of MySpace and Bebo-using teens; professional social networks such as Plaxo and LinkedIn are also being plundered. Sunner adds: "If someone contacts you from LinkedIn and you don't know them and they ask you to join their network, you essentially tell them the names of everyone you know if you are a member of either group. There are a lot of people who will answer those requests without thinking."
Aamir Butt, UK chief executive of Giritech, a Danish company that produces secure links for home-working, says: "We work with a range of customers including those in the financial industry and it was mentioned to us that the login details for VPN networks were a weakness that people were concerned about."
Increased vigilance
Tony Neate, the head of Get Safe Online, a government-funded organisation set up to raise awareness among UK businesses of computer criminals, says: "There is now an attempt to target individuals within UK businesses - including the banking sector. What is happening is that crime is doing what it always does, which is look for the weakest link. Home working is where they perceive a weakness.
"This points to a need for increased vigilance and security by those working from home and by those responsible for letting them work from home. For home working to be effective, security needs to be as effective as if working in an office."
Pete Warren
Thursday February 15, 2007
Guardian Unlimited
Guardian News and Media Limited 2007
Criminals are trying to gain access to banks' computer networks via the weakest link in the security chain: executives who work at home.
One of the UK's leading banks has been forced to admit that organised hacking gangs have been targeting its executives. For the past year, Royal Bank of Scotland has been fighting systematic attempts to break into its computer systems from hackers who have sent personalised emails containing keyloggers to its senior management. This has included executives up to board level and is now the subject of a separate investigation by the Serious and Organised Crime Agency.
The hackers are homing in on the trend for people to work from home. The hackers make the assumption that the computers being used outside the work environment are more vulnerable than those protected by a corporate IT department.
Growing threat
For companies it is a growing threat as home working increases: a recent survey from the Equal Opportunities Commission found that more than 60% of the UK's population wants the option of flexible working.
And the hackers are employing increasingly sophisticated techniques. Each email they send is meticulously built to make it attractive to its target, who the criminals have carefully researched by trawling the internet for information. Once the email is composed, the malware is just as carefully designed: it is often modified to avoid detection by security software.
The keylogger contained in the email installs itself automatically and then collects details of logins and passwords from the unsuspecting user. This means that hackers can, using the usernames and passwords stolen by the keyloggers, connect to VPNs, or Virtual Private Networks, which many companies use to create an encrypted pathway into their networks.
Once inside a bank's network, the hackers can communicate directly with computers holding account information and manipulate funds.
Has this actually happened? In some cases sources claim that the login details of VPNs have been obtained and used though there has been no confirmation that any losses have occurred as a result. The attacks are not believed to have focused on RBS but to have been across the whole of the banking industry.
Royal Bank of Scotland said that the bank had suffered no losses as a result of the attacks and added: "RBS has extremely robust processes in place in order to protect our systems from fraud. Trojan email attacks are an industry-wide issue and are not isolated to a particular area or a particular bank."
The first indication that banks had become the target of such sophisticated attacks emerged two years ago when police foiled an attempt by hackers to steal $420m (£210m) from a London branch of Sumitomo, a Japanese bank. According to reports, the attack on Sumitomo involved the use of both hardware and software keyloggers.
It is not just banks that have been targets. Last year attempts were made to steal information from the Houses of Parliament using malicious email. Messagelabs, the company responsible for monitoring much of the email traffic of the government and big business for suspect software, said at the beginning of the year that criminals have been evolving more sophisticated techniques to attack corporate networks.
According to Mark Sunner, chief technology officer of Messagelabs, the number of malicious emails targeted at individuals has been increasing. Two and half years ago they were being seen once every two months, but now they are seeing one or two a day. This has been accompanied by an increase in quality in the creation of Trojans and spyware.
"The hackers are now aiming to take over computers, particularly those of home users. Some of the malicious software that we are routinely seeing for that purpose will have its own antivirus system built into it so that they can kill off the programs of their competitors."
The criminal gangs, believed to be based in Russia and Asia, routinely use software deployed by legitimate businesses and adapt it to gather information on individuals. "The gangs are taking the lists of addresses from people's machines and they are performing their own mail merges to create databases of names and addresses," says Sunner.
According to Sunner, as well as the usual tactic of hijacking a PC for use as part of a spam network, hackers also mine computers for information on the individual and their contacts. This information can then be used help build a database of personal information that can be used to construct targeted criminal emails.
Social networking sites are also being mined, according to Sunner. These are not just the preserve of MySpace and Bebo-using teens; professional social networks such as Plaxo and LinkedIn are also being plundered. Sunner adds: "If someone contacts you from LinkedIn and you don't know them and they ask you to join their network, you essentially tell them the names of everyone you know if you are a member of either group. There are a lot of people who will answer those requests without thinking."
Aamir Butt, UK chief executive of Giritech, a Danish company that produces secure links for home-working, says: "We work with a range of customers including those in the financial industry and it was mentioned to us that the login details for VPN networks were a weakness that people were concerned about."
Increased vigilance
Tony Neate, the head of Get Safe Online, a government-funded organisation set up to raise awareness among UK businesses of computer criminals, says: "There is now an attempt to target individuals within UK businesses - including the banking sector. What is happening is that crime is doing what it always does, which is look for the weakest link. Home working is where they perceive a weakness.
"This points to a need for increased vigilance and security by those working from home and by those responsible for letting them work from home. For home working to be effective, security needs to be as effective as if working in an office."
Pete Warren
Thursday February 15, 2007
Guardian Unlimited
Guardian News and Media Limited 2007
