Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Keylogging and the ease with which hackers can plunder bank accounts

Comodo Group : 02 October, 2009  (Technical Article)
Comodo looks into the latest generation of criminals using keylogging software and malware to gain access to bank accounts
Malicious software now replaces old-fashioned confidence games, enabling hackers to empty bank accounts with ease.

In the old days, con artists devised elaborate scams involving dropping envelopes full of money in front of the unwary, or promoting undeveloped swampland in Florida. The labour-intensive one-victim-at-a-time approach is outdated. Today, con artists infect hundreds or thousands of personal computers with key logging software, recording every key each Internet user taps. This way they collect information about bank account numbers and passwords.

Armed with confidential information, thieves plunder bank accounts at will, and rapidly, as unsuspecting small businesses and school districts around the United States are learning to their dismay.

'The cyber criminals have spotted a very high value yet very soft target' said Melih Abdulhayoglu, CEO of Comodo, in a recent video about bilked school districts. 'They inject…malicious executables into school districts' systems, and they take over their bank details and they siphon off money,

'It's a sad, sad, sad day,' said Abdulhayoglu, when money from innocent organizations goes 'straight into cyber criminals' pockets.'

'We don't have to suffer at the hands of cyber criminals…all we need is prevention as the first line of defence.'

Such prevention is available both for banking institutions and for their online depositors.

Online depositors should protect their personal computers from malicious executable files, otherwise known as malware, by using top-quality firewall and antivirus software. Such software should prevent software such as keyloggers from installing itself in a computer.

By law, one single password is not enough protection for online banking. To guard against hacker incursions, banks are required to demand more ID when communicating securely with customers online. The Federal Financial Institutions Examination Council (FFIEC) requires that banks and credit unions only allow customers to access their accounts if they use at least one other identification factor in addition to the passwords.

Requiring that the customer enter a password is a layer of protection called 'authentication'- ensuring that the customer is authentic. In addition, the financial institution must authenticate again by asking for at least one other piece of information. The information can be something the customer 'is' such as a fingerprint, or something the customer 'has' such as a physical key.

When hackers stole $588,000 from Patco Construction Co. in Maine in May 2009, Patco's attorneys advised it to sue its bank for not requiring adequate authentication.

'The case is ongoing,' said Abdulhayoglu. 'Whoever wins, the lawsuit will still be expensive and time-consuming, and both sides will wish they could have prevented it.'

'Unfortunately, it's difficult to stop a determined thief. But prevention-based software can often mitigate risk, making the Internet safer for us all.'
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo