AFP compiles the most alarming—and informative—fraud news relevant to corporates in Fraudwatch. This column is part of AFP's Payments Fraud Resource Center and is intended to keep you aware of the latest threats to your organization.
This week, Wall Street employs the NSA to patrol cyber attacks, the director of the FBI advocates for an alternative Internet to stall online criminal activity, the British foreign secretary pushes for international unity in the fight against cybercrime, and the ringleaders of a major Trojan fraud scheme in the UK go to jail.
Wall Street Calls Upon NSA to Look into Cybercrime
Wall Street banks have asked the National Security Agency to examine their accounts for finance fraud, Reuters reports. The move comes after former CIA and NSA director Michael Hayden recently advocated for the NSA to resume patrolling for cyber attacks as concerns over financial fraud increase.
Fears of hackers destabilizing the global financial system by taking advantage of weak spots in security has FIs on edge and seeking help from the government and private defense contractors. Government officials have warned that talented hackers could potentially cause sudden crashes, make massive funds transfers, disable trading systems, and even shut down ATM machines.
Last year, hackers infiltrated Nasdaq via malware that allowed them to spy on directors of publically held companies. The NSA is currently working with Nasdaq, building up its security systems.
Government officials are increasingly concerned about cyber attacks, which appear to be more coordinated than ever. Many experts suggest the hackers have support from China, though the Chinese have denied any involvement. Earlier this year, Google accused China for attempting to steal passwords for email accounts, and McAfee said hackers in China were responsible for hacking into the computer systems of five oil and gas companies to steal bidding plans and other information.
Gen. Keith Alexander, director of the NSA, said at a conference of the International Systems Security Association that the Defense Department is finalizing policies on how the military can stop cyber attacks. A trial program has been introduced, and the Department of Homeland Security is currently reviewing it.
Alexander noted the futility of attempting to block intrusions as they are detected, since it can often take months to recognize an intruder in the system. Instead, the Defense Department is working to reduce the multiple routes into the network, and is moving to cloud computing.
FBI Director Pushing for Alternative Internet
Theorizing that financial and utility systems will never be secure from hackers with the current system in place, Shawn Henry, the FBI’s executive assistant director, is pushing for a highly secure, alternative Internet.
The key weapon hackers have is their anonymity, so to create a network where only known and trusted individuals would have access could be instrumental in eliminating cyber threats, Henry told the International Systems Security Association. He firmly believes that any security efforts that are put forth in the current network will be quickly outmaneuvered by hackers.
“We can’t ‘tech’ our way out of the cyberthreat,” Henry said. “The challenge with the Internet is you don’t know who’s launching the attack.”
British Foreign Secretary Advocates for International Cooperation on Combating Cybercrime
William Hague, the British Foreign Secretary and First Secretary of State, pushed for international unity in the fight against cyber threats as he opened the London Conference on Cyberspace on Tuesday.
Noting that online crime is “growing exponentially,” Hague acknowledged the increasing difficulty governments face worldwide in attempting to thwart ever-evolving attacks. “Across the globe there are people and groups seeking to turn our personal information into cash, or to wreak havoc on the net to express political grievances,” he said. “In Europe and North America, one single denial of service tool designed by hacktivists was downloaded by more than 75,000 computer users earlier this year. Militaries, citizen services, credit card companies and businesses like Amazon were attacked. More than 6 million unique types of new malware were detected by industry in the first three months of this year.”
Despite the threats, Hague opposes to government control and censorship of the Internet, which he feels would be detrimental to a medium that thrives on innovation and competition. “We reject the view that government suppression of the Internet, phone networks and social media at times of unrest is acceptable,” he said.
Hague explained that the UK government is investing £650 million in a four-year cyber defense program, and is helping multiple small businesses win contracts to help build a new cyber security infrastructure. However, he recognized that many nations do not yet have these capabilities, and pushed for worldwide cooperation. “There is currently no forum of the kind this conference represents in which nations, business and civil society can engage as equal partners to discuss issues in cyberspace. And we believe that needs to change,” he said.
The UK has proposed seven principles to serve as a basis for more effective cooperation, Hague said. These include:
• governments acting proportionately in cyberspace and in accordance with international law;
• everyone possessing the ability to access cyberspace;
• tolerance and respect for cultural and ideological diversity by all users;
• an assurance that cyberspace remains open to innovation;
• respecting individual rights of privacy and providing protection of intellectual property;
• working collectively to thwart cybercrime; and
• promoting competition.
Ukrainian Cybercriminals Sentenced in London
Also in the UK, two Ukrainian cybercriminals who used a Trojan to steal £2.88 million from British bank accounts have been sentenced.
Yuriy Konovalenko and Yevhen Kulibaba plead guilty to conspiracy to commit fraud and have been sentenced to four years and eight months in Croydon, in South London, England. The duo were the ringleaders of a group that used banking Trojans to hack into personal computers, steal usernames, passwords and account numbers, and then transfer money into their own accounts.
Kulibaba ran the operation from the Ukraine, with Konovalenko acting as his liaison in the UK. They were apprehended amid a complex investigation by the Metropolitan Police Central E-Crime Unit (PCeU), in which 13 people in and around London have been jailed for their involvement in the scheme.
David Bellinger, CTP, Director of Payments at AFP weighed in on why corporates should pay attention to cases like this one. “Continue to keep a close eye on your accounts,” he said. “Account hijacking attempts can take place anywhere—at your company or even your bank given the heavy assaults they are under. Identify any suspicious activity and contact your bank immediately. Even if suspicious activity can be explained, a quick call to talk with your banker will always be worth it.”