Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Wanted: Hackers For Large-Scale Attacks On American Banks

timothy posted about 2 years ago | from the just-leave-the-credit-unions-alone dept.

Crime 77

Trailrunner7 writes "RSA's FraudAction research team has been monitoring underground chatter and has put together various clues to deduce that a cybercrime gang is actively recruiting up to 100 botmasters to participate in a complicated man-in-the-middle hijacking scam using a variant of the proprietary Gozi Trojan. This is the first time a private cybercrime organization has recruited outsiders to participate in a financially motivated attack, said Mor Ahuvia, cybercrime communications specialist for RSA FraudAction. The attackers are promising their recruits a cut of the profits, and are requiring an initial investment in hardware and training in how to deploy the Gozi Prinimalka Trojan, Ahuvia added. Also, the gang will only share executable files with their partners, and will not give up the Trojan's compilers, keeping the recruits dependent on the gang for updates."

cancel ×

77 comments

First post (-1, Offtopic)

mister_playboy (1474163) | about 2 years ago | (#41566151)

I'm bored. :(

Re:First post (-1)

Anonymous Coward | about 2 years ago | (#41566221)

Fuck off. Slashdot is not your blog.

Re:First post (-1)

Anonymous Coward | about 2 years ago | (#41566875)

Fuck off. Slashdot is not your blog.

It's also not 4chan, so I think you should go back there rather than spew vitriol.

the easiest marks (5, Insightful)

Anonymous Coward | about 2 years ago | (#41566153)

The attackers are promising their recruits a cut of the profits, and are requiring an initial investment in hardware and training

as any confidence man could tell you, the best marks are those that think they are in on the scam...

I got the email (5, Funny)

93 Escort Wagon (326346) | about 2 years ago | (#41566385)

May God the merciful grant you peace. You will be surprised to hear from me. I am MRS. HELENA SHOSTAKOVICH, widow of the late DMITRI SHOSTAKOVICH of hacker fame. My dear husband past away two weeks ago, leaving behind 1,500,000 credit card numbers worth THREE HUNDRED MILLIONS US DOLLARS. As I am unable to realize this sum here in Russia, I have been authorized to advance into your bank account FIVE MILLION DOLLARS for assistance in retrieving this funds. The requirement from you, to show you are an honest man of principle and good faith, is an insignificant small purchase of hardware from the following list: ...

To avoid Putin's spies, I have retained agents in NIGERIA who will handle your transactions. Forward your credit card particulars to:

Mr. JOHN MBUTU
POST OFFICE WILL CALL
LAGOS, NIGERIA

Re:the easiest marks (2)

frosty_tsm (933163) | about 2 years ago | (#41566401)

The attackers are promising their recruits a cut of the profits, and are requiring an initial investment in hardware and training

as any confidence man could tell you, the best marks are those that think they are in on the scam...

I second that thought. This sounds less like a serious recruitment and more like one of those "makes $5000 a month working from home" things.

Re:the easiest marks (2)

sjwt (161428) | about 2 years ago | (#41566411)

Subject is incorrect..

Wanted: Hackers For Large-Scale Sting!

Re:the easiest marks (0)

Anonymous Coward | about 2 years ago | (#41566593)

Totally...

Re:the easiest marks (1)

Razgorov Prikazka (1699498) | about 2 years ago | (#41566611)

Language is wrong to. It should either be:
Требуются: хакеры для крупномасштабных нападений на американские банки (Russian)
Or
通缉:黑客大规模攻击美国银行 (Chinese)

These guy's can help you out ;-)

Re:the easiest marks (4, Funny)

Razgorov Prikazka (1699498) | about 2 years ago | (#41566613)

Hmmm... Cyrillic & Simplified Chinese dont show quite as I expected :-(

Re:the easiest marks (4, Funny)

peragrin (659227) | about 2 years ago | (#41566855)

this is slashdot and the only languages that are known here are english and bad english.

yippee kay yay mother fuckers.

Re:the easiest marks (0)

Anonymous Coward | about 2 years ago | (#41567039)

> this is slashdot and the only languages that are known here are english and bad english.

You cannot use a cent symbol over here!

Many sites do the same, I think that, differently from the post 2nd war situation, the USA would rather now isolate themselves from the world.

The way things already are, I'm beginning to question the wisdom of having "learned" English while also regretting that the absence of a real worldwide lingua franca will force me to learn Chinese and perhaps also Russian to have a reasonable understanding of the future Internet.

And, yes, I know Esperanto but for what I usually read, English is still mandatory.

Re:the easiest marks (0)

Anonymous Coward | about 2 years ago | (#41567255)

An English person with bad English, I hae to ask what about American English then ?

Re:the easiest marks (3, Informative)

overlordofmu (1422163) | about 2 years ago | (#41575939)

American English now considers "funner" a proper word. Do I need to say more?

Re:the easiest marks (1)

thisisfutile (2640809) | about 2 years ago | (#41599703)

That's the most dumb argument I've ever heard.

Re:the easiest marks (1)

overlordofmu (1422163) | about 2 years ago | (#41608151)

What?

Hey banks: Time to inject moles! (0)

Anonymous Coward | about 2 years ago | (#41566163)

At least that's what I would do. Hire the best crackers myself, and then send them to be hired there.

Compilers.. (3, Interesting)

MnemonicMan (2596371) | about 2 years ago | (#41566165)

Won't give up their "compilers" now will they.. Bastards, I'll drop in my version of GCC and show them! Er, ahem, I think the article means "source code." And even with that a determined reverse-engineering effort could negate that too..

Re:Compilers.. (0)

Anonymous Coward | about 2 years ago | (#41566177)

their compilers also encrypt

Re:Compilers.. (2)

MnemonicMan (2596371) | about 2 years ago | (#41566183)

So pretend you're a client and request the decryption key for the payload from their servers?

Re:Compilers.. (0)

Anonymous Coward | about 2 years ago | (#41567157)

its not the key you need, its the algorithm used to encrypt the binaries. If you have the source, but don't know how they generate encrypted binary code from it, you cant write antivirus for new versions of it.

Re:Compilers.. (2)

gl4ss (559668) | about 2 years ago | (#41567367)

its not the key you need, its the algorithm used to encrypt the binaries. If you have the source, but don't know how they generate encrypted binary code from it, you cant write antivirus for new versions of it.

but you do have the algorithm used to decrypt the binaries.. it's in the payload. duh.

Re:Compilers.. (0)

Anonymous Coward | about 2 years ago | (#41567985)

Could this compiler be a modified version of GCC? Hey there--distributing a modified version of GCC without making the source available? They'd be GPL violators too!

Re:Compilers.. (0)

Anonymous Coward | about 2 years ago | (#41566185)

a determined reverse-engineering effort could negate that too

Ya, but where is the economic incentive to do that ?

Re:Compilers.. (0)

Anonymous Coward | about 2 years ago | (#41566203)

Not necessarily, the compiler could be adding in something which isn't in the source code. Just as a contingency against somebody managing to gain access to the source code. Read up on the BSD compiler rootkit if you aren't already familiar.

I'm guessing that they also aren't providing the source code.

Re:Compilers.. (1)

sconeu (64226) | about 2 years ago | (#41566331)

It's not the BSD compiler rootkit. It's the original AT&T "cc" command.

Reflections on Trusting Trust [bell-labs.com] by Ken Thompson, himself.

Re:Compilers.. (1)

uninformedLuddite (1334899) | about 2 years ago | (#41579187)

carbon copy?

Re:Compilers.. (0)

Anonymous Coward | about 2 years ago | (#41566957)

GCC? Everyone knows real hackers use Lisp.

is this a job ad? (4, Funny)

Anonymous Coward | about 2 years ago | (#41566175)

Can I apply right now?

Re:is this a job ad? (0)

Anonymous Coward | about 2 years ago | (#41567269)

Nope Sorry all the positions are allready full with staffers from the NSA. CIA, TSA like the story"The man who would be Friday".

I have an attack strategy (0)

slashmydots (2189826) | about 2 years ago | (#41566195)

1. sit on your ass
2. mine bitcoins
3. USD-based banks are DESTROYED! lol.
I heard that's how it works, lol.

Re:I have an attack strategy (2, Insightful)

Anonymous Coward | about 2 years ago | (#41566739)

1. Start "recruiting" people for the diversion A, to keep the RSA's FraudAction research team, the media and (therefore) the government busy with that.
2. Don't tell anyone about the real plan B.
3. Select the best people from the group working on A, and bring them in on plan B.
4. for the profit part: Do plan B before diversion A
5. for the fun part: don't cancel diversion A, just watch it live on the news.

Oh yeah?? (0)

Anonymous Coward | about 2 years ago | (#41566199)

Also, the gang will only share executable files with their partners

I want those executables, give them to me now so I can run them immediately! Hell yes, they are gonna own, gimme gimme gimme. Also let me root my phone and get free clones of apps that cost a dollar, this is all good things for my bank account!

What About POTUS? (-1)

Anonymous Coward | about 2 years ago | (#41566229)

Isn't POTUS sexy?

Why not POTUS? He is CEASAR by the way.

Seems POTUS would be a more ... Legit target.

XO

Questionable Validity (5, Insightful)

dutchwhizzman (817898) | about 2 years ago | (#41566259)

Why bother recruiting people if you can just hire bots, or herd your own? Why go for 100 small ones if just a few bigger ones will yield you the same number of victims?

These seem like either very inexperienced criminals, or indeed, as someone else suggested, scammers that want to rip off botnet herders, not banks. You don't involve people in your gang if you don't absolutely need them. You don't train them, unless you absolutely need them to know things. The less people know as little as possible, the smaller the chance you will get caught. Causing a racket by recruiting up to 100 herders does not fit that MO.

Re:Questionable Validity (-1)

Anonymous Coward | about 2 years ago | (#41566315)

get rich quick scams happen, and so do religious idiots who'll do anything for a dollar.

Re:Questionable Validity (2)

pitchpipe (708843) | about 2 years ago | (#41566373)

Mod parent up! These guys must be morons if they think that they can keep 100 people quiet about anything, let alone thinking that they wouldn't be infiltrated by law enforcement.

Die Hard 4 (3, Funny)

1u3hr (530656) | about 2 years ago | (#41566455)

these guys must be morons if they think that they can keep 100 people quiet about anything

Timothy Olyphant's character worked that out with his scheme in Die Hard 4.

1) Hire 100 hackers
2) use their code to crack every bank and utility at once
3) kill the hackers.
4) profit!

Killing all his staff did leave him vulnerable to being tracked by Kevin Smith and taken down by a plucky former LAPD cop though.

Re:Die Hard 4 (1)

cjjjer (530715) | about 2 years ago | (#41567153)

Meh, hackers have no flair for crime, now the Joker in The Dark Knight...

+6 insightful (2, Interesting)

Anonymous Coward | about 2 years ago | (#41566559)

It does sound like a hollywood plot. You wouldn't want 100 people giving away the secrets, and it's not necessary when hackers use computers.

There's two sets of crooks involved here, one set are crooks trying to steal stuff, other set are crooks trying to get budget for security theatre. My guess is that this comes from the latter rather than the former.

Re:Questionable Validity (0)

Anonymous Coward | about 2 years ago | (#41566699)

But we don't know that there is 100.

All that we know is that someone has written a story claiming there to be 100.

This story is most assuredly a defensive act, meant to alert the criminals that they are being monitored and that they are known about.

Given that, if you want to make a defensive act like this, you don't want the actual criminals to know what you know but you want to make them think that they're known about.

Thus it is pretty safe to conclude that the actual number is not 100 - most likely substantially less - and that 100 is an overestimate to cater for a guess of "there are probably some that we can't see."

There's one other thing.

Given that this is being made public before the act most certainly means that all of the targeted banks are currently believed to be vulnerable to the planned attack. At the very least, someone is trying to buy time.

Or RSA is marketing their bank tokens (0)

Anonymous Coward | about 2 years ago | (#41566777)

Most likely thing here is RSA is marketing their logon security tokens used by banks exactly to mitigate this sort of attack.

Duplicating a users compromised machine on a botmasters machine... why would you do that? You already control the end users machine! Why would you go to such an extent??

Also the 'VOIP' flood to stop the user contacting their bank? Rubbish. Hollywood plot stuff.

No it looks like PR timed to coincide with that European DDOS test to market RSA.

Re:Or RSA is marketing their bank tokens (1)

uninformedLuddite (1334899) | about 2 years ago | (#41579197)

Now if they had been using VOIP to compromise the end users cookie I would have been impressed.

Re:Questionable Validity (0)

Anonymous Coward | about 2 years ago | (#41567591)

This is an insightful analysis.

But we don't know that there is 100.

All that we know is that someone has written a story claiming there to be 100.

This story is most assuredly a defensive act, meant to alert the criminals that they are being monitored and that they are known about.

Given that, if you want to make a defensive act like this, you don't want the actual criminals to know what you know but you want to make them think that they're known about.

Thus it is pretty safe to conclude that the actual number is not 100 - most likely substantially less - and that 100 is an overestimate to cater for a guess of "there are probably some that we can't see."

There's one other thing.

Given that this is being made public before the act most certainly means that all of the targeted banks are currently believed to be vulnerable to the planned attack. At the very least, someone is trying to buy time.

Re:Questionable Validity (4, Insightful)

asifyoucare (302582) | about 2 years ago | (#41566781)

Why bother recruiting people....

Because there is no intention to hack a bank. The intention is to part gullible would-be hackers from their money.

Confusion (5, Insightful)

DoofusOfDeath (636671) | about 2 years ago | (#41566263)

I'm trying to remember, who are the bad guys here, the law-breaking, savings-stealing douchebags, or the guys running the botnet?

Re:Confusion (4, Funny)

Mr. Shotgun (832121) | about 2 years ago | (#41566327)

Probably the law-breaking, savings stealing douchebage who packed up a bag of crap and sold it as AAA financial instruments while betting against it. However putting you heart close to either one will end up in misery.

Re:Confusion (-1)

Anonymous Coward | about 2 years ago | (#41566371)

What about the douchebags that runs up the debt setting up the preconditions for the crash to happen?

If you put money in the stock market, you might go bankrupt.
If you borrow money to invest in the housing market, you might go bankrupt.
If you just leave money in the bank in a saving account, the bank might have gone bankrupted.
If you just leave your money in a pillow case, inflation caught up with you and you lose money.

Re:Confusion (5, Insightful)

Anonymous Coward | about 2 years ago | (#41566339)

Not everything is black and white. Sometimes all the parties are the bad guys.

Re:Confusion (1)

ThatsMyNick (2004126) | about 2 years ago | (#41566361)

Well played, good sir! My kingdom for some mod points.

Re:Confusion (2, Insightful)

Anonymous Coward | about 2 years ago | (#41566789)

just like in the US election!

Re:Confusion (4, Insightful)

houghi (78078) | about 2 years ago | (#41566421)

People here often think in one or zero. If there are two options, they think it is yes or no. this OR that. black OR white. True OR False. Asking the OR question is like asking when somebody stopped hitting their wife. SO ask the question correctly with Logical connective [wikipedia.org]

This means there is more then just OR. At least you can also use AND, NOT and NOR

Look at this: Do you want to have your right knee shot OR your left one?

Re:Confusion (0)

Anonymous Coward | about 2 years ago | (#41568953)

So you are saying he should want to have his right knee shot AND his left one?

Re:Confusion (1)

DoofusOfDeath (636671) | about 2 years ago | (#41573153)

Sometimes people on Slashdot fail to recognize that the details provided in a post were just to lay the groundwork for a joke.

Re:Confusion (1)

uninformedLuddite (1334899) | about 2 years ago | (#41579211)

NAND?

Re:Confusion (0)

Anonymous Coward | about 2 years ago | (#41581799)

Look at this: Do you want to have your right knee shot OR your left one?

I believe the answer to that is: No.

Or perhaps you really mean to ask if I want my right XOR left one?
In that case, the answer is still a negative (no, false, 0, w/e) because a) I don't want left shot, b) I don't want right shot.

Both operands are false, and according to my truth tables, the resultant is false.

Logic wins again, and I keep both knees. Epic win.

Re:Confusion (0)

Anonymous Coward | about 2 years ago | (#41566745)

The banks obviously :-)

Re:Confusion (0)

Anonymous Coward | about 2 years ago | (#41567493)

I think the point of the article was a bit off. They went on and on about banks and hackers when they should have been talking about making contact with Barsoom - which is apparently where they found this Mor Ahuvia guy. That's some cool shit there. I wonder if he contacted us through the Curiosity rover?

This is worrying. (5, Funny)

Anonymous Coward | about 2 years ago | (#41566347)

They should be hacking banks using OPEN SOURCE SOFTWARE and tools. (Strokes beard thoughtfully.) The use of proprietary, closed-source tools takes away from the common, computer using felon the ability to maintain his own malicious code.

~ Richard Stallman

What better way to catch a theif? (1)

macbeth66 (204889) | about 2 years ago | (#41566479)

Throw out a virtual net and pull 'em in. Maybe even pay out some money and recruit repeatedly. It might even attract the attention of the real 'gang'.

Re:What better way to catch a theif? (1)

gl4ss (559668) | about 2 years ago | (#41566915)

but that would be inciting, encouraging and enabling the crime - you can't just go around doing that if you're a honest law enforcement officer..

oh shit wait we were talking about the fbi - yeah, they do that.

Re:What better way to catch a theif? (3, Informative)

FatLittleMonkey (1341387) | about 2 years ago | (#41566967)

You don't arrest them for the crime you incite them to commit, it just allows you to identify and tag them. Then you monitor them for other illegal activities. That's what you arrest them for. (And by monitoring their communication, you can pick up other criminals that weren't attracted by the initial incitement. Allowing you to conduct coordinated international raids that take out entire networks. Also, you can find the few very best coders and recruit them. Possibly to work against their own government.)

And if you really did unreasonably "incite" some of them, they won't commit other crimes, so they get away with it.

Why oh why oh why? (0)

Anonymous Coward | about 2 years ago | (#41566767)

Why use a hacker when you can use a banker?

What's wrong with insider attacks such as used by certain banks and financial institutions within the not-so-distant past? Best of all, when you use a banker, you get a tax-payer-funded bailout aka welfare, and you don't have to pay it back!

Ah, bullshit. (4, Insightful)

Type44Q (1233630) | about 2 years ago | (#41566787)

Bullshit: if this were really happening, this guy would not be aware of it.

Re:Ah, bullshit. (0)

Anonymous Coward | about 2 years ago | (#41566959)

Like a normal person would not be aware of the people selling CC information on various Tor boards. Too bad you can't tell who's a LEO and who isn't.

Admiral Ackbar Says (2)

drinkypoo (153816) | about 2 years ago | (#41566815)

Also, the gang will only share executable files with their partners, and will not give up the Trojan's compilers, keeping the recruits dependent on the gang for updates

It's a trap! Who's that fucking stupid?

Re:Admiral Ackbar Says (1)

Delarth799 (1839672) | about 2 years ago | (#41571329)

You largely underestimate a person's shortsightedness when the opportunity of possibly making lots money presents itself.

Re:Admiral Ackbar Says (1)

uninformedLuddite (1334899) | about 2 years ago | (#41579227)

Maybe it's just a set up for the inevitable Iranian hackers destroyed our banking system and everyone's money is now gone. We must attack now while we are all broke and cranky.

two factor authentication? (1)

kenorland (2691677) | about 2 years ago | (#41566817)

Why are they engaging in such theatrics? So far, most banks in the US don't even use two factor authentication (no, it's not a panacea, but it helps, in particular against man in the middle attacks).

From the "32 going on 12" department... (0)

Anonymous Coward | about 2 years ago | (#41567041)

I would get involved in this project solely so I could tell people I worked with RSA's F.A.R.T.

If I was a conspiracy theorist (0)

Anonymous Coward | about 2 years ago | (#41567165)

...I'd suggest this whole thing have been set up by the banks themselves as the first step in a larger plot. This is the first step (create an issue). The next step would be a large scale attack that will knock down the servers of the bank in which the key senators and representatives hold their assets (make the issue personal). Next, stage a series of arrests and claim the credit (present a solution). And finally, ask the government for additional protection measures for corporations, and other legislative means like on-demand personal data disclosure, ban on encrypted data transfers outside of banking systems, Internet 'kill-switch' and so on (profit).

But since I'm not a conspiracy theorist I'd say this is all just a scam. "Looking for bestest haxorz in teh wurld. Profit guaranteed, tools and training provided for a small entry fee" kind of thing. It's funny how RSA actually thinks this is some kind of "hack of the millennium" in making :)

Awful title! (0)

Anonymous Coward | about 2 years ago | (#41567385)

Based on the title and summary one would think that RSA is looking to hire some whitehats to help.
This is not the case.

Rumours abound of a "False Flag" attack coming (2)

advocate_one (662832) | about 2 years ago | (#41567637)

on the banking system with the Iranians being blamed for it...

Bad article (-1)

Anonymous Coward | about 2 years ago | (#41567957)

and full a false crap

- president united hackers association

Whoopsi Doo! (0)

Anonymous Coward | about 2 years ago | (#41569617)

What's the acronym for "Fraud Action Research Team"?

If true .. (1)

ananthap (971180) | about 2 years ago | (#41577089)

If triue, this is a hardened gang of criminals going after big money and not a few persons' savings. MITMA attacks do need the fastest hardware and as such seems plausible. I RTFA'd and found

“This Trojan is not well known. This is not SpyEye or Citadel; it’s not available for everyone to buy,” Ahuvia said. “Security vendors and antivirus signatures are less likely to catch it or be familiar with it. It will be tricky for vendors to detect and block it. This gang is keeping a tight hold on the compiler. By only giving up executable files, they can control how any antivirus signatures are in the wild and keep unique signatures to a minimum.” Again seems plausible. OK

Those who do not remember history. . . (0)

Anonymous Coward | about 2 years ago | (#41578109)

Can you say "Live Free or Die"?

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...