Largest Ever Online Robbery Hits Swedish Bank

ukhackster writes "A Swedish bank has fallen victim to what experts believe is the biggest online robbery ever. A Russian gang apparently used keylogging software to steal around one million dollars. It appears that most of the victims weren't running security protection. The bank is refunding everyone who lost money (even if they hadn't taken precautions) — good news for the victims, but not really an incentive to take more care in future. From the article: 'Nordea believes that 250 customers have been affected by the fraud, after falling victim to phishing emails containing the Trojan. According to McAfee, Swedish police believe Russian organised criminals are behind the attacks. Currently, 121 people are suspected of being involved. The attack started by a tailormade Trojan sent in the name of the bank to some of its clients, according to McAfee. The sender encouraged clients to download a "spam fighting" application.'"

According to whom?!

[rumith]

According to McAfee, Swedish police have established that the log-in information was sent to servers in the US, and then to Russia. And what has established Swedish police according to Swedish police? Why quote McAffee? What business do they have here?

the hard part

[Lord+Ender]

Stealing passwords is trivially easy. Even with two-factor authentication (SecurID), someone can MITM you if they own your PC.

The trick is getting cash transfered from someone's bank once you have their credentials.