Slashdot Mirror

← Back to Stories (view on slashdot.org)

PC Invader Costs a Kentucky County $415,000

Posted by kdawson on from the don't-be-stupid-out-there dept.

plover recommends a detailed account by Brian Krebs in the Washington Post's Security Fix column of a complex hack and con job resulting in the theft of $415,000 from Bullitt County, Kentucky. "The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks. ...the trouble began on June 22, when someone started making unauthorized wire transfers of $10,000 or less from the county's payroll to accounts belonging to at least 25 individuals around the country... [T]he criminals stole the money using a custom variant of a keystroke logging Trojan known as 'Zeus' (a.k.a. 'Zbot') that included two new features. The first is that stolen credentials are sent immediately via instant message to the attackers. But the second, more interesting feature of this malware... is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection."

3 of 192 comments (clear)

  1. enh, the criminals we get these days... by roc97007 · · Score: 4, Interesting

    All that work, and they netted less than a half million?

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  2. How does a keylogger ever spread? by gd2shoe · · Score: 4, Interesting

    I have a much more likely scenario. They simply spread their malware everywhere, and waited to see what sensitive systems they'd netted! They needed to dupe people into sending money overseas to them. I doubt they have any non-electronic influence in the states. The story indicates that the fake company name has been repeatedly tarnished... meaning it's very likely that they've done this before and will do this again. It probably got on by worm or trojan. Once there, it sat dormant while the hackers figured out which computers were of value to attack.

    --
    I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
  3. Re:Bank hold some responsibility by plover · · Score: 5, Interesting

    My wife has long had to transfer money between various commercial accounts at her jobs. As far back as I can remember, the banks issued her RSA tokens which were required to authorize the transfers.

    I can't imagine a commercial bank NOT using a secure crypto system with an air gap. If the county is concerned about two authorizations, so much the better: issue the judge his own token.

    Even that could be compromised by a hacker who owned the treasurer's computer, but it would have been almost impossible to run the scam 500 times in a few days like this guy did.

    --
    John