Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wanted: Hackers For Large-Scale Attacks On American Banks

Posted by timothy on from the just-leave-the-credit-unions-alone dept.

Trailrunner7 writes "RSA's FraudAction research team has been monitoring underground chatter and has put together various clues to deduce that a cybercrime gang is actively recruiting up to 100 botmasters to participate in a complicated man-in-the-middle hijacking scam using a variant of the proprietary Gozi Trojan. This is the first time a private cybercrime organization has recruited outsiders to participate in a financially motivated attack, said Mor Ahuvia, cybercrime communications specialist for RSA FraudAction. The attackers are promising their recruits a cut of the profits, and are requiring an initial investment in hardware and training in how to deploy the Gozi Prinimalka Trojan, Ahuvia added. Also, the gang will only share executable files with their partners, and will not give up the Trojan's compilers, keeping the recruits dependent on the gang for updates."

9 of 77 comments (clear)

  1. the easiest marks by Anonymous Coward · · Score: 5, Insightful

    The attackers are promising their recruits a cut of the profits, and are requiring an initial investment in hardware and training

    as any confidence man could tell you, the best marks are those that think they are in on the scam...

  2. Questionable Validity by dutchwhizzman · · Score: 5, Insightful

    Why bother recruiting people if you can just hire bots, or herd your own? Why go for 100 small ones if just a few bigger ones will yield you the same number of victims?

    These seem like either very inexperienced criminals, or indeed, as someone else suggested, scammers that want to rip off botnet herders, not banks. You don't involve people in your gang if you don't absolutely need them. You don't train them, unless you absolutely need them to know things. The less people know as little as possible, the smaller the chance you will get caught. Causing a racket by recruiting up to 100 herders does not fit that MO.

    --
    I was promised a flying car. Where is my flying car?
  3. Confusion by DoofusOfDeath · · Score: 5, Insightful

    I'm trying to remember, who are the bad guys here, the law-breaking, savings-stealing douchebags, or the guys running the botnet?

    1. Re:Confusion by Anonymous Coward · · Score: 5, Insightful

      Not everything is black and white. Sometimes all the parties are the bad guys.

    2. Re:Confusion by houghi · · Score: 4, Insightful

      People here often think in one or zero. If there are two options, they think it is yes or no. this OR that. black OR white. True OR False. Asking the OR question is like asking when somebody stopped hitting their wife. SO ask the question correctly with Logical connective

      This means there is more then just OR. At least you can also use AND, NOT and NOR

      Look at this: Do you want to have your right knee shot OR your left one?

      --
      Don't fight for your country, if your country does not fight for you.
    3. Re:Confusion by Anonymous Coward · · Score: 2, Insightful

      just like in the US election!

  4. Re:I have an attack strategy by Anonymous Coward · · Score: 2, Insightful

    1. Start "recruiting" people for the diversion A, to keep the RSA's FraudAction research team, the media and (therefore) the government busy with that.
    2. Don't tell anyone about the real plan B.
    3. Select the best people from the group working on A, and bring them in on plan B.
    4. for the profit part: Do plan B before diversion A
    5. for the fun part: don't cancel diversion A, just watch it live on the news.

  5. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion

  6. Ah, bullshit. by Type44Q · · Score: 4, Insightful

    Bullshit: if this were really happening, this guy would not be aware of it.