Ad Here  
January
February
March
April
May
June
 
 
Perhaps small is more beautiful than big! One down in private sector Who is the real beneficiary? Bank deposits account for 46.3 per cent of household savings A new development bank rising in the east… Managing NPAs... Two banks: their jubilees and performances Reaching the Unreached… Drastic decline in asset quality Why any time money? The paradox: clamour for the Goliath and David New capitals of Migrant banks Well-lived... Ernakulam excels... Nothing much can happen…. All that glitters is not gold... Cut in repo rate – lower than expected Ferrying digital banking to Lakshadweep Drop in SLR- sparing lendable resources Small finance banks offer high interest rates Stage set for Indian ‘avatar’ of foreign banks Grows Bigger Growing volume of stressed assets… From lazy banking to easy banking Anytime banking to anywhere banking Lacklustre credit expansion Indian customers are tech savvy Another route for achieving financial inclusion Growing gainfully New bank licences, at last... Good, bad and ugly Banking on Risk Smart banking in smart cities Small is ‘more’ beautiful Financial inclusion vs unclaimed deposits Small finance payment banks... Cradle of banks to a smart city... Aadhaar, niraadhaar and banking Hesitancy in announcing year-end results Greet Lakshmi the banking robot Governance in Reverse Gear? Rationalised The collaboration suite of cyber criminals Monetary policy continues to adopt dis-inflationary path A bank for women, by women Bottomlines shrink, bad loans rise... Needed a Banking Atlas Fund healthcare clinics in villages... Mega merger is on Banking overhauling or reorganisation? Why priority status? A development bank for BRICS Targets continue to be ad hoc LVB- A supermarket of financial services Merger mania haunts banks How ‘secure’ are the secured loans? United India Insurance - Rs 110 crore losses have been claimed till now due to floods in Tamil Nadu Holy or unholy? Just 660 days! Target over-ambitious... Big bank merger, bigger expectations Emerging crisis Reaching out: is it slowing down? How okay are new banks? It’s a war on black money, support it. Payment banks have arrived Banking in Telangana Thirty more cities seek to become SMART Cautious and considerate What is the priority – mergers or NPA reduction? Insatiable appetite for credit Too big to fail and too small to sail Capital base of regional rural banks raised
 
The collaboration suite of cyber criminals
Welcome to a cyber crime collaboration suite – Citadel.
IN AUGUST THIS year, the Federal Bureau of Investigation (FBI) sounded a stern alert about Citadel. Based on references from IC3 (Internet Crime Complaints Center), FBI warned of a new ransomware called Reveton delivered through the malware platform Citadel.

IC3 describes the threat as: The ransomware lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States Federal Law. The message further declares that the user’s IP address was identified by the Federal Bureau of Investigation as visiting child pornography and other illegal content.

Warning of fine and failterm!

An infected web user gets a message that reads something like the following:
“Your IP address is: xxx.xxx.xxx.xxx. Your location is identified as: xxxxx. Your PC is blocked due to at least one of the following reasons:
• You have been viewing or distributing prohibited pornographic content (child porno etc.) thus violating Article 202 of Criminal Code of United States of America. Article 202 provides for deprivation of liberty for four to twelve years.
• Illegal access has been initiated from your PC with or without your knowledge or consent. Your PC may be infected by malware, thus you are violating the law on Neglectful use
of Personal Computers, Article 210 of the Criminal Code which provides for fine up to $ 100,000 and/or deprivation of liberty for four to nine years.”

Typical users are worried, particularly when they find that their location is correctly identified in the message and for a tech savvy user,he sees his IP address accurately mentioned in the notice. The typical user panics and goes on to reading the message further which identifies his residence, state and directs him to pay a penalty, offering relief from jail term being first time offence. The fine, ostensibly paid to the US Department of Justice, is to be paid using a prepaid card service which has to be purchased using the computer user’s credit card or through an on-line bank transfer. This is the icing on the cake for the cyber criminal. The ransom ware has already installed a key logger that captures the banking and credit card credentials and passes it on to the perpetrator of this attack. In other words, the victim pays a ‘fine’ and also offers his banking and credit card credentials to the attacker.

Why not ignore?

Why not ignore the warning message and go on as though nothing happened? Here’s why. The computer freezes with the display of the warning message and gets back to normalcy only when the ‘fine’ is paid to the attacker who successfully masquerades as US Department of Justice collecting the ‘fine.’ Some security vendors who have started researching the traffic and the process tell us something very interesting. They have found some traffic is encrypted to ensure that usage of digital forensic 
techniques to trace the origin becomes difficult. If we were to agree with Etay Maor who heads RSA’s Fraud Action Research Lab,this “is a technically advanced Trojan” that combines the lethal powers of ransomware and stealth access to banking credentials.

Can users be so very naïve to fall for this? Quite a few considerations come up. One, the message appearing on victim screens looks real.Secondly the infected computers do not give you the choice of ignoring it since the system freezes and can be brought back to normalcy only upon paying the ‘fine.’ Thirdly, as the victim is contemplating doing something smart to thwart the attack, the Trojan is already searching for stored credentials. Fourthly, the correct location and IP address of the victim displayed on the message unnerves even some of the tougher victims – they start thinking what if this were really from FBI. Fifthly, if the victim does decide to pay the ransom, he is forced to use a prepaid card service which collects the credit card bank log-in and transactions credentials and passes it on to the cyber criminals.

After paying the ‘fine’ and having the computer system unfreeze, what is the guarantee that the key logger that was clandestinely installed on the system has been removed? Users
had tried to remove the Trojan using known methods of malware removal. But to their discomfort, an FBI advisory on Citadel issued in third week of August has this to say: “Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programmes.”

A lethal combination...

Avivah Litan, a financial fraud analyst with Gartner has a different perspective. She says that the attack methods are not uniquely different from traditional key-logger and Zeus methods. But, says Litan, what is lethal here is the combination and packaging of various tried-and-true hacking techniques. So, how do we sort this issue? The solution has to be a combination of higher degree of awareness and significant strides to be made in Trojan research and creating anti-malware solutions.

I personally feel that the best of technology will not work till the user knows quite a bit more about the system; connectivity to internet and his vulnerability. I recently showed a screenshot of a Revton infected system to five people; each a successful and distinguished person and got interesting responses. A common response was to point to the captured IP address and location and say that clearly indicates how well FBI was monitoring illegal activity. When informed that whenever they book an airline ticket on-line, the ticket states that the booking was done from a given IP address and also showed them the simple process to determine geographical location using their log in, they said they knew it since they have seen it on their e-tickets! Despite this knowledge, they credited FBI with monitoring illegal activity effectively.Do we not have a very strong case for massive increase in awareness among users of on-line services?

Author :
Reported On :
Sector :
RELATED NEWS
ABOUT IE
IE, the business magazine from south was launched in 1968 and pioneered business journalism in south. Through the 45 years IE has been focusing on well-presented and well-researched articles. When giants in the industry stumbled to keep pace with the digital revolution, IE stayed affixed embracing technology.
Read more
 
PRIVACY POLICY
Economist Communications Ltd is committed to ensuring that your privacy is protected.
Read more
TERMS AND CONDITIONS
You agree that your use of this Website and the purchase of the magazine will be governed by these terms and conditions.
Read more
 
CONTACT US
S-15, Industrial Estate,
Guindy,
Chennai - 600 032.
PHONE: +91 44 22501236
EMAIL: indecom1968@gmail.com