[ISN] Hackers prey on Internet banking
InfoSec News
isn at c4i.org
Fri Jun 11 06:27:39 EDT 2004
http://www.taipeitimes.com/News/taiwan/archives/2004/06/10/2003174478
STAFF WRITER,
WITH CNA
Jun 10, 2004
The numbers and personal codes of more than 100,000 Internet banking
and auction-site clients are feared to have been stolen by hackers
from across the Taiwan Strait.
Criminal Investigation Bureau officials said yesterday that they had
arrested a Taiwanese man named Chen Chung-shun (³¯±R¶¶), 30, in
Hualien, and seized a huge amount of confidential data, including 45
million e-mail addresses, almost 200,000 bank and auction-site account
numbers with their corresponding personal secret codes, and
information on three figurehead bank accounts.
Investigators believe Chen has been collaborating with Chinese hackers
since February to steal Internet bank codes by planting "shell" or
"revised" versions of "Trojan horse" programs into the personal
computers of customers using Internet banking services.
Although Chen said he had obtained hundreds of thousands of bank
account codes, police found only a portion of the code information at
Chen's premises in Hualien.
Chen reported told investigators that he had transferred approximately
100,000 accounts and personal codes to the China-based hackers, and he
had no backup copies in his database.
Investigators have urged the public to change their bank codes
immediately to avoid losing their money.
Chen had reportedly gathered 45 million Taiwanese e-mail addresses,
and in mid-February, he started sending advertising e-mails containing
shell or revised Trojan horses to those e-mail addresses. By
mid-March, he had sent out over 18 million e-mails.
Police said the banks' firewalls a had not been compromised, but that
using the "shell" versions provided by Chinese hackers and attached to
the e-mails, Chen managed to record account numbers and personal codes
as they were input by bank customers.
After obtaining account num-bers and personal codes, Chen proceeded to
transfer money to other accounts.
Although the total amount stolen by the ring is estimated to be
several million NT dollars, the full extent of the losses is not yet
known.
Officials said the ring withdrew the money from the International
Commercial Bank of China ATM machines in China, or transferred it to
hundreds of figurehead accounts which had been established in the
names of 10 Taiwanese people.
Hundreds of thousands of bank-account numbers, with corresponding
personal codes, were exposed to the hackers' machines, according to
investigators.
The officials said that among the bank accounts tampered with were
savings accounts with funds in excess of NT$200 million (US$5.9
million).
Bureau officials described this type of Internet crime as "secretive,
shapeless, borderless, anonymous and without restrictions on
distance." They said the total damage caused by the hackers was not
yet known.
More information about the ISN
mailing list