Share This

Showing posts with label Internet scams. Show all posts
Showing posts with label Internet scams. Show all posts

Friday, 13 September 2013

Prevent ATM thieves and cyber crimes on the rise

Banks to arm machines with ink bombs to stain stolen notes


PETALING JAYA: Thieves who rob automated teller machines will be left with worthless pieces of paper if a Bank Negara proposal is put into place. Dye bombs are to be placed in the ATMs and if anyone tampers with the machines, the “bomb” goes off, leaving the notes stained in red and easily recognisable as stolen money.

Bank Negara, in its guidelines on Dye-Stained Banknotes dated Aug 26, is calling on both banks and Cash in Transit Companies to consider using the currency protection device (CPD) to deter ATM theft.

Local security company Extro Code Sdn Bhd demonstrated yesterday a CPD or dye pack which is already available in the market.

Its technical director Mohd Zaki Sulaiman said that once installed, the dye pack would be triggered when someone tries to break into the ATM.

“The device is like a smoke bomb which releases the ink onto the stacks of banknotes in the ATM,” he said.

Mohd Zaki said there’s no actual explosion but there is some heat when the CPD is triggered.“The actual triggering mechanism is a trade secret,” he added.

He said the ink called Disperse Red 9 was not harmful. He said the ink was imported but the actual CPD was developed and produced locally.

Mohd Zaki declined to reveal the cost of each dye pack and the installation cost. “Who pays for the device will depend on Bank Negara and the banks,” he said.

He said there are four ATM providers in the country but installing the dye-packs in the different machines should not be a problem.

The Bank Negara guidelines state that the CPD would emit a bright coloured dye by smoke, liquid or any other agent to stain the currency in the event ATMs are broken into.

This will enable authorities and the public to easily identify the defaced stolen currency and render them unfit for use.

The guidelines also sets out conditions under which these banknotes will be replaced. Among them:
  • > The ink has to be indelible by water, fuel, gas, bleach and detergent.
  • > It must be traceable to the ATM, to assist police investigations.
  • > It must stain at least 10% of each bank note.
  • > It can be detected and rejected by banknotes authentication machines used by banks such as Cash 

Deposit Machines. >It must be non-hazardous and non-toxic.

If banks retrieved the dye-stained currency, they can submit the banknotes to the central bank for assessment.
Tellers will also be trained to detect these banknotes.

The public and retailers will be advised not to accept dye-stained banknotes as they are likely to be stolen.

These measure, Bank Negara believes, will reduce ATM robberies.

In the United States, banks have dye bombs in vaults and any unauthorised person who tries to remove any money will trigger the bomb, leaving all the money – and the robber – stained in ink.


Related stories:
9000 machines nationwide to have CPD
Cops welcome currency protection device proposal

Cyber crimes on the rise - millions of ringgit being lost annually to scams
Public awareness: (From left) Ambank deputy managing director Datuk Mohamed Azmi Mahmood, Khalid and AmIslamic Bank Berhad CEO Datuk Mahdi Morad at the launch of the Scam Alert campaign in Bukit Aman. 
Public awareness: (From left) Ambank deputy managing director Datuk Mohamed Azmi Mahmood, Khalid and AmIslamic Bank Berhad CEO Datuk Mahdi Morad at the launch of the Scam Alert campaign in Bukit Aman 

KUALA LUMPUR: Fraud and cyber crimes in the country have risen unchecked due to the lack of public awareness, while victims are hesitant to report the crime, the police said.

Millions of ringgit have been lost annually to crimes like sms scams and parcel scams, which have mostly gone unnoticed in the public eye.

In a bid to stop such crimes, the police has launched an awareness initiative on the various types of scams in the country.

Inspector-General of Police Tan Sri Khalid Abu Bakar said the initiative, under the National Blue Ocean Strategy, comprised cooperation with the Association of Banks in Malaysia (ABM) and the Association of Islamic Banking Institutions Malaysia (AIBIM).

The public would be informed and educated on the different types of fraud and cyber crime scams being used by today’s criminals.

“We are posting a list of the various methods and modus operandi used in these scams at our official police website at www.rmp.gov.my.

“This will be linked to the websites of all banks in the country so that anyone can easily access the information which will be regularly updated,” he said after launching the initiative at Bukit Aman yesterday.

Khalid said RM98.6mil in losses was recorded last year in cases involving cyber crimes, including Internet banking fraud as well as sms and parcel scams.

“So far this year, such losses have reached RM80.7mil, which shows that such cases and losses are increasing,” he said.

He added that losses to sms scams had jumped from RM5.8mil last year to RM39.2mil so far this year.

- The Star/Asia News Network

Sunday, 19 May 2013

Online banking Trojans going after your money!


Online banking users in Malaysia need to be wary of sophisticated Trojans. 

IMAGINE a burglar hiding in your house and slowly cleaning out your valuables, bit by bit, without you even realising it.

According to security firm Symantec, that is the common modus operandi of banking Trojans today, which have grown so sophisticated that they are almost impossible to detect and very difficult to get rid of.

As its latest white paper the World of Financial Trojans reveals recently, malware (short for malicious software) attacked over 600 financial institutions worldwide last year.

With this growth, bank hold-ups or ATM robberies, the bank heist of choice in Malaysia these days will soon be a thing of the past.

The phenomenon is no doubt partly due to the growing trend of online banking. As banks move online to make their transactions fast, easy and convenient for customers, cyber criminals are also finding the digital route the faster, easier and more convenient mode for looting.

A big threat, the report highlights, is the rate at which banking Trojans are now developed: with state-of-the-art mechanisms to circumvent the more complex security systems and exploit their weaknesses.

“Trojans have indeed evolved and the attackers have become more specialised and sophisticated,” Symantec Corporation (Malaysia) Sdn Bhd director (systems engineering) Nigel Tan concurs.

Most worrying, is that while the United States and Japan remain top of their target list, the banking Trojans are increasingly targeting emerging economies with high Gross Domestic Products (GDP) in Asia and the Middle East like Malaysia.

Tan notes, “Malaysia is on the radar of these cyber criminals and our financial institutions experienced attacks out of the 600 reported globally last year. We are not in the top 10 of countries attacked but the threat for Malaysia is no less dangerous.”

Internet banking has grown steadily in Malaysia since it was first launched in June 2000, and is now offered by 29 banks in Malaysia. As of September last year, there were 12.8 million registered users, rising from 3.2 million in 2006 and eight million in 2009.

Predictably, cyber crimes in Malaysia have also increased, with some RM2.75bil losses recorded over five years, from 2005 to 2010, especially in the financial sector.

The fact that cyber criminals are starting to eye Malaysian banks means we need to be more vigilant and tighten up our cyber security, says Tan.

End-users need to keep abreast with what security measures there are. - Nigel Tan End-users need to keep abreast with what security measures there are. - Nigel Tan
“They need to look at the malware threats they are risked to and look for measures to mitigate them because any organisation will face these threats.”

However, one problem is that many of these institutions cannot keep up with the constantly evolving sophisticated attacks. Another is the gap in the ability of certain organisations to detect threats on customers systems, according to the report.

Tan concedes that the security of our financial institutions can be improved.

Another challenge is that the Trojans are beginning to work out which banks have less security, and going after them, he warns.

“There is a difference in quality between the different banks in terms of how much of the protection and fraud detection methods they put in place.

“And if you are a robber trying to decide between two houses one big house with full security or one smaller house with minimal security; it is secured with only a padlock and chain which one will you target?” Tan quizzes.

As the report sums it, banking Trojans now “enter through the backdoor, strike with clinical precision, and have evolved to a degree of sophistication that allows attackers to conduct high-value transactions while evading traditional fraud-detection measures.”

It is not that banks have been unaware of this growing threat. Since online banking was first introduced in 1994, cyber criminals have looked for various ways to attack them. By 2003, around 20 distinct banking Trojans have existed including simple keylogging Trojans and phishing, said the report.

In response, the banks bolstered their security and fraud detection capabilities.

The problem is, the cyber criminals started adapting, until most security systems and measures were neutralised.

Tan calls these cyber criminals a specialised hacking community that is no longer searching for notoriety and fame, but is in it for the money.

“Hackers now are less noisy than five years ago, but just because there is less noise right now, it does not mean that they are not there. Trojans now stay in your computer as quiet and as long as possible to steal as much money as possible,” Tan cautions.

As mentioned, an attack technique increasingly used is called “man-in-the-browser” which basically involves an application hooking into the browser and manipulating data before it is displayed.

Sophisticated thievery

The report explains, the users will not be able to detect any malicious activity but the Trojan will intercept their transactions and inject a form in the browser requesting sensitive information. Once the user submits the requested personal information, it steals the data for future thievery.

The more sophisticated Trojans can automatically execute transactions in the background, the report highlighted.

What makes it difficult to notice with the naked eye, says Tan, is that “the domain is legitimate and the security page is accurate. It is your computer that is affected, so it can steal your personal data or attack your bank.”

One thing that makes it difficult to clamp down on the attackers behind these Trojans is that it is not easy to pin the crime on them.

“Just writing malware is not an offence. It is hard to pin it as a crime, as long as the writer does not go out and sell it,” Tan points out.


It also does not help that they are reportedly organised underground groups who are not only experts at scripting and automating attacks, but are also knowledgeable about the sophisticated global financial industry and supported by a service industry of widely available malware.

It is akin to organised crime, he opines.

As the report puts it, “The financial fraud marketplace is also increasingly organised. It is a service industry where a wide variety of financial Trojans, webinjects, and distribution channels are bought and sold. Services being offered are dedicated to each aspect of a financial fraud campaign. These offerings will improve effectiveness of established techniques.”

The Top Three of the “Most Wanted” malware list in 2012 were the Zeus Trojan, also known as Zbot (+ Gameover), having compromised more than 400,000 computers worldwide; followed by Cridex at more than 250,000 computers compromised and Spyeye at more than 50,000.

Symantec also points to third-party remote webinjects which can circumvent security countermeasures, targeting a large number of financial companies “concurrently and intelligently” as posing a threat to financial companies.

According to the report, it is not only the main financial organisations like commercial banks that are high on the list of targets, but also organisations that perform online financial transactions such as automated clearing house payments systems and payroll systems.

It is thus crucial for the “good guys” to be alert all the time. They can't slip up and must put in place adequate security mechanisms and take strong measures to deter attackers from targeting these institutions, Tan urges.

Ultimately, users cannot leave the responsibility for security solely to the institutions, he warns.

“End-users need to raise their awareness of the threats out there as at the end of the day, the criminal will go through the end-user to attack the financial institutions.”

The best measure, he stresses, is not to get infected in the first place, so installing a good anti-malware programme on your personal devices is crucial.

As he puts it, anti-malware solutions can stop the malware, even if you were already infected, shares Tan.

“The scanning will pick it up and delete it off your system.”

Tan also emphasises ongoing education in security, as the threats are constantly evolving.

“There will not be a point where you can say this is it. This is what everyone should do. End-users need to keep abreast with what security measures there are.”

Good practice needs to be adopted such as reading the message box or running an anti-virus before downloading anything from a website.

“Most of the time when people get a pop-up to say that you have a malware, they just cancel it or click it close, or when it says your computer is infected, they just ignore it.”

Significantly, Tan says this is not a call to say that Internet banking is bad.

“Quite the contrary. Internet banking has a lot of benefits.

“But as we embrace any new technology or media, we just have to be aware of what the threats are on the Internet. As long as we take adequate protection, we will be safe.”

By HARIATI AZIZAN sunday@thestar.com.my

Rightways