|
| | Identity theft threatens everyone - In Security Let's be careful out there By J Prasanna @ Wednesday, July 09, 2008 12:00 AM
Section - PCs/Software | | | | Identity theft occurs when a victim's username and password is stolen and some one else uses it to login to the system to work as the victim.
Identity theft has also been reported in web based emails where one users email id and password is stolen using key loggers on public computers and some one else starts operating as that person. Login into his email and sending annoying emails, stalk others using that email id.
Many people have lost money when they have tried using net banking. Usually these victims operate their net banking from another city (during travel) or do it from a public terminal. Most public terminals have multiple key loggers and Trojans on them. These intercept the username and password and send it remotely to the crackers. The crackers then transfer the money into multiple accounts and withdrawn the money almost immediately. Some times they may transfer all money into one victim account of and then siphon off the money. The final account to which the money goes will be on an unknown address.
The latest is story where a bank clerk used a key logger and stole almost £72m from the HSBC. He was jailed for nine years. Channa, 25, who worked at the firm's headquarters at London's Canary Wharf, used colleagues' identities to plunder accounts. A court heard Channa sent 90m euros (£71,632,807) to two accounts, within minutes, in April this year.
Sophisticated enterprise
Channa is considered only an insider; there are other people probably involved including criminal network in other countries. The judge who delivered the verdict said “I must assume this was a planned and sophisticated criminal enterprise.' He sent 60m euros (£47,970,227) from a trading account to Morocco. Minutes later he wired 30m euros (£23,984,113) to a branch of Barclays in Manchester.
He was eventually found out after forgetting to leave the account he had raided with a zero balance. Two of Channa's colleagues, whose passwords were used to carry out and approve the transactions, were initially questioned but soon declared innocent. A review of security cameras and other inquiries led officials to Channa. Meanwhile both Barclays and the bank in Casablanca had been contacted, the account frozen and the stolen money returned.
The only reason the crime was detected is because of a review of security cameras, the colleagues whose password Channa used were not there in that terminal. Instead it was Channa who was sitting in that terminal. With the time stamp and transaction time they zeroed in on Channa.
What is very interesting about this case is that the police and bank were swift to act; if they had delayed, the money would have disappeared permanently.
Most banks with net banking facilities use username and password for authentication. If users don’t have updated antivirus and personal firewalls on their system, it is possible that they could be infected with key loggers and Trojans which could intercept username and password and send to the crackers/criminals who could steal the money.
The banks could introduce RSA secure ID tokens where every minute there is a series of numbers which keep changing. These numbers are needed to login apart from username/password. So an attacker needs the token and the number on it to login.
There is also interesting software which can protect users from identity theft attack. Software named ‘Key Scrambler’ is available from www.keyscrambler.com. You can download and install and restart the system. Once on the machine, every keystroke is encrypted into the browser. When used with updated antivirus and personal firewall. It provides complete protection against identity theft to an ordinary user. X
J Prasanna is CEO of AVS Labs | |
|