China bank fraud alert
The FBI sent out a warning last week about a new wave of cybercrime emanating from China after computer thieves stole $11 million from U.S. businesses.
“The FBI has observed a trend in which cybercriminals — using the compromised online banking credentials of U.S. businesses — sent unauthorized wire transfers to Chinese economic and trade companies located near the Russian border,” the notice stated.
The alert, dated April 26, was first reported by the security website Dark Reading.
Computer security specialist Jeffrey Carr said the cyberfraud is “an entirely new tactic of using Chinese companies as an endpoint in ripping off U.S. businesses.”
“Wire transfers directly made to Chinese companies by an attacker is an unusually aggressive tactic and probably shouldn’t be taken at face value,” he said.
The FBI said that since March 2010 the bureau had uncovered 20 cases involving the compromise of online banking credentials of small-to medium-sized U.S. businesses.
The credentials were used by criminals for wire transfers of money to Chinese companies. The companies were not identified by name, but most Chinese companies are wholly or partly state-owned.
“As of April 2011, the total attempted fraud amounts to approximately $20 million; the actual victim losses are $11 million,” the alert stated.
The FBI notice is unusually detailed and indicates that Chinese hackers, many of whom have been linked to Chinese government entities, are engaged in cybercrime, in addition to widespread intelligence gathering and theft of data by computer.
The Chinese bank fraud was done by either “phishing” — obtaining confidential passwords by deceit — or through prompting employees of a targeted company to visit a malicious website that then infects their computers and takes them over remotely. In one case, a target computer hard drive was erased by hackers to stymie investigators, the FBI said.
The malware collected the user’s bank transfer data, which then is used to make unauthorized transfers of funds to intermediary banks in New York and, finally, to “the Chinese economic and trade company bank account.”
“The intended recipients of the international wire transfers are economic and trade companies located in the Heilongjiang province in the People´s Republic of China,” the notice said.
The companies appear to be official provincial government firms that use official names of Chinese port cities. The cities include Raohe, Fuyuan, Jixi City, Xunke, Tongjiang and Dongning, and the company names include “economic and trade,” “trade” and “LTD.”
The malicious software involved Zeus, Backdoor.bot and Spybot, which secretly steal passwords and bank transfer codes.
The FBI warned banks to notify customers about the Northeast China bank fraud in the designated cities and to closely monitor fund transfers there. The bureau said it could not identify the hackers and did not know whether the Chinese companies were the final deposit point for the stolen funds.
Brig. Gen. Roger Teague, the Air Force’s space-based infrared systems director, said the launch is “the dawn of a new era in persistent overhead surveillance.”
The maneuverable, $1.2 billion satellite is the first of four new high-tech sensors. It will conduct orbit tests and six engine firings before reaching geosynchronous orbit 26,199 miles above Earth.
Its mission from launch until it is fully operational in October 2012 will be to watch for missile launches around the world. It also is part of U.S. missile-defense systems and will provide what the military calls “technical intelligence and battle-space awareness” around the world.
“The SBIRS system will remain the gold standard for missile warning,” Gen. Teague said in a conference call with re- satellites.
“We can see much more, much earlier, much sooner [. . . ] many dimmer targets than we ever could before,” he said, declining to elaborate because of concerns about classified information.
The new satellite also will provide new power for spying on battlefields and on the technical specifications of foreign missiles and other heat-producing systems, he said.
“It’s how fast can I process information that the sensor is detecting, and how quickly can I disseminate that information to battlefield commanders? That’s the real power of this system and the capabilities that we’ll have,” Gen. Teague said.
Manufactured by Bethesda, Md.-based Lockheed Martin, GEO-1 uses sophisticated scan-
Always watching: Air Force Brig. Gen. Roger Teague says the May launch of the first GEO-1 SpaceBased Infrared System satellite is “the dawn of a new era in persistent overhead sur veillance.”