Hackers Steal 63,000 Dollars From Kansas Car Dealership

By Author: Apple Tan
Total Articles: 68
Comment this article

An online bank robbery in which computer crooks stole $63,000 from a Kansas car dealership illustrates the deftness with which cyber thieves are flouting the meager security measures protecting commercial accounts at many banks.
On November 1, 2010, the controller for Abilene, Kan.-based Green Ford Sales, Inc. submitted $51,970 in payroll checks to First Bank Kansas through the bank’s online banking website. The bank’s authentication program sent the company's controller an e-mail to confirm and approve the transaction details, which he did. Unbeknownst to the controller, however, cybercriminals had infected his Windows PC with the infamous Zeus Trojan, a piece of malware engineered to aid cybercriminals in hijacking online banking information.
"Less than an hour after the bookkeeper approved the payroll batch, bank records show, the thieves logged in to Green Ford’s account from the same Internet address normally used by the dealership, using the controller’s correct user name and password," according to the blog Krebs on Security.  
"The attackers cased the joint a bit by checking ...
... the transaction history, account summary and balance before they logged out of the system. They waited until the next day to begin creating their own $63,000 payroll batch, by adding nine new 'employees' to the company’s books," Krebs added.
With total access to the company’s online finances, the crooks were able to siphon $63,000, and even intercept the bank’s confirmation e-mail so the controller had no idea any illicit transaction took place.
Green Ford’s controller never received the confirmation email sent bythe bank to verify the second payroll batch initiated by the fraudsters, because the crooks also had control over the controller’s e-mail account. “They went through and deleted it,” said Green Ford owner, Lease Duckwall. “If they had control over his machine, they’d have certainly had control over his email and the password for that, too.”
Duckwall praises his bank for moving quickly to contact the mules’ banks after being alerted by the company’s controller on November 3, but he said the recovery effort was slowed considerably by the responses from many of the mules’ banks.
“The really frustrating thing was we got on phone with our bank and they immediately contacted all of the other banks, and most of them in turn fax or email you a form that you have to fill out, sign and send back,” Duckwall said. “It’s just really frustrating how long it takes to try to stop something like that. It was kind of a large disruption in our operation.”
Duckwall said First Bank Kansas managed to recover all but $22,000 of the stolen funds, and that the company and bank have made several security adjustments since the incident. However, Krebs said that as long as PC viruses exist, online banking sessions will continue to be high-priced targets for cybercriminals.
“If a bank’s system of authenticating a transaction depends solely on the customer’s PC being infection-free, then that system is trivially vulnerable to compromise in the face of today’s more stealthy banking Trojans,” Krebs wrote in one of his blog post.
One such advanced method of theft is known as “session riding,” in which crooks use malware, including the recently discovered "OddJob",  to intercept a bank’s authentication ID and gain complete access to customers’ online banking sessions after the customer has logged out.
This incident highlights the need for better security systems in both the business and their bank – as security experts cite online banking transactions as one of the favorite targets of cyber-criminals. Cyber-attacks, such as this one, exploit weaknesses in many existing systems that rely on very simple and automated authentication procedures to confirm transactions.
This incident highlights the need for better security systems in both the business and their bank. The frequency of cyber crime is only going to increase if organizations and financial institutions fail to pay attention to the vulnerabilities of their network security. They need to implement robust internet security initiatives, including hiring highly trained information security experts to avoid cyber crimes and security breaches.
IT security professionals can increase their information security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.

About EC-Council

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). 
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced IT security trainings for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing, malware analysis, advanced social engineering, cryptography, digital mobile forensics training, and web application security, among others information security training.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).