Image provided by: University of Oregon Libraries; Eugene, OR
About Vernonia's voice. (Vernonia, OR) 2007-current | View Entire Issue (May 10, 2011)
community Intruder Alert: By Burt Tschache The following alert was issued by the FBI on April 26, 2011. This not only affects the business community, but consumers as well, as these malware intrusions are becoming more flagrant by the day. I recently read another article that China has a very weak cyber defense, and that is why they go on the offensive so often. The fact remains that there is a war going on in cyberspace, and the only way to stop it is by having strong security in the MAC & PC world or by switching over to Linux, a highly secure operating system that seems bulletproof so far. The Alert The FBI has observed a trend in which cyber criminals — using the compromised online banking credentials of U.S. businesses — sent unauthorized wire transfers to Chinese economic and trade companies located near the Russian border. Between March 2010 and April 2011, the FBI identified twenty incidents in which the online banking credentials of small-to-medium sized U.S. businesses were compromised and used to initiate wire transfers to Chinese economic and trade companies. As of April 2011, the total attempted fraud amounts to approximately $20 million; the actual victim losses are $11 million. In a typical scenario, the computer of a person within a company who can initiate funds transfers on behalf of the U.S. business is compromised by either a phishing e-mail or by visiting a malicious Web site. The malware harvests the user’s corporate online banking credentials. When the authorized user attempts to log in to the user’s bank Web site, the user is typically redirected to another Web page stating the bank Web site is under maintenance or is unable to access the accounts. While the user is experiencing logon may10 2011 9 Fraud Alert Involving Unauthorized Wire Transfers to China issues, malicious actors initiate the unauthorized transfers to commercial accounts held at intermediary banks typically located in New York. Account funds are then transferred to the Chinese economic and trade company bank account. Victims Like most account takeover fraud, the victims tend to be small-to- medium sized businesses and public institutions that have accounts at local community banks and credit unions, some of which use third-party service providers for online banking services. Recipients The intended recipients of the international wire transfers are economic and trade companies located in the Heilongjiang province in the People’s Republic of China. The companies are registered in port cities that are located near the Russia-China border. The FBI has identified multiple companies that were used for more than one unauthorized wire transfer. However, in these cases the transfers were a few days apart and never used again. Generally, the malicious actors use different companies to receive the transfers. The companies used for this fraud include the name of a Chinese port city in their official name. These cities include: Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning. The official name of the companies also include the words “economic and trade,” “trade,” and “LTD.” The economic and trade companies appear to be registered as legitimate businesses and typically hold bank accounts with the Agricultural Bank of China, the Industrial and Commercial Bank of China, and the Bank of China. At this time, it is unknown who is behind these unauthorized transfers, if the Chinese accounts were the final transfer destination or if the funds were transferred elsewhere, or why the legitimate companies received the unauthorized funds. Money transfers to companies that contain these described characteristics should be closely scrutinized. Unauthorized Wire Transfers The unauthorized wire transfers range from $50,000 to $985,000. In most cases, they tend to be above $900,000, but the malicious actors have been more successful in receiving the funds when the unauthorized wire transfers were under $500,000. When the transfers went through successfully, the money was immediately withdrawn from or transferred out of the recipients’ accounts. In addition to the large wire transfers, the malicious actors also sent domestic ACH and wire transfers to money mules in the United States within minutes of conducting the overseas transfers. The domestic wire transfers range from $200 to $200,000. The intended recipients are money mules, individuals who the victim company has done business with in the past, and in one instance, a utility company located in another U.S. state. The additional ACH transfers initiated using compromised accounts range from $222,500 to $1,275,000. Malware The type of malware has not been determined in every case but some of the cases involve ZeuS, Backdoor.bot, and Spybot. In addition, one victim reported that the hard drive of the compromised computer that was infected was erased remotely before the IT department could investigate. • ZeuS — malware that has the capability to steal multifactor authentication tokens, allowing the criminal(s) to log in to victims’ bank accounts with the user name, password, and token ID. This can occur during a legitimate user log-in session. • Backdoor.bot — malware that has worm, downloader, keylogger, and spy ability. The malware allows for the criminal(s) to access the infected computer remotely and further infect computers by downloading additional threats from a remote server. • Spybot — an IRC backdoor Trojan which runs in the background as a service process and allows unauthorized remote access to the victim computer. Recommendation to Financial Institutions • Banks should notify their business customers of any suspicious wire activity going to the following Chinese cities: Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning. • Wire activity destined for the Chinese cities of Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning should be heavily scrutinized, especially for clients that have no prior transaction history with companies in the Heilongjiang province. For recommendations on how businesses can protect, detect, and respond to corporate account takeovers such as this, please refer to the “Fraud Advisory for Businesses: Corporate Account Take Over” available at http:// www.fsisac.com/files/public/db/p265. pdf. Incident Reporting The FBI encourages victims of cyber crime to contact their local FBI field office, http://www.fbi.gov/contact/ fo/fo.htm, or file a complaint online at www.IC3.gov. Be Safe Out There . . . Burt Tschache is the owner of B&B Computing in Vernonia. He can be reached at bnb998@msn.com or 503- 429-0817. “Joy for Jaden” Talent Show Raises $587 The Talent Show on April 23, hosted by the VHS Leadership Class raised $587 for their “Joy for Jaden” campaign. Over all the campaign has raised close to $3,000 and the class is well over their goal of raising $1500 to send Jaden Kreiger and his whole family to Great Wolf Lodge with all expenses paid. Jaden is a nine year old boy from Banks who is battling brain cancer. The campaign has included the sale of bracelets, a Spaghetti Feed and the Talent Show. Left: Quin Johansen, Dylan Taylor, Jesse Edgar and Mackenzie Brown performed as “Mac and Cheese Right: Jaden Kreiger with VHS Leadership student Crystal Ann Carreon. We saddle shoe. Do you? Muffy’s 950 Bridge Street Vernonia, O8 97064 503.429.5050 or 866.524.5050 www.muffys.com World Headquarters Vernonia, Oregon Treat other people how you want to be treated. Easier said than done. Lee Anne Krause www.funfancyfood.com 503-816-9810 WELLER & SON’S STEVE HM: 503-429-3400 CELL: 503-313-9006 SELF LOADER LONG LOGGER CUSTOM LOGGING DENNIS HM: 503-429-2810 CELL: 503-313-9044 1264 G ST. VERNONIA, OR 97064 O.P.L. CERTIFIED O.P.L.H. CERTIFIED ROAD BUILDNIG LAND CLEARING EXCAVATION Grey Dawn Gallery 879 Bridge St. (503) 429-2787 Photography - Bronze Jewelry - Glasswork Pottery - Custom Framing www.greydawngallery.com Featuring the finest in northwest art
