Banks are under Attack.. Beware

Posted on December 16, 2012 by Vijayashankar Na

Security specialists have put out a grave warning about a massive Cyber attack planned against 30 major US Banks. RSA recently announced that a gang of Criminals had developed a sophisticated Trojan under a project idenitified as “Project Blitzkreig” which has been successfully tested.Security firm McAfee has warned that the full fledged attack is imminent in the coming days.

Though the present threat advisory is for US Banks, it includes CitiBank, E Bay and PayPal which has operations in India. Also the technology can reasonably be expected to be used to attack the Indian Banks since Indian Banking security is weaker compared to the US Banks and the Cyber Crime knowledge, technology and tools spread fast across the globe.

The scheme appears to involve logging in to the banks from Computers which are cloned to represent the home computers of the customers so that inconvenient security questions can be avoided.

It also uses the familiar method of circumventing the daily transfer/individual transaction limits by using many “Mules” as is normally done in phishing cases.

Indian Banks in the recent days have tried to increase the transaction limits without hardening their security. Hence the risks to Indian Customers are higher. There is also a tendency in Indian Banks to fight with its customers in cases of such frauds and drag them to Courts if they seek remedy. The Government of India which has kept the Cyber Appellate Tribunal closed for the last 2 years is indirectly acting to discourage the Banks from seeking legal remedy. Though RBI has been providing necessary guidance to Banks to secure the customer interests and to absorb Cyber Fraud liability through insurance, Banks are ignoring the RBI’s mandate.

We hope RBI and GOI will take note of this new threat and try to implement remedial measures at the earliest.

Related Article: cnn.com :: Computerworld

Posted in Bank, Information Assurance | Tagged , , , | 1 Comment

Virtual Key Board unsafe under IE

Posted on December 13, 2012 by Vijayashankar Na

Dec 13: A vulnerability in Internet Explorer is said to make it possible for a hacker to track the mouse cursor movements on the screen. This would make the “Virtual key board” system used by some Banks for password entry useless. At present the vulnerability is identified for IE and many would use other browsers. However some sites  are compatible only with IE and force users to use IE. In such cases vicarious liabilities may attach on the site for inadequate security. Related Article

Posted in Bank, Information Assurance | Tagged , , , , | Leave a comment

FIR Filed Against Airtel CMD

Posted on December 13, 2012 by Vijayashankar Na

Dec 12: Naavi has long been complaining that Airtel is practicing unethical practices for over charging its customers including placement of fraudulent transactions in the customer’s mobile and data usage accounts which amount to offences under ITA 2008. It is therefore no surprise to learn that an FIR has been filed against Airtel for extortion and threatening of one of the clients in Bangalore who has been allegedly wrongly billed for Rs 50000/-. Report

 

PLEASE NOTE:

This website has been in existence since 1998.  

Older posts before the site switched to word press are available through the link at the top and here below.

OLD POSTS

Posted in TELCO | Tagged , , | 1 Comment

Suspected Fraud-Make My Trip Credit Card offer

Posted on December 13, 2012 by Vijayashankar Na

Dec 8: Today I received a telephone call from 040-40502373 in the name of Make My Trip with an offer for a special HSBC Platinum credit card with two free air tickets. The offer was too good to be rejected. However when the caller wanted to know my Date of Birth and PAN Card number before proceeding further, it appeared that this was a suspected Identity stealing attempt. I am trying to get more details and a confirmation. In the meantime in order to keep public informed, I am posting this information here. I request public not to reveal sensitive personal information such as the DOB and PAN Card number to unknown persons as it may be involving a identity theft risk.

Posted in Cyber Crime | Tagged | 2 Comments

How the OTP system for Bank transactions is bypassed

Posted on December 13, 2012 by Vijayashankar Na

Dec 7: The commercial banks in India have banked heavily on the two factor system where the OTP sent through a mobile is used to authenticate the password based access. Some Banks like SBI and ICICI Bank even tried to convince the RBI that this two factor authentication should be given a legal sanction. Now this case study explains how the new variants of Zeus Virus is used to defeat the two factor authentication with the use of a mobile.  Named as “Eurograbber” this virus is reported to have been used for defrauding over 30000 bank customers across EU to the tune of around 36 million Euros. This also represents the risk that Indian Banks are facing. It is anybody’s guess if the Indian Banking system can survive such an attack. If such a damage occurs, Indian economy will be in shambles not withstanding any of the other efforts of the GOI.  Case Study

Posted in Bank, Information Assurance | Tagged , , , , | 1 Comment

PWC Survey on Security preparedness

Posted on December 13, 2012 by Vijayashankar Na

Dec7: PWC has released the findings of its “The State of Information Security survey-2013” indicating that there is an increasing interest and budget allocations for Information security in the Indian companies. Report

Posted in Information Assurance | Tagged , | Leave a comment