RSA Europe: The career paths of a successful online fraudster
Bored of traditional information technology? Maybe it’s time to join the dark side – become an online fraudster…
At RSA Europe it was revealed how easy it was to make a career out of online fraud, with Fraud as a Service' making it possible for even the most technologically inept.
Head of new technology for RSA Europe Uri Rivner revealed some of the ways that computer users started on a career in online fraud.
Potential criminals first had to choose what type of online fraudster that they wanted to be - a harvesting fraudster' whose job was to collect credentials such as credit card data and directly worked with victims, or a cash-out' fraudster, who made money out of the data.
Rivner said that the career paths had to be separate because cash-out fraudsters needed an operation to monetise the data for the black market. With online baking fraud, they would also need to have created bank accounts for which to transfer the victim's money to.
He said: "You need to recruit some collaborators who will have a bank account, collect the funds and send it down the supply chain."
He also revealed how easy it was to buy trojan toolkits and use them, picking out the example of the easy to use Limbo' Trojan, which he said was possible to buy for $350 and was aimed at beginners.
He showed how he used Limbo to collect details from a dummy internet banking website simply by clicking running the program which changed the login page by adding two new fields to plug in ATM numbers and PIN.
He said: From a consumer's viewpoint, you look at the URL which is one from the bank. You check the session certificate which matches as well the actual SSL. Limbo is overriding the session and superimposing itself on the HTML."
"The average user getting this will not have any telling signs that anything is wrong," he added.
He said it wasn't even necessary for fraudsters to update the trojan, because by signing up for Fraud as a Service' it could update the trojan technology for you. He said you can buy for $299 a state of the art latest version of the trojan, already installed in bulletproof hosting, that would be live for years.
Rivner said: "It is already updated automatically with all of the latest anti anti-virus patches. It has a command a control centre. It is also already hooked into an infection service.
"This means that as soon as you subscribe to the service, you can sit back, relax and start seeing computers being infected and credentials that are being collected."
For more coverage and photos from the RSA show, click here.
The state of Salesforce: Future of business
Three articles that look forward into the changing state of Salesforce and the future of businessFree Download
The mighty struggle to migrate SAP to the cloud may be over
A simplified and unified approach to delivering Enterprise Transformation in the cloudFree Download
The business value of the transformative mainframe
Modernising on the mainframeFree Download
The Total Economic Impact™ Of IBM FlashSystem
Cost savings and business benefits enabled by FlashSystemFree Download