Thursday, November 06, 2008

Has the Russian Mafia Stolen Over 500,000 Bank and Credit Card Accounts?

Researchers at RSA's FraudAction Research Lab discovered one of the largest stolen data caches ever. Over the last 30 months a trojan virus, known as Sinowal, Torpig and Mebroot by various anti-virus companies, has stolen 270,000 online banking account credentials and 240,000 credit and debit account numbers. The virus is so sophisticated that it changes constantly to avoid detection by anti-virus programs, in fact, a test of the most recent virus showed that only 10 out of 35 security applications were able to detect it.

Sinowal works by hiding in the Master Boot Record of computers waiting till its victims visit one of 2700 bank and e-commerce sites where it displays new fields in to the existing website to capture personal and private information such as Social Security numbers, account numbers and passwords.

At this point it is not apparent who is behind the attacks but there is some interesting, if not revealing, evidence that suggests the Russian Mafia may be behind this crime.

Sinowal was tied to the Russian Business Network in its early days. The Russian Business Network was a hosting company in St. Petersburg, Russia that was disbanded last year after media pressure due to thier cyber-crime friendly policies and clients. With 500,000 stolen identities and accounts from at least 27 countries it is interesting that none were from Russia. Additionally, one of the Sinowal web servers also contained a spoof of the U.S. Marshals Web Site with bogus wanted posters for famous Russian people such as Mikhail Gorbachev, Leonid Brezhnev, Joseph Stalin, Vladimir Lenin and Vladimir Putin. What's more interesting is that these names were also the user names for gang members that logged in to this illegal web server.

Is all this proof? No, but that will be difficult to obtain. It does lead to a high level of suspicion though. Identity Theft Labs has stated previously that we fully expect large criminal organizations to become involved in identity theft, if they haven't already, because it is profitable and low risk. The Russian Mafia has already taken their operations in the U.S. in to other non-traditional income streams such as insurance fraud and personal injury lawsuits. Can identity theft really be far behind or have they already entered this criminal market? It may not be proven but the odds say that they have already hatched their master plan.

Thanks to Identity Theft Labs

No comments:

Post a Comment