Saturday 21 September 2013

FBI warns of bank-robbing Beta Bot malware that disables antivirus

Security padlock image
The FBI's Internet Crime Complaint Centre (IC3) has warned businesses to be wary of new malware called Beta Bot capable of disabling antivirus programs.
The IC3 issued the warning in a public blog post, confirming that it has seen the malware used to target a variety of organisations.
"The FBI is aware of a new type of malware known as Beta Bot. Cyber criminals use Beta Bot to target financial institutions, e-commerce sites, online payment platforms, and social networking sites to steal sensitive data such as login credentials and financial information. Beta Bot blocks computer users' access to security websites and disables antivirus programs, leaving computers vulnerable to compromise," read the warning.
The intelligence report added that the malware usually looks to trick users into downloading it by masquerading as a legitimate Microsoft Windows message, asking the user to allow the "Windows Command Processor" to modify the user's computer settings.
The FBI's IC3 said it has also seen incidents of the malware spreading via USB sticks and Skype, and that it can steal a variety of data from the infected machine. "If the user complies with the request, the hackers are able to exfiltrate data from the computer. Beta Bot is also spread via USB thumb drives or online via Skype, where it redirects the user to compromised websites," read the post.
On the upisde, the FBI security centre said there are steps victims of the Beta Bot malware can take. "Remediation strategies for Beta Bot infection include running a full system scan with up-to-date antivirus software on the infected computer," read the report.
"If Beta Bot blocks access to security sites, download the latest antivirus updates or a whole new antivirus program onto an uninfected computer, save it to a USB drive and load and run it on the infected computer. It is advisable to subsequently reformat the USB drive to remove any traces of the malware."
Since the IC3 report went live, many security firms have questioned whether the malware is new. Russian security firm Kaspersky reported that Beta Bot was actually discovered at the start of the year and is often thought of as a low-level threat, leaving it unclear why the agency is making such a fuss about it.
"While the FBI refers to Beta Bot as new, the malware surfaced at the beginning of the year as an HTTP bot and later expanded its capabilities that spring," said Kaspersky's blog post.
"Beta Bot was never thought to have been as sophisticated as Trojans designed specifically for bank fraud, so it's unclear if the FBI's warning coincides with a new rash of Beta Bot infections or a new set of technical capabilities for the malware."
Banking-focused malware is an ever-present problem facing the security industry, with criminals creating increasingly sophisticated attacks. Earlier this month Trend Micro researchers detected evolved versions of the notorious Citadel banking Trojan targeting Japanese computer users.

Legally Justifying NSA Surveillance of Americans

Kit Walsh has an interesting blog post where he looks at how existing law can be used to justify the surveillance of Americans.
Just to challenge ourselves, we'll ignore the several statutory provisions and other doctrines that allow for spying without court oversight, such as urgent collection, gathering information not considered protected by the Fourth Amendment, the wartime spying provision, or the president's "inherent authority" for warrantless spying. Let's also ignore the fact that we have general wiretaps ala the Verizon order on phone metadata and Internet traffic that we can fish through in secret. Let's actually try to get this by the FISA Court under 50 U.S.C. §§ 1801-1805 for electronic surveillance or § 1861 for documents and records.

British Police Arrested Mr Big tapping $2 million from Barclays bank

Eight men have been arrested on suspicion of stealing 1.3 million pounds ($2 million) from a Barclays bank branch by tapping into its computers, British police said Friday.
The gang is accused of installing a KVM device, or keyboard video mouse, on the bank's computer system that allowed it to carry out the cyber theft.
The men, aged between 24 and 47, are being questioned about conspiracy to steal and conspiracy to defraud U.K. banks.
Police said cash, jewels and thousands of credit cards have been found in searches at addresses in the greater London area. They said the group operated out of a "control room" in central London that was being searched.
The arrests follow a failed attempt to use similar technology to rob the Santander bank last week. The same police investigators are handling both cases.
Detective Supt. Terry Wilson said one of the arrested men is the "Mr. Big" of British cybercrime.
Police suspect that in both cases a gang member posed as an engineer and installed a KVM on the bank's computers that allowed the suspects, in the Barclays case, to gain information used to siphon money from the bank.
"That would allow them to log the keystrokes and the actual screen, so you could gather passwords and see how people log into their systems," said Graham Cluley, an independent computer security analyst. "Then you could remotely access the computers as if you were sitting in front of it. Effectively, it's like breaking into the bank in the middle of the night."
Still, he said the bank's anti-fraud systems were probably activated by the unusual transactions shortly after the money was taken from Barclays, allowing the bank to recover it quickly.
"Money was technically moved, but no lasting financial damage was done," said Cluley, who believes the same suspects may have been behind the hacks at Barclays and Santander.
A Barclays executive said the bank acted "swiftly to recover funds" after the security breach at its Swiss Cottage branch in north London in April.
"We can confirm that no customers suffered financial loss as a result of this action," said Alex Grant, the bank's managing director of fraud prevention.

The Effects Of The Snowden Leaks Aren't What He Intended

Critics of the NSA's secret surveillance hoped the debate that followed Edward Snowden's leaks would prompt the NSA to rethink the operation. Instead, one of the most noticeable effects so far has been a diversion of resources away from intelligence missions toward assessing damage from the leaks.