Join the Community

22,088
Expert opinions
44,070
Total members
384
New members (last 30 days)
175
New opinions (last 30 days)
28,703
Total comments

October Surprise

  0 4 comments

I just came back from RSA Conference Europe, which – as always – is an amazing time of the year. One particular perk of this event was the public display of the Engima machine, believed by the German forces of Second World War to be impenetrable, and the story of Alan Turing who broke its codes.

The intelligence gathered following the breaking of the Enigma encryption was called ULTRA and was one of Britain's greatest secrets. If you can monitor communications which the other side believes are completely secure, you should have a dramatic advantage.

One perfect example for this is the recent FBI operation in DarkMarket, a renowned fraud forum. For years the FBI monitored operations on the forum and the result was the arrest of 56 online fraudsters. This strikes fear, uncertainty and doubt among the thousands of remaining online criminals.

And today, another startling discovery was revealed.

In their Speaking of Security blog, the RSA FraudAction Research Lab shared findings based on its tracking and research of what many would dub as the 'mother of all Trojans' in recent years.

Called Sinowal, and known also as Torpig and Mebroot, this particularly nasty Trojan is more than just a piece of crimeware. Like the Enigma, which was more than just an encryption device, it was a complete operational framework: highly resilient, highly scalable, and extremely stealthy. Like the Enigma machine, it had several versions, each better than its predecessor.

The numbers behind Sinowal are nothing short of staggering.

The report says that Sinowal is triggered by 2,700 distinct websites globally, among them hundreds of financial institutions. This means that as soon as you enter such as website, the Sinowal Trojan hidden in your PC starts recording the session and submitting it to the Trojan operators.

In the past three years it collected roughly 300,000 online banking accounts and a similar number of credit and debit cards. The RSA FraudAction Research Lab says it shared the findings with law enforcement agencies.

300,000 compromised accounts. Just to give you some perspective on how much big this number is, consider the fact that the average fraud per compromised account is over 2,000 pounds. Do the math.

It seems like the online fraud underground has had a rough month. The Americans call it October Surprise. 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,088
Expert opinions
44,070
Total members
384
New members (last 30 days)
175
New opinions (last 30 days)
28,703
Total comments

Trending

Kyrylo Reitor

Kyrylo Reitor Chief Marketing Officer at International Fintech Business

How to avoid potential risks when working with correspondent accounts

Kathiravan Rajendran

Kathiravan Rajendran Associate Director of Marketing Operations at Macro Global

Is a Seamless Cross-Border Payment Future Possible?

Now Hiring