Community
I just came back from RSA Conference Europe, which – as always – is an amazing time of the year. One particular perk of this event was the public display of the Engima machine, believed by the German forces of Second World War to be impenetrable, and the story of Alan Turing who broke its codes.
The intelligence gathered following the breaking of the Enigma encryption was called ULTRA and was one of Britain's greatest secrets. If you can monitor communications which the other side believes are completely secure, you should have a dramatic advantage.
One perfect example for this is the recent FBI operation in DarkMarket, a renowned fraud forum. For years the FBI monitored operations on the forum and the result was the arrest of 56 online fraudsters. This strikes fear, uncertainty and doubt among the thousands of remaining online criminals.
And today, another startling discovery was revealed.
In their Speaking of Security blog, the RSA FraudAction Research Lab shared findings based on its tracking and research of what many would dub as the 'mother of all Trojans' in recent years.
Called Sinowal, and known also as Torpig and Mebroot, this particularly nasty Trojan is more than just a piece of crimeware. Like the Enigma, which was more than just an encryption device, it was a complete operational framework: highly resilient, highly scalable, and extremely stealthy. Like the Enigma machine, it had several versions, each better than its predecessor.
The numbers behind Sinowal are nothing short of staggering.
The report says that Sinowal is triggered by 2,700 distinct websites globally, among them hundreds of financial institutions. This means that as soon as you enter such as website, the Sinowal Trojan hidden in your PC starts recording the session and submitting it to the Trojan operators.
In the past three years it collected roughly 300,000 online banking accounts and a similar number of credit and debit cards. The RSA FraudAction Research Lab says it shared the findings with law enforcement agencies.
300,000 compromised accounts. Just to give you some perspective on how much big this number is, consider the fact that the average fraud per compromised account is over 2,000 pounds. Do the math.
It seems like the online fraud underground has had a rough month. The Americans call it October Surprise.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Alex Kreger Founder & CEO at UXDA
27 November
Kyrylo Reitor Chief Marketing Officer at International Fintech Business
Amr Adawi Co-Founder and Co-CEO at MetaWealth
25 November
Kathiravan Rajendran Associate Director of Marketing Operations at Macro Global
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.