Date: 2024-06-17 Page is: DBtxt003.php txt00019972
CyberCrime
Big business
A Massive Fraud Operation Stole Millions From Online Bank Accounts The crooks used emulators to mimic the phones of more than 16,000 customers whose mobile bank accounts had been compromised.
Peter Burgess
Image may contain Light Flare Couch Furniture Human Person and Lighting
PHOTOGRAPH: THOMAS TRUTSCHEL/GETTY IMAGES
RESEARCHERS FROM IBM Trusteer say they’ve uncovered a massive fraud operation that used a network of mobile device emulators to drain millions of dollars from online bank accounts in a matter of days. ARS TECHNICA This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast.
The scale of the operation was unlike anything the researchers have seen before. In one case, crooks used about 20 emulators to mimic more than 16,000 phones belonging to customers whose mobile bank accounts had been compromised. In a separate case, a single emulator was able to spoof more than 8,100 devices.
The thieves then entered usernames and passwords into banking apps running on the emulators and initiated fraudulent money orders that siphoned funds out of the compromised accounts. Emulators are used by legitimate developers and researchers to test how apps run on a variety of different mobile devices.
To bypass protections banks use to block such attacks, the crooks used device identifiers corresponding to each compromised account holder and spoofed GPS locations the device was known to use. The device IDs were likely obtained from the holders’ hacked devices, although in some cases, the fraudsters gave the appearance that they were customers who were accessing their accounts from new phones. The attackers were also able to bypass multi-factor authentication by accessing SMS messages.
Automating Fraud
“This mobile fraud operation managed to automate the process of accessing accounts, initiating a transaction, receiving and stealing a second factor (SMS in this case), and in many cases using those codes to complete illicit transactions,” IBM Trusteer researchers Shachar Gritzman and Limor Kessem wrote in a post. “The data sources, scripts, and customized applications the gang created flowed in one automated process which provided speed that allowed them to rob millions of dollars from each victimized bank within a matter of days.”
Each time the crooks successfully drained an account, they would retire the spoofed device that accessed the account and replace it with a new device. The attackers also cycled through devices in the event that they were rejected by a bank’s anti fraud system. Over time, IBM Trusteer saw the operators launch distinct attack legs. After one was over, the attackers would shut down the operation, wipe data traces, and begin a new one.
The researchers believe that bank accounts were compromised using either malware or phishing attacks. The IBM Trusteer report doesn’t explain how the crooks managed to steal SMS messages and device IDs. The banks were located in the US and Europe.
To monitor the progress of operations in real time, the crooks intercepted communications between the spoofed devices and the banks’ application servers. The attackers also used logs and screenshots to track the operation over time. As the operation progressed, the researchers saw the attack techniques evolve as the crooks learned from previous mistakes.
The operation raises the usual security advice about using strong passwords, learning how to spot phishing scams, and keeping devices free of malware. It would be nice if banks provided multi factor authentication through a medium other than SMS, but few financial institutions do. People should review their bank statements at least once a month to look for fraudulent transactions.
TRENDING NOW
- Hacker Breaks Down 26 Hacking Scenes From Movies & TV ...This story originally appeared on Ars Technica.
- 📩 Want the latest on tech, science, and more? Sign up for our newsletters!
- The dark side of Big Tech’s funding for AI research
- How Cyberpunk 2077 sold a promise—and rigged the system
- 8 science books to read (or gift) this winter
- A mission to make virtual parties actually fun
- A nameless hiker and the case the internet can’t crack
- 🎮 WIRED Games: Get the latest tips, reviews, and more
- 📱 Torn between the latest phones? Never fear—check out our iPhone buying guide and favorite Android phones
night sky over mountain SCIENCE Check Out These Awesome Objects in the Night Sky RHETT ALLAIN temperature controlled mug GEAR 22 Gift Ideas for People Working From Home LOURYN STRAMPE
face mask GEAR 25 Face Masks We Actually Like to Wear ADRIENNE SO
Dan Goodin is IT Security Editor at Ars Technica
-----------------------
TOPICS ARS TECHNICA SECURITY HACKS CRIME MORE FROM WIRED russian flag How to Understand the Russia Hack Fallout LILY HAY NEWMAN
J Edgar Hoover Building The US Used the Patriot Act to Justify Logging Website Users LILY HAY NEWMAN
silhouette of person using laptop The NSA Warns That Russia Is Attacking Remote Work Platforms LILY HAY NEWMAN
Illustration of metallic shining Internet symbol chopped in half and barely held together with tape Critical Flaws in Millions of IoT Devices May Never Get Fixed LILY HAY NEWMAN
illustration of nondescript patterned layer being ripped away to reveal motherboard This Notorious Botnet Has an Alarming New Trick ANDY GREENBERG
Solarwinds No One Knows How Deep Russia's Hacking Rampage Goes LILY HAY NEWMAN
women holding iphones A ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range LILY HAY NEWMAN