Five cuffed for stealing 2M euros via e-banking hacks
Posted on 25 March 2013.
Five people were arrested last week when the Slovenian police conducted a series of house searches following an investigation into an gang that was emptying business bank accounts with the help of malware.

According to the Slovenian national Computer Emergency Response Team (SI-CERT), it all started last year, when several small companies notified the CERT and the police about their unexplained losses.

The investigation revealed that the companies' accounting personnel were targeted with emails pretending to come from a bank or tax authority, warning about a late payment or a bogus change in laws that would affect the companies.

The targets would open the attached file, which turned out to be a remote administration tool, and install it on their computer. Through it the criminals had access to the system, and could easily harvest critical information such as e-banking credentials.

The criminals would take advantage of the moments when victims would forget to remove the smart card containing the bank-issued certificate from the reader, and would access the accounts and transfer money to other accounts opened by the 25 money mules they recruited through work-at-home schemes.

They cleverly timed their attacks to coincide with Fridays and just before a national holiday, so that the firms and the banks wouldn't immediately notice the theft.

All in all, they gang managed to set up transfers of some 2 million euros, but luckily a lot of the transactions were stopped by the The Office for Money Laundering Prevention.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th