Online Theft Funneled at Least $11 Million from US Firms to China – FBI

Bob Styran, IT audit expert
May 03, 2011 /

At least $11 million in losses incurred by small-to-medium sized US enterprises have been recorded by the Federal Bureau of Investigation (FBI) from March 2010 to April 2011 in an online theft that involved fraudulent wire transfers.

“It is vital for small business owners to understand the risks they face when banking online, and to get a sense of the sophistication of today’s attackers. Unlike consumers — businesses do not have the same protection against fraud that consumers enjoy” according to security researcher Brian Krebs.

According to a fraud alert released by the FBI, Financial Services Information Sharing and Analysis Center (FSIS-AC), and Internet Crime Complaint Center (IC3), there has been a trend in online theft in which cyber criminals would compromise the online banking credentials of US firms and would send unauthorized wire transfers to Chinese economic and trade companies located near the Russia-China border.

The number of cases in which the banking credentials of small-to-medium sized U.S. enterprises totaled twenty as of last month starting March last year. The compromised online banking credentials were “used to initiate wire transfers to Chinese economic and trade companies.”

Approximately $20 million has been targeted by the online theft, but actual losses amounted to only $11 million, the fraud alert noted.

The FBI noted that typically, the cyber criminals would use phishing emails or malicious Web sites to compromise the computer of a person who initiates funds transfers on behalf of a US company.

When cyber criminals would successfully plant a malware onto the computer, the corporate online banking credentials of the user are subsequently harvested.

In other cases, the user, upon trying to log in to the bank’s Web site, is redirected to another Web page that states the Web site is under maintenance or that it is inaccessible for the moment.

During this period, the cyber criminals would initiate unauthorized wire transfers to commercial accounts held usually at New York banks. In turn, the funds are transferred to a Chinese economic and trade company bank account.

The wire transfers range from $50,000 to $985,000.

Usually, the online theft targets businesses and public institutions with local community banks and credit unions or third-party service providers.

The FBI found that recipients of the unauthorized wire transfers are economic and trade companies located in the Heilongjiang province in the People’s Republic of China. These companies are said to be legitimately registered in port cities near the Russian border.

The FBI noted that companies used for this unauthorized wire transfers carry the name of Chinese port cities, including Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning.

These companies hold bank accounts with the Agricultural Bank of China, the Industrial and Commercial Bank of China, and the Bank of China.

Currently, the FBI is unable to determine the individuals behind the online theft.

The investigation agency is yet to find out whether the Chinese accounts were the final transfer destination or if the funds were transferred somewhere else. The FBI will also probe why the legitimate companies in China received the unauthorized wire transfers.

Krebs advises business owners to use Mac or a Live CD approach to avoid becoming victims to these attacks.

“All of the malware used in the attacks to date won’t run on anything but Windows,” Krebs noted.

 

Share your opinion