Online Theft in Calif. a Step-up in ZeuS Trojan

Jay Decenella, IT audit expert
July 26, 2011 /

A financial institution blamed for the $465,000 loss in an online theft which hit a California real estate company, Village View Escrow, last year is facing charges over its “negligence.”

Village View has filed a suit against Professional Business Bank of Pasadena, California, on grounds that its former financial institution neglected the terms of its own online banking contract.

“Prior to entering into a banking relationship and contract with Professional Business Bank, Village View Escrow was not informed of any unsafe and unsound business practices employed by the bank,” the complaint stated.

The online theft began to hit the Redondo Beach, California-based firm in March 2010 when cyber thieves penetrated the firm’s computers and bank accounts, and made 26 consecutive wire transfers to 20 individuals around the world.

According to security expert Brian Krebs, Professional Business Bank had been allegedly depending on third-party service provider NetTeller, “which allowed commercial customers to authenticate to the bank’s site with little more than a username and password.”

Under Village View’s contract with Professional Bank, electronic transfers would only be allowed under the authority of two Village View employees, and after a confirmation call from Village View phone numbers.

“The attack on Village View demonstrates the sophistication of malicious software like the ZeuS Trojan. The thieves disguised a banking Trojan as a UPS shipping receipt, and the company’s owner acknowledged opening the attachment and forwarding it to another employee who also viewed the malware-laced file. Once inside Village View’s systems, the attackers apparently disabled email notifications from the bank,” Krebs noted.

Krebs said the suit “challenges Professional Bank’s claims that its systems used ‘multi-factor,”’ and ‘state-0f-the-art’ ebanking systems.

The bank allegedly failed to “employ a commercially reasonable security system” and to “accept funds transfers orders in good faith and in compliance with the security procedures selected by Village View Escrow.”

Earlier this month, thousands of dollars from the town of Eliot in Maine have been funneled by a group of cyber thieves in Eastern Europe in an online theft that highlighted the “mismatch” between the firms’ security measures and sophisticated attacks, according to Krebs.

“I had heard from a ‘money mule,’ an individual who was recruited through a work-at-home job scam to help the thieves launder money,” Brian Krebs said in his security blog.

Krebs said the money mule had misgivings about a job he had just completed for his employer, which involved helping to move almost $5,000 from one of his employer’s “clients” to individuals in Ukraine.

In May, the Federal Bureau of Investigation recorded at least $11 million in losses incurred by small-to-medium sized US enterprises from March 2010 to April 2011 in an online theft involving fraudulent wire transfers.

 

Share your opinion