Most of the organised hacking rings aiming at bank fraud these days are stealing login credentials and then taking advantage of the relatively recent opportunities provided by online account access, wire transfers and other means for mis-shipping electronic funds.
But a newly discovered Russian group was using networks of compromised personal computers and techniques for hacking into databases to write $9m in counterfeit checks, thought until now to be the purview mainly of old-time loners.SecureWorks researcher Joe Stewart infiltrated the network of machines used by the gang and found records showing that more than 3,000 bad checks had been written on more than 1,000 real accounts since June 2009. The checks were sent to generally unwitting “money mules” recruited from online job sites, who deposited them and wired money to St. Petersburg.
The operation had clearly put significant thought into how to stay below the radar. It also did serious reconnaissance to figure out how to produce credible-looking checks. The masterstroke was identifying and going after companies that have thousands of images of checks in one place in order to copy the format.
Mr Stewart found two such troves that had been used. One was a “lockbox” service that archives pictures of checks for businesses. The other, in an unfortunate bit of irony, was an anti-fraud service for check-cashing companies.
When consumers turn to check cashers, the establishments often take pictures of the client and the check. That way, the same places won’t fall prey to the same counterfeiter twice. But the check images were stored in a database and the hackers evidently used a company’s credentials to get access to them.
“They clearly know how these businesses work on the back end,” said Mr Stewart, who will present his findings at the Black Hat security conference in Las Vegas this week.
