Phishing and Hacking go 2.0

In this latest extension of phishing, if bringing the mountain (or the phish) to Mohammed isn't working, try waiting for Mohammed to come to the mountain or in this case a person’s banking website. The website has been hacked and a redirect or rewritten links have been added that send the visitor off to pages that request personal information that the phisher uses to gain access to the person's banking and other financial records.

Goldleaf Technologies, a unit of Goldleaf Financial Solutions, Inc. a provider of homepage services for financial institutions had one of its servers May 25^th, 2006. Goldleaf spokesman Scott Meyerhoff said the security breach affected about 150 to 175 bank websites for anywhere from a minute to an hour and a half, although the number actually appears to be slightly over three hundred. He said the breach was the first in the company's history. Earlier in March, 3 Florida banks hosted on ElectroNet and a redirect was hacked into the system. The pages were up for a 1 ½ hours before being detected and brought down. In both cases all money lost seems to be being refunded to customers.

Although Goldleaf and ElectroNet are generally characterizing the incidents as phishing scams there are some differences between a regular phishing scam and this security breach. Phishing normally entails the use of a spoofed or fake email that alleges to be from the bank when they're really from criminals that send emails. The email contains realistic looking URLs that are a really links to malicious web pages. In the both the ElectroNet and Goldleaf examples, the actual bank homepage is what's redirecting you to the malicious site which could only happen if the bank's site has been compromised. This means there has been a security breach at the website or the server hosting it, and this is more significant than just a phishing scam. The bad guys in this case have combined the two techniques to leverage the usefulness of both attacks.

John Quarterman, chief executive of Austin, Texas-based, InternetPerils Inc., which tracks Internet scams explained this new ploy this way. While the latest scam may not reap a lot of money from each bank, crooks can do well in the long term by hacking into a lot of little banks,

"If they do this successfully to a few hundred small banks scattered around the world, they can make enough money to retire and disappear," Quarterman said.

While it is commendable that Goldleaf and ElectroNet responded quickly to these incidents, the cover yourself technique they are employing of only using the word “redirect” instead of admitting there was a breach of security on their servers may not help consumers realize the danger that exist from the possibility of hacking websites and servers.

While private information wasn't stolen directly from the servers the trust relationship was exploited, which is harder for consumers to guard against when they went to the website themselves. Having ISP's and web hosts use language that confuses the issue does not help the consumer understand the nature of the crime and how best to protect themselves. It makes it seem that consumers have nothing to demand of their banks and other financial institutions in terms of the safeguards that they must first put in place on their online presence before the consumer should be willing to do business with any of these institutions and that isn't the case. There is more to be done or we are just seeing the tip of the iceberg in this latest hack and phish ploy.

Sources:

The Tallahassee Democrat March 17,2006

The Tallahassee Democrat March 18,2006

Perilocity:A New Phishing Variation

Techweb News

ZDNet Blogs: George Ou

Created by lsmithlas
Last modified June 01, 2006 03:19 PM