Emerging Identity Theft Ring
Introduction
A major identity theft ring has been discovered that has affected over 50 banks. The operation, which is being investigated by the FBI, is gathering personal data from "thousands of machines" using keystroke-logging software. The data collected includes credit card details, Social Security numbers, usernames, passwords, instant-messaging chat sessions and search terms. Some of that data is then saved in a file hosted on a U.S.-based server that has an offshore-registered domain.

Security Awareness
In the past, attackers have relied mainly on e-mail messages that lure victims to malicious Web sites, where they are tricked into disclosing usernames and passwords for banking sites and other sensitive online accounts. With the increase in Information Technology, it is now possible for attackers to obtain this information and more without luring you anywhere. With Keylogger software programs, obtaining your confidential information is as simple as visiting a well known website such as Google, Yahoo, Ask Jeeves, or CNN. The keylogger programs are built specifically to capture login names and passwords for online bank accounts and to send them to the attackers.

Users of Windows XP who have not installed Service Pack 2 are particularly vulnerable, as the code could be automatically downloaded without the user's knowledge. If you have an unpatched Windows machine, when you go to the URL it will automatically download everything from the Web site, including the Trojan. All you have to do is type in the URL of the infected website and your confidential information is susceptible.

The Trojan is a new variant, so antivirus and anti-spyware vendors do not yet block it. The activity could be the latest attempt by a criminal gang to use spyware for financial gain. In March of this year, Britain's National Hi-Tech Crime Unit foiled an attempt to steal about $390 million from the Japanese bank Sumitomo Mitsui. In that case, keyloggers were used to relay passwords and access information to the criminals who intended to transfer the funds electronically. A man in Israel was arrested after allegedly trying to transfer $25 million of the funds.

According to Websense Enterprise, the attackers typically exploit vulnerabilities in Microsoft's Internet Explorer browser program. Each week in February and March 2005, Websense uncovered as many as 10 new keylogger variants and more than 100 new Web sites set up to infect computers with them. That is up from November and December 2004 when the average per week was 1 to 2 new variants and at most 15 new sites per week.

Some of the victims to Phishing attacks with the Keylogger software are:
  1. Amazon.com
  2. AT&T
  3. Bank One
  4. Citibank
  5. FDIC
  6. First USA
  7. MBNA
  8. MSN
  9. CNN
  10. Suntrust


  1. Washington Mutual
  2. US Bank
  3. Verizon
  4. Wells Fargo Bank
  5. Westpac Bank
  6. Microsoft
  7. Barclays
  8. AOL
  9. Citizens Bank
  10. and many more!


Defense In-depth
Websense Enterprise protects organizations and employees who use the internet from a growing number of threats with daily updates. In addition to improving employee productivity, enhancing security, reducing legal liability, and optimizing the use of IT resources; but Websense complies with all three principal parts of the GLBA. By using Websense Enterprise software and services, financial institutions can protect the confidential information of the company and their customers. Websense is capable of restricting network access from unauthorized programs and protecting the security of customer records and customers' nonpublic information.

Conclusion
Not only are attemps at stealing confidential information a problem for the institution that falls prey to the attack, but more so for the hundreds and thousands of customers each institution has. Any and all of the customer's financial and personal information can be released into the wrong hands at anytime without the proper internet threat protection installed such as Websense Enterprise. Many of us believe that our software program is working properly because nothing devastating has happened. Not yet anyway! The majority of antivirus and / or spyware software programs are only 60% effective; leaving more than enough opportunity for an attacker to get in and obtain valuable information. Utilizing Websense Web Security Suite for protection against advanced internet threats, your institution will be protected from phishing exploits targeting your website and / or your brand.

Brand Watcher and Site Watcher are key components to the Websense Security Suite and to you and your institution's security!

  1. Brand Watcher alerts Websense customers if their institution's website or brand has been targeted in a phishing or malicious keylogging code attack. When Websense Security Labs identifies that a customer's website or brand has been targeted, attack details are sent to the customer.

  2. Site Watcher alerts customers when thier institution's website has been infected with mobile malicious code (MMC). This service allows financial institutions to take immediate measures to prevent the spread of MMC to customers, prospects, and partners visiting the site.

    The attacks prevented by Brand Watcher and Site Watcher are then brougt to the attention of all Websense Enterprise users by the next day. This is done with Websense Enterprise's "Real Time Security Updates"; which updates the database of each Websense user every 24 hours based off the internet activity within each organization world-wide.

New technology will undoubtedly arise and allow a hacker to create a successful method to obtain confidential information; but within 24 hours of implementation, the attack is documented, recorded, and blocked from every Websense Enterprise user. The potential threats of not knowing what is on your machine or who is accessing your information can be eliminated. Websense's Brand Watcher protected EDS Credit Union from being exploited in a recent attempted phishing attack; saving time, money, and reputation.

For more information on Protecting your institution with the benefits of Websense Enterprise and how Covetrix can provide you with the software, check out http://www.covetrix.com/websense_enterprise.html.