CBN BRASIL

Wednesday, July 2, 2014

Cybercrime Scheme Aims at Payments in Brazil

SAN FRANCISCO — Security researchers have uncovered what they believe is a significant cybercrime operation in Brazil that took aim at $3.75 billion in transactions by Brazilians.
It is unclear what percentage of the $3.75 billion worth of compromised transactions was actually stolen. But if even half of that value was redirected to criminals, the scope of the swindle would eclipse any other previous electronic theft.
The thieves preyed on Boleto Bancário, or Boletos, a popular Brazilian payment method that can be issued online and paid out through various channels like banks and supermarkets, said the researchers at the RSA Security division of EMC Corp.
Researchers said the ring had been using what they called bolware — a play on Boletos and malware, a term for software intended for illegitimate purposes — to intercept legitimate Boletos payments and redirect them to the accounts of criminals or mules, who are people paid to be stand-ins for the criminals.
Boletos can be used for every kind of transaction, from telephone bills and health insurance to mortgages and school tuition. Over six billion were issued last year, according to Brazil’s central bank. In a country where many lack bank accounts and do not trust the postal service enough to send checks by mail, it is common to see long lines at banks as Brazilians carry their Boletos to pay their bills.
Bolware was first detected in 2012, but this is the first time that security researchers have been able to trace bolware back to a single criminal ring and determine the scope of compromised transactions.
For three months, RSA researchers in Brazil, Israel and the United States studied 19 variants of bolware. Using digital logs, they were able to trace them to what they believe is one group in Brazil. Based on the logs, researchers determined that 192,227 victims have been affected and 495,793 Boletos transactions worth $3.75 billion were hit.
“Cybercrime is a lot more rampant in Brazil than it is in the United States, and in many ways Brazil has been the trendsetter in cybercrime,” said Avivah Litan, a cybersecurity analyst at Gartner.
Cybercrime now accounts for 95 percent of losses incurred by Brazilian banks, according to the Brazilian Federation of Banks, or Febraban. Brazil also has a large online population —about 107 million people, or over 50 percent of the country’s population — and in 2012 an estimated $1.4 billion was lost to electronic fraud, according to Febraban.
Now, researchers say Boletos fraud has become a serious threat to banks in Brazil. After briefing Febraban on RSA’s findings, Uri Fleyder, an RSA researcher based in Israel, said in an interview Monday that while Boletos fraud was a known issue, “No one realized it was on this scope.”
Febraban officials said they could not comment on a continuing police investigation but noted that Brazilian banks last year spent $910 million on digital security and that they were encouraging consumers to migrate from Boletos to a more secure, fully electronic payment system called Direct Debit Authorization, or D.D.A.
That Boletos are so common and not very secure has made them an enticing target.
The criminals infected PCs by sending emails with malicious links and attachments that, once clicked, downloaded the bolware onto a computer.
The bolware burrowed into the Windows operating system of a computer and worked through Internet browsers — including Google’s Chrome, Mozilla’s Firefox and Microsoft’s Internet Explorer — where it modifed Boletos transactions and redirected payments directly to the criminals’ own accounts. The bolware also collected users’ email credentials, most likely so more malicious emails could be sent to infect more computers.
RSA researchers said they had also briefed the Federal Bureau of Investigation and United States Secret Service and were working with local and international law enforcement officials to help prosecute the individuals behind the ring. The current assumption is that the group has ties to organized crime in Brazil, but Mr. Fleyder cautioned that for now, that was just an assumption.
Because the bolware only affects Windows PC users, researchers are advising PC users to take extra precautions before clicking on suspicious links or email attachments and to make Boletos payments only using the digital wallets on their mobile devices.
But the best advice, Mr. Fleyder offered, was simply to “be vigilant.”
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Biden announces $9 billion in student loan relief President Biden on Wednesday announced another $9 billion in student debt relief. About 12...

  • (no title)
     THINGS TO KNOW FOR TODAY .  PENCE LOYAL, BUT WITH AN EYE TOWARD FUTURE Between traveling overseas, fundraising and being Trump'...
  • (no title)
    10 THINGS TO KNOW FOR TODAY 1.  BUSY DAY SLATED FOR CAPITOL Obama and Vice President-elect Mike Pence have dueling agendas in meetings ...
  • (no title)
    Malaysia Airlines loses contact with passenger jet A passenger flight carrying 239 people from Kuala Lumpur to Beijing is missing ...