ArchiveOODA OriginalRisk Intel Report

Digital Thieves Sell Defrauding Software As A Service Online

Highlights – Criminals are offering defrauding software in a Software as a Service model – Fraud as a Service packages are traded and sold in Internet chat rooms and forums – Financial institutions are deploying new security procedures and technologies to combat threats A researcher presenting at an October 2008 security conference in London, England detailed a new trend of online fraud whereby criminals are offering fraudulent services in a Software as a Service (SaaS) model. The model allows anyone wishing to participate in online fraud to purchase services from unscrupulous individuals lurking in Internet chat rooms and forums. The services include information-stealing Trojan viruses, together with hosting services and a fully integrated infection service to include patches and upgrades so the Trojan avoids detection by security software. According to security vendor RSA’s Anti Fraud Command Center, nearly half of all phishing attacks are now carried out by individuals or small groups who meet and trade information and services in Internet chat rooms. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Given the potential for large sums of money to be made by employing various phishing schemes, the application of the SaaS model to phishing attacks was a natural evolution of bringing those who have the technical skills to create malicious software together with those who have the desire to run fraudulent criminal enterprises. An individual or group wishing to create their own phishing scam can simply visit an Internet chat room and purchase fraud services from another individual and begin defrauding other unsuspecting Internet users with relative ease. In the near to mid-term, we expect more individuals to purchase ‘fraud as a service’ packages because of its relative ease to deploy along with a support structure to allow the individual to obtain technical assistance and updates to the software. Those providing the services also stand to make large sums of money by selling their services to hundreds, possibly thousands of individuals online. Online Fraudsters: Two Groups The head of RSA’s New Technologies group stated in his presentation that most online fraudsters can be broken down into two groups: harvesting fraudsters, who specialize in stealing user credentials, and cash-out operators, who focus on laundering the money from stolen accounts or fraudulently purchased goods. Internet fraud normally follows the following steps: 1. Harvesting fraudsters leverage the advantages provided by the ‘fraud as a service’ packages to help them harvest account details. 2. Next, cash-out operators transfer the money from the compromised accounts into a network of so-called “mule accounts.” 3. The money is then sent via Western Union from these “mule accounts” to a third party individual who will keep a percentage of laundered money as payment and pass the remaining funds on to the cash-out fraudster. 4. In the end, the cash-out operator and harvester will share their profits. Financial Institutions Adapt Security Measures According to a survey conducted by the Pew Internet & American Life Project in May 2008, 53 percent of American adults who use the Internet participated in online banking. This number represents a steady increase from a similar 2006 survey in which 43 percent or about 63 million American adults participated in online banking. If financial institutions are to continue these upward trends and maintain customer confidence in conducting financial transactions online, they must keep pace with new attacks by continually developing procedure and technologies to combat increasing threats. Some of the new techniques and technologies being deployed involve: • Limiting credit harvesting by

Want more insight?

This content is restricted to members only. Members get access to all of the content on this site. This includes over 3000 Risk Intel Reports, the Attack Database (10,000 entries), over 3000 Intel Advisories, Threat Group Profiles on 500+ groups and over 100,000 curated OSINT excerpts. Your membership also supports the cost of producing our hand-curated Daily OSINT report.

Please consider becoming a member. For more information please click here. Thanks!
OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.