Mobile devices

A gold mine for cyber criminals' exploitation

By Robert E. Holtfreter, Ph.D., CFE, CICA
robert-holtfreter-80x80.jpg   Taking Back the ID: Identity theft prevention analysis

Susie Franklin was a successful broker at a big Wall Street financial firm. Through the years, she established a long list of clients, colleagues and friends. To keep in touch, she purchased a state-of-the-art smartphone. Susie's friends convinced her to use it to do most of her banking online. She enjoyed the simplicity and convenience of online banking with her smartphone, but one day she noticed money was missing from her account. She contacted her bank, which determined that she hadn't authorized a $2,000 withdrawal. She then knew that she was an identity theft victim. 

This case is fictional, but it's representative of a new wave of identity theft with the proliferation of mobile devices such as smartphones, tablet PCs and e-readers that consumers, businesses and government agencies have adopted to transact business, including mobile banking. Cyber criminals go where the money is, and they've reacted quickly to exploit the spread of the mobile banking arena as a profit center. The mobility of laptops led to an exploitation of personal data through loss and theft, but the movement to smaller portable devices represents a much larger opportunity for cyber criminals to exploit data. 


How do cyber criminals exploit mobile device activity, especially the mobile banking variety? This is how Gordon M. Snow, assistant director of the FBI's Cyber Division ("Statement Before the House Financial Services Committee, Subcommittee on Financial Institutions and Consumer Credit," on Sept. 14, 2011), explains it: 

Cyber criminals have successfully demonstrated man-in-the-middle attacks against mobile phones using a variation of ZeuS malware. The malware is installed on the phone through a link imbedded in a malicious text message, and then the user is instructed to enter their complete mobile information. Because financial institutions sometimes use text messaging to verify that online transactions are initiated by a legitimate user, the infected mobile phones forward messages to the criminal.

Cyber criminals are also taking advantage of the Twitter iPhone application by sending malicious "tweets" with links to a website containing a new banking Trojan. Once installed, the Trojan disables Windows Task Manager and notifications from Windows Security Center to avoid detection. When the victim opens their online banking account or makes a credit card purchase, PII (personal identification information) is sent to the criminal in an encrypted file.

A man-in-the-middle attack (also known as faked/spoofed websites, website spoofing and pharming) involves a cyber criminal who uses a fake website to move and monitor information between an organization — such as a bank — and a consumer. In essence, the cyber criminal is in the middle of a transaction between a consumer and an organization with neither party aware that the fraudster is illegally monitoring the transactions. The criminal, who's secretly monitoring every keystroke between the consumer and organization, compromises personal identifiable information (PII) such as account material, usernames and passwords.

Pharming, also known as spoofing and DNS poisoning, is a high-level cyber scheme for conning individuals into exposing PII such as credit/debit card info, Social Security numbers and other financial account information. Although similar in design to phishing, pharming involves more risk because a click on a link in an email message isn't necessary to initiate the scam. The scam uses malware or spyware to move the victim from a legitimate website to a fraudulent one.


For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.