Jan 30 2008

Remote bank fraud against Swedish Swedebank

Published by under Security

Most people have heard about card skimming and other credit card fraud but in Swedish media, there are several interesting articles regarding how a local branch office to Swedbank manage to stop a fraudulent transaction in the last minute. The Swedish police won’t talk about it but media claims that a bank employee took notice off that the mouse pointer on his system was moving by it self. He then quickly looked behind the computer and finally found under his desk a hidden device that was connected to the computer to remotely control his computer. Pulling the cables stopped a transfer of several million Swedish Kronor to vanish.

The first question that comes to my mind is how did they manage to set up this equipment without any one taking notice? Well, according to the Swedish police there was a break in during August last year where nothing was stolen… Why didn’t that itself not raise a couple of questions? And better up; the alarm did not go off due to that the alarm wasn’t activated?!

The question that should be asked within this organization is why would actually someone make an illegal entry with the risk of getting caught and steal nothing? Either was the person extremely stupid or didn’t find what he was looking for or they intrusion had another purpose of for example hide or tamper with the system at the bank office.

The group of seven men was arrested this Monday and Tuesday and are currently under suspicion for the attempt to bank fraud and as well for preparing new similar actions.

So far the police have been very silent regarding the technology used during this fraud attempt. But a guess is that since the perpetrator had to hide an “unknown device” under the desk one could assume that they used standard available technology such as pico-ITX motherboard together with either gsm or 3g modem to be able to call home or to contact the “unknown device” from remote host by for example using openly available remote access software between the two computers. So actually the components used to build a tiny system is not hard at all and I highly doubt that we’re talking about James Bond technology here such as tiny keyboard logger devices with remote capabilities.

The technology is available and has been for many years to build your own equipment or buy spy kit – it’s just a matter how much money you’re willing to spend and to what extent you’re willing to hide your activities.

Keyboard loggers have been around for ages as well most interesting enough most people have actually never seen one. Keyboard loggers can easily be obtained via the internet or you can either build your own using a simple PIC16F84, and a NVRAM chip. The left images show a home made keyboard logger and the middle shows what a typical keyboard circuit looks like and the right image what a typical keyboard logger looks like that you can get over the internet for around $80.

So once again I ask myself – why would someone break into a bank and not steal anything without any questions asked?

Kim Haverblad

No comments

Trackback URI | Kommentars RSS

Leave comment