You must enter
at least 1 postings
about interesting topics studied in this chapter.If you find related article / web sites, feel free to share / post them here are well. This will be very resourceful to everyone in the class.It must beat least 200 wordsfor each posting.
https://www.ic3.gov/Home/PageNotFound?aspxerrorpath=/preventiontips.aspx
Financial Crimes 1 Financial Crimes Financial Crime of the Last Five Years [Student Names Removed for Privacy] Financial Crimes 2 Abstract Any crime committed via the internet is a cybercrime. Most cybercrimes cannot be placed into a single category, thus making cybercrime statistics difficult to compile. This abstract contains paper about cybercrime and how it happens. Almost one billion of the world’s 6.4 billion people now use the internet, and the vast amounts of readily accessible information, data and valuable research material available to hackers is unparalleled. You can be victim of digital crime at any time and your data is always at stake. It can be harmful for yourself and for your organization. In Introduction face you will learn how hackers and Trojan virus etc. could affect your computer e.g. there are a number of common ways hackers can access your computer or Internet accounts. A hacker can scan your computer looking for open ports. When the hacker finds an open port, he can attempt to connect to your computer via that port using a Telnet application or other specialized networking tools. One of the most common Trojan applications is called Back Orifice. In addition to the body of a document, I will be showing some examples like recent incident of AT&T that they discover that each ICC-ID was connected to an iPad 3G user email address, hackers wrote a script termed the “iPad 3G Account Slurper”and deployed it against AT&T’s servers and describe additional real time cases of Identity theft and Cybercrime. The second example is almost two years back which is following: On Jan, 2008 Login page of Italian bank (Banca Fideuram) replaced using XSS. An extremely convincing phishing attack is using a cross-site scripting vulnerability on an Italian Bank's own website to attempt to steal customers' bank account details. Fraudsters are currently sending phishing mails which use a specially- crafted URL to inject a modified login form onto the bank's login page. The vulnerable page is served over SSL with a bona fide SSL certificate issued to Banca Fideuram S.p.A. in Italy. In the last five years, a diverse range of financial crimes would in the realm of cybercrime the http://www.brighthub.com/internet/security-privacy/articles/83739.aspx http://www.brighthub.com/internet/security-privacy/articles/72172.aspx Financial Crimes 3 events among other crimes were the RBS World hack, the TJX data breach, the ATT&T/iPad brute force attack, and downfall of E-Gold. Financial Crimes 4 Financial Crime of the Last Five Years Financial crimes have been occurring at a heavier frequency than before, especially with the internet. These crimes can be alone, but can also be with multiple participants. In recent years, there has been an RBS Worldpay hack where they were able to steal $9 million from the system. Another one from the Zeus cybercrime ring allowed for the stealing of money from individuals and corporations. Vulnerabilities in web sites could also lead to exploitation of financial crimes. In the RBS Worldpay hack was a very critical financial cybercrime. It begins in November 2008 with prosecutors alleging that Oleg Covelin found vulnerability in the RBS Worldpay Network. Though, he takes it Sergei Tsurikov and Viktor Pleshchk. These people had the capability to exploit the vulnerability. Tsurikov brought together many people with different skill sets to achieve the group’s goals (Fisher, D.). On November 5, 2008, Covelin gave Pleshchuk a username and password for an RBS network server in Georgia. When they were inside the network, the hackers gained access to a database containing the account numbers and PINs of payroll debit cards that the company’s customers give to employees in replacement of paychecks or direct deposit. The means by which the hackers obtained this information is not explained in the indictment. Whether the account numbers were stored in the same place or separated remained unknown. Once the hackers obtained the data, Pleshchuk, Tsurikov, and another hacker modified information on the accounts so that there would be more money on the cards, including an increased withdrawal amount. 44 of the prepaid payroll card numbers and PINs were sent to a pre-arranged network of “cashers.” These cashers would then store the information on fake cards. The cashers would then start hitting ATM machines at multiple terminals. $9 million Financial Crimes 5 would be stolen in 12 hours, a massive loss for one-day for RBS. Pleschchuk and Tsurikov went back into the RBS Worldpay network to monitor the cashers’ activities. The cashers would keep between 30 and 50 percent of the money stolen. Pleshchuk and Tsurikov tried to delete any information in the RBS Worldpay database logs that would point to their scheme, but they do not do a good job of covering up their tracks (Fisher, D.). Another financial cybercrime involved the Zeus cybercrime ring. The U.S. Attorney’s office charged 37 people with hacking into the bank accounts of U.S. businesses and municipal entities, stealing more than $3 million. Manhattan’s District Attorney Cyrus Vance charged 36 individuals with stealing $860,000 from individuals and corporations, including JPMorgan Chase. This is a very critical example of organized cybercrime according to Vance (Rooney, B.). The hackers used the Zeus Trojan program to secretly obtain victims’ personal information and hack into their bank accounts. It would be sent to users as an apparently harmless e-mail and would be stored on the computer once opened. It would log users’ keystrokes and steal passwords, “vital security codes,” and account information. The money was transported overseas via “money mules.” Some of them entered the country on student visas or U.S. passports. Ten of them have been arrested while 17 remain at large. These criminals are charged with conspiracy to commit bank fraud, money laundering, and conspiracy to possess false identification to name a few (Rooney, B.). In another potential cybercrime, a social networking site could be exploited through vulnerability. Blippy, the Twitter of personal finance, is a social networking site that allows users to post financial transactions and comment on them. The accounts were not critically hacked, but compromised due to Google Searches. When they added Blippy to their site database, Google exploited a problem with Blippy’s html script. The creators of the site wrote the credit card Financial Crimes 6 information into a separate div tag. This div tag was scanned by Google and revealed the credit card information during the search. This probably only affected those users that posted the credit card directly to Blippy and did not simply post usernames and passwords that were not exposed. Blippy fixed the problem, but should make users realize that posting financial information to a third party site could have complications (Grove – Blippy Users). In another issue, MoneyGram had some account information stolen from its site. It was expected that 79,000 customers had their personal accounts stolen. A computer server was “unlawfully accessed via the internet” in December 2006. According to Vicki Keller, vice president of MoneyGram Global Payment Services, the incident was isolated to a single biller. This was one biller out of 15,000, and it affected consumers across the country (Onaran, Y.). There were 255,565 identity-theft complaints reported in 2005, up 3.5 percent from the year earlier, according to the Federal Trade Commission. A fourth of the stolen information came from credit-card fraud. These issues are simply a small sampling of the digital financial crimes happening. Some of them could be happening right now. As soon as one cybercrime is found, another one will spring up quickly. These cybercrimes will not end, and victims will be appearing more often. Users should be aware of the actions they take on the internet and hope that they will make sure that their web pages have security. The sites that they make transactions with must also be sure that their computers are secure. Among the wave of financial crime that would take place in the mid to late 21st century, none were so notorious as the hacks performed by Albert Gonzales. “Soupnazi” was one of the names which circulated among the hacking circles, was the individual responsible for causing heavy financial damage to major corporate organizations in the past decade. His infamous hack Financial Crimes 7 of the TJX Companies stores, created a gaping hole within the heart of the retail company finances. Albert Gonzales also was heavily involved in the data theft of the Heartland Payment Systems, which added to his spectacular hacking feats. In his relatively short life, Gonzales has set the precedent for several security hacks as the many victims of his exploits struggle to recovery their assets (Suddath). The TJX company hack which gained much attention in 2007, was involved the data theft of a TJMaxx retail department store. TJX Companies consists of a myriad of retail department stores including TJMaxx, Marshall’s and Homegoods which are scattered among middle- American regions across the United States fell victim to Gonzales’s hacking talents. The roots that led to the massive loss of information were a security vulnerability of some existing TJMaxx stores. Specially, the Wired Equivalent Protection (WEP) encryption which was previously used to secure their wireless networks had been compromised by Gonzales’s hacking exploits (Ciampa). Anyone with reasonable knowledge in networking accompanied by relatively basic tools can easily intercept packets along a network in mere minutes. Regulation in department store operations requires the use of price scanners and cash registers to transmit transaction with customers in their day-to-day operations, which were the machines Gonzales was able to intercept data from (Ciampa). Considering the loophole and relatively short period to brake, Gonzales was able to intercept and collect tons of data. Using the war-driving, Gonzales routinely intercepted information from these department store, using practical devices such as a laptop to obtain the poorly encrypted information. Operating approximately over a two-year period Gonzales was able to obtain millions of records from the credit and debit card transactions made