20120613 e-banking fraud situation - BE law enforcement reaction

Belgian Federal Judicial Police

Federal Computer Crime Unit

© Luc Beirens

« Security in e-banking is a shared responsiblity »

© 2012 FCCU - Luc Beirens

Topics

Scheme

2007-2012 Evolution

Victims

Money mules

Criminals

Future


e-banking fraud is only part of the cybercrime


Cybercriminals working together


4 Activity spying Keylogging

Fake Company

Proxy

Spam

Money collector

Money Mule

eBank user Bank site

Money Mule

10

5

11

7

12 13

Trojan distribution campain

Hackers

Knowledge

database

1

Local storage

2 Use of intermediate systems to control network

Bank account transfer

3

© Luc Beirens

6

Surfing to banking website & Authentication

8 Preparation

Money transfer order

Proxy

Confirmation :

Screen injects

Telephone calls

2007-2012 e-banking cases

Experiences e-Banking cases 2007 : handled seperately

Start of Federal Police - Febelfin cooperation Complaints => centralized information & analysis

Engagement Police – Justice Federal Prosecutor’s office coordinating Local Prosecutors

Investigating ICT traces : FCCU

Investigating Financial traces : DJF and FJP Bxl

Cooperation with Europol & Eastern European countries

Success Most with financial traces => money launderers

○ Several money mules brought to court in BE & abroad

Some coders / hackers still under investigation abroad


Success ?

BE : less than 200.000 euro in 2011 Compared to 36 million euro in Netherlands

Well protected BE payment systems

Fast collaboration => know how criminals work

Fast adaptation of techniques for detection, avoidance, damage control

Awareness to large public Press releases / information sessions

Websites on e-security


Victims

ALL of them were infected with Trojans

Some of them had several hunderds Trojans

Very often no AV products

Operating system / applications not updated

Unaware of risks / methods


Who are behind the fraud ?

Horizontal organized crime : specialized teams

Trojan developers

Botnet managers

Financial operators => information / operations

Money launderers => operations department

Underground economy

Place where criminal specialists meet

Using encryption / hiding techniques


Underground exhange services

Market of Trojans and botnets

Zeus, SpyEye

Self configurable Trojan kits with support

Infection ways : mail, social media, P2P, web

Integration of functionalities Read, write, install access to harddisk

Internet connection interception and code injection

Keylogging

Screen captures

Webcam & microphone activation

Managed over botnets


Money mules

Several levels of money mules 1st level => in BE / 2nd level => after money transfert

Organizers Recruitment and managing money mules

Organizing – laundering operations

New schemes to enable money laundering Large expensive orders to shops / hotels – cancelled

New dating friends asking for money transfers

Money mules used for different purposes E-banking / Internet fraud


Evolution

Trojans and botnets : multipurpose tool for cyber crime

Cooperation Febelfin-Police : detect new modus

Focus on awareness Responsiblity of every party concerned

Focus European and BE police strategy Taking away the weapens of the criminals

Disrupting / dismantle botnets

Together with all other partners


Contact information

Belgian Federal Judicial Police

Direction for economical and financial crime

Federal Computer Crime Unit Notelaarstraat 211 - 1000 Brussels – Belgium

Tel office : +32 2 743 74 74

Fax : +32 2 743 74 19

Head of Unit : [email protected]

Twitter : @LucBeirens


mailto:[email protected]

Economy & Finance

20120613 e-banking fraud situation - BE law enforcement reaction