Financial Crimes 1
Financial Crimes
Financial Crime of the Last Five Years
[Student Names Removed for Privacy]
Financial Crimes 2
Abstract
Any crime committed via the internet is a cybercrime. Most cybercrimes cannot be placed into a
single category, thus making cybercrime statistics difficult to compile. This abstract contains
paper about cybercrime and how it happens. Almost one billion of the world’s 6.4 billion people
now use the internet, and the vast amounts of readily accessible information, data and valuable
esearch material available to hackers is unparalleled. You can be victim of digital crime at any
time and your data is always at stake. It can be harmful for yourself and for your organization. In
Introduction face you will learn how hackers and Trojan virus etc. could affect your computer
e.g. there are a number of common ways hackers can access your computer or Internet accounts.
A hacker can scan your computer looking for open ports. When the hacker finds an open port, he
can attempt to connect to your computer via that port using a Telnet application or other
specialized networking tools. One of the most common Trojan applications is called Back
Orifice. In addition to the body of a document, I will be showing some examples like recent
incident of AT&T that they discover that each ICC-ID was connected to an iPad 3G user email
address, hackers wrote a script termed the “iPad 3G Account Slurper”and deployed it against
AT&T’s servers and describe additional real time cases of Identity theft and Cybercrime. The
second example is almost two years back which is following: On Jan, 2008 Login page of Italian
ank (Banca Fideuram) replaced using XSS. An extremely convincing phishing attack is using a
cross-site scripting vulnerability on an Italian Bank's own website to attempt to steal customers'
ank account details. Fraudsters are cu
ently sending phishing mails which use a specially-
crafted URL to inject a modified login form onto the bank's login page. The vulnerable page is
served over SSL with a bona fide SSL certificate issued to Banca Fideuram S.p.A. in Italy. In
the last five years, a diverse range of financial crimes would in the realm of cybercrime the
http:
www.
ighthub.com/internet/security-privacy/articles/83739.aspx
http:
www.
ighthub.com/internet/security-privacy/articles/72172.aspx
Financial Crimes 3
events among other crimes were the RBS World hack, the TJX data
each, the ATT&T/iPad
ute force attack, and downfall of E-Gold.
Financial Crimes 4
Financial Crime of the Last Five Years
Financial crimes have been occu
ing at a heavier frequency than before, especially with
the internet. These crimes can be alone, but can also be with multiple participants. In recent
years, there has been an RBS Worldpay hack where they were able to steal $9 million from the
system. Another one from the Zeus cybercrime ring allowed for the stealing of money from
individuals and corporations. Vulnerabilities in web sites could also lead to exploitation of
financial crimes.
XXXXXXXXXXIn the RBS Worldpay hack was a very critical financial cybercrime. It begins in
November 2008 with prosecutors alleging that Oleg Covelin found vulnerability in the RBS
Worldpay Network. Though, he takes it Sergei Tsurikov and Viktor Pleshchk. These people had
the capability to exploit the vulnerability. Tsurikov
ought together many people with different
skill sets to achieve the group’s goals (Fisher, D.).
XXXXXXXXXXOn November 5, 2008, Covelin gave Pleshchuk a username and password for an RBS
network server in Georgia. When they were inside the network, the hackers gained access to a
database containing the account numbers and PINs of payroll debit cards that the company’s
customers give to employees in replacement of paychecks or direct deposit. The means by which
the hackers obtained this information is not explained in the indictment. Whether the account
numbers were stored in the same place or separated remained unknown.
XXXXXXXXXXOnce the hackers obtained the data, Pleshchuk, Tsurikov, and another hacker modified
information on the accounts so that there would be more money on the cards, including an
increased withdrawal amount. 44 of the prepaid payroll card numbers and PINs were sent to a
pre-a
anged network of “cashers.” These cashers would then store the information on fake
cards. The cashers would then start hitting ATM machines at multiple terminals. $9 million
Financial Crimes 5
would be stolen in 12 hours, a massive loss for one-day for RBS. Pleschchuk and Tsurikov went
ack into the RBS Worldpay network to monitor the cashers’ activities. The cashers would keep
etween 30 and 50 percent of the money stolen. Pleshchuk and Tsurikov tried to delete any
information in the RBS Worldpay database logs that would point to their scheme, but they do not
do a good job of covering up their tracks (Fisher, D.).
XXXXXXXXXXAnother financial cybercrime involved the Zeus cybercrime ring. The U.S. Attorney’s
office charged 37 people with hacking into the bank accounts of U.S. businesses and municipal
entities, stealing more than $3 million. Manhattan’s District Attorney Cyrus Vance charged 36
individuals with stealing $860,000 from individuals and corporations, including JPMorgan
Chase. This is a very critical example of organized cybercrime according to Vance (Rooney, B.).
The hackers used the Zeus Trojan program to secretly obtain victims’ personal information and
hack into their bank accounts. It would be sent to users as an apparently harmless e-mail and
would be stored on the computer once opened. It would log users’ keystrokes and steal
passwords, “vital security codes,” and account information. The money was transported overseas
via “money mules.” Some of them entered the country on student visas or U.S. passports. Ten of
them have been a
ested while 17 remain at large. These criminals are charged with conspiracy
to commit bank fraud, money laundering, and conspiracy to possess false identification to name
a few (Rooney, B.).
In another potential cybercrime, a social networking site could be exploited through
vulnerability. Blippy, the Twitter of personal finance, is a social networking site that allows users
to post financial transactions and comment on them. The accounts were not critically hacked, but
compromised due to Google Searches. When they added Blippy to their site database, Google
exploited a problem with Blippy’s html script. The creators of the site wrote the credit card
Financial Crimes 6
information into a separate div tag. This div tag was scanned by Google and revealed the credit
card information during the search. This probably only affected those users that posted the credit
card directly to Blippy and did not simply post usernames and passwords that were not exposed.
Blippy fixed the problem, but should make users realize that posting financial information to a
third party site could have complications (Grove – Blippy Users).
In another issue, MoneyGram had some account information stolen from its site. It was expected
that 79,000 customers had their personal accounts stolen. A computer server was “unlawfully
accessed via the internet” in December 2006. According to Vicki Keller, vice president of
MoneyGram Global Payment Services, the incident was isolated to a single biller. This was one
iller out of 15,000, and it affected consumers across the country (Onaran, Y.). There were
255,565 identity-theft complaints reported in 2005, up 3.5 percent from the year earlier,
according to the Federal Trade Commission. A fourth of the stolen information came from
credit-card fraud.
These issues are simply a small sampling of the digital financial crimes happening. Some of
them could be happening right now. As soon as one cybercrime is found, another one will spring
up quickly. These cybercrimes will not end, and victims will be appearing more often. Users
should be aware of the actions they take on the internet and hope that they will make sure that
their web pages have security. The sites that they make transactions with must also be sure that
their computers are secure.
Among the wave of financial crime that would take place in the mid to late 21st century,
none were so notorious as the hacks performed by Albert Gonzales. “Soupnazi” was one of the
names which circulated among the hacking circles, was the individual responsible for causing
heavy financial damage to major corporate organizations in the past decade. His infamous hack
Financial Crimes 7
of the TJX Companies stores, created a gaping hole within the heart of the retail company
finances. Albert Gonzales also was heavily involved in the data theft of the Heartland Payment
Systems, which added to his spectacular hacking feats. In his relatively short life, Gonzales has
set the precedent for several security hacks as the many victims of his exploits struggle to
ecovery their assets (Suddath).
The TJX company hack which gained much attention in 2007, was involved the data theft
of a TJMaxx retail department store. TJX Companies consists of a myriad of retail department
stores including TJMaxx, Marshall’s and Homegoods which are scattered among middle-
American regions across the United States fell victim to Gonzales’s hacking talents. The roots
that led to the massive loss of information were a security vulnerability of some existing TJMaxx
stores. Specially, the Wired Equivalent Protection (WEP) encryption which was previously used
to secure their wireless networks had been compromised by Gonzales’s hacking exploits
(Ciampa). Anyone with reasonable knowledge in networking accompanied by relatively basic
tools can easily intercept packets along a network in mere minutes. Regulation in department
store operations requires the use of price scanners and cash registers to transmit transaction with
customers in their day-to-day operations, which were the machines Gonzales was able to
intercept data from (Ciampa).
Considering the loophole and relatively short period to
ake, Gonzales was able to
intercept and collect tons of data. Using the war-driving, Gonzales routinely intercepted
information from these department store, using practical devices such as a laptop to obtain the
poorly encrypted information. Operating approximately over a two-year period Gonzales was
able to obtain millions of records from the credit and debit card transactions made