Computer Crime Research Center


Thieves in the Internet

Date: December 13, 2006

MARK COLVIN: Millions worldwide have embraced internet banking, but so have virtual bank robbers.

Financial institutions are dealing with more cyber-attacks than ever before.

The scams are known as phishing, or sometimes spear-fishing, and they're costing millions of dollars a year.

And it seems that the criminals behind them are already devising new and more sophisticated methods of attack.

Conor Duffy reports on what some warn is a threat to your personal computer.

CONOR DUFFY: Like many parts of life, the internet has revolutionised the world of banking.

Customers can pay bills, make deposits and do just about anything from their homes without ever having to enter a branch.

But this revolution has brought with it a major security challenge, as the trusty bank safe is discarded in favour of electronic encryption.

This more ephemeral form of security is under attack from a scam know as phishing, where criminals pose as banks and ask customers to provide passwords that will enable them to access, and empty, the account.

Professor Bill Caeli from the Queensland University of Technology's explains.

BILL CAELI: Well, the major problem we're now seeing is root kit or bot nets, or spy ware. In other words what happens here is essentially the dark side simply takes over the whole machine.

What they can now do is they can now intercept anything that you do on your machine, and indeed they can completely impersonate you, as you do your transactions. In other words, they literally become you.

CONOR DUFFY: Professor Caeli doesn't believe the average PC user has the skills to adequately protect their financial transactions.

BILL CAELI: It's very, very simple indeed. Who says that the home PC is fit for the purpose of doing a banking transaction? You know, we don't put big cardboard boxes outside banks and call them teller machines. We really don't do that.

The problem we're starting to get into is really a fundamental question: is the PC fit for that particular purpose?

CONOR DUFFY: Professor Caeli believes banks should be doing more to protect their customers.

However Chris Jocelyne, who runs an online security company providing services to banks and a number of major government departments, says internet banking is safe and consumers need to take more responsibility for protecting themselves.

CHRIS JOCELYNE: At the end of the day though, I come back to the major point, it is not about technology, it's not about the duty of care at the banks, because they're doing a splendid job, it's the social engineering risks of people being far too trusting of strangers who seek to gain their personal information.

CONOR DUFFY: Mr Jocelyne is chairing a cyber crime conference in Sydney this week and he says customers will be subjected to new types of attacks.

CHRIS JOCELYNE: Most members of the public, I believe, can pick a fake bank website these days, there being so many spam email messages with this kind of information.

But there is a new and emerging threat which is a worry, and that is scammers who may be using the telephone to make contact with people, asking them for their name, their date of birth and other private information in order to try and get into their bank accounts.

CONOR DUFFY: Mr Jocelyne says banks are introducing new security measures for
people who do their banking on the internet, but he's concerned about the telephone scam.

CHRIS JOCELYNE: The scammer is not even a real person. This is a computer that is generating a series of questions, and then sending this out on a mass basis to telephone users across the world. This new development is very clever, in that it's perhaps more personalised than a computer screen message.

CONOR DUFFY: These internet banking scams are so new there is very little data available on how much money is being lost on the information superhighway.

Australian banks don't publish the information, but the Australian Bankers Association estimates the cost at $25 million.

At present banks will reimburse customers when they lose money to such schemes, but the code of conduct governing internet banking will be reviewed next year.

Nick Coates from the Australian Consumers Association says he's fearful the banks will try and put more responsibility onto consumers.

NICK COATES: Financial institutions encourage consumers online because it was low cost banking for them. But as the scams have got more sophisticated and the scammers have gotten more professional, they're losing more money, and there's no question that financial institutions in Australia would like to shift some of that liability back onto consumers and have it both ways.

CONOR DUFFY: A spokeswoman from the Australian Bankers Association told PM the submissions for the review hadn't even started yet, and she didn't know why the Consumers Association would allege the banks would try and change the rules.

MARK COLVIN: Conor Duffy reporting.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo