Internet crooks craft creative counterfeiting scam

  • TECH
  • Wednesday, 28 Jul 2010

SAN FRANCISCO: Think of it as one more reason not to write cheques. Hackers believed to be operating out of Russia have figured out a high-tech way to carry out the decidedly low-tech crime of cheque fraud.

According to a computer security company, the hackers have written at least US$9mil (RM29mil) in fake cheques against more than 1,200 legitimate accounts.

But these hackers got the account information in an unusual way: They broke into three websites that specialise in a little-known type of business — archiving cheque images online.

Cheque counterfeiting is a crime that savvy Internet criminals usually pass up. After all, it’s far easier for them to make money by stealing credit cards and online banking passwords.

The scam was discovered by SecureWorks Inc, an Atlanta computer security company. The organisation is working with the FBI and said the hackers have not been caught.

Retailers and other businesses use the sites to store records of all the cheques they write. Cheque-cashing operations use them to sock away images of cheques they receive.

And some banks pay them to store images of customers’ cheques, so the customers can see them when they log in to their online banking accounts.

The criminals downloaded all the images they could find, grabbing bank routing numbers, names and addresses and even signatures of legitimate account holders.

They used the information to create their own cheques using easy-to-acquire software and printers.

Because all the account information is real and the victims don’t know their accounts have been compromised, the odds of the cheques going through are high.

SecureWorks notified the three sites and said they have closed their security holes, but warned that the scam is ongoing and targeting other, similar sites.

Black Hats

“It’s not the standard kind of criminal operation,” said Joe Stewart, director of malware research for SecureWorks’ Counter Threat Unit.

“Cheque counterfeiting is kind of old school, but these guys have figured out how to make it highly automated,” he said. “They can get all this data and use that to write counterfeit cheques all day long.”

The research was being released in conjunction with the Black Hat computer security conference in Las Vegas, which runs till Thursday and draws security professionals from around the world to hear about the latest vulnerabilities and attacks and ways to thwart criminals.

Notable presentations this year are to include a demonstration of how to break into widely used ATMs, a talk that was pulled last year by the researcher’s employer after complaints from the ATM maker.

Researchers are also expected to discuss vulnerabilities in smartphones and in the technology used to secure online transactions.

A consistent theme at Black Hat, and at the related DefCon conference this weekend in Las Vegas, is that most Internet criminals are now motivated by money rather than mayhem.

And they’re getting more clever in their approaches as banks and other valuable targets tighten their security, as SecureWorks’ three-month investigation into the check-counterfeiting ring found.


Dan Clements, a computer security expert who wasn’t involved in SecureWorks’ research, said the scheme represents a “very significant” escalation of the abilities of online crooks.

He said people should watch for small test charges that criminals make to figure out which accounts are still active, and avoid writing their driver’s licence numbers and other personal details on cheques. He said the attackers were shrewd in their choice of targets.

“I think it’s brilliant — it’s where the data is,” he said. “It’s a way to get into these accounts and they don’t need to be in the country.”

It’s unclear how much of the US$9mil (RM29mil) in that scam the criminals actually got to keep.

The main bottleneck lies with the “money mules” — people recruited from online job sites to launder the money.

They were sent the bogus cheques — via overnight shipping paid for with stolen credit cards — and asked to deposit them into their own bank accounts. They were then supposed to wire a portion to accounts in Russia.

Stewart said the six “mules” he was able to reach all told him they hadn’t wired any money to the criminals because either they or their banks got suspicious. Many more likely did wire the money, however.

He uncovered the scam while investigating malicious software that steals banking passwords.

Got a peek

In eavesdropping on one criminal group’s communications, which he was able to do by infecting his own computer with the malicious program the group was using, he noticed that they were doing something unexpected: Collecting massive amounts of images of cheques.

He found a file logging all of their transactions, which revealed that 3,285 cheques were written against 1,280 accounts since June 2009. Most cheques were written for less than US$3,000 (RM9,600) to evade banks’ anti-fraud measures.

Overall, he saw about 200,000 stolen cheque images — suggesting the criminals have only exploited a fraction of the accounts on which they have information.

SecureWorks isn’t identifying the hacked sites. — AP

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Did you find this article insightful?


Across the site