Free Essay

Cyber Crime

In:

Submitted By plennon
Words 1338
Pages 6
This essay will seek to elaborate on the methods employed by a criminal organisation to

steal somewhere in the region of $45 million from two geographically separate banking

institutions. [1] Where once criminal entities would have had to rely on brute force, violence

and intimidation, this new form of robbery never so much as required a loaded pistol; all

was accomplished though the strokes of a keyboard.

Fearless thugs were replaced by highly accomplished computer hackers whose knowledge

and expertise allowed for the infiltration to occur without alerting the authorities. Once the

hackers had secured root access to the targeted systems, valid debit card numbers were

stolen and distributed to a global network of criminal accomplices. Using these seemingly

legitimate cards the thieves went to work targeting ATMs to withdraw cash on an enormous

scale.

What is truly remarkable about this “heist” was how relatively simple and straight forward

the methods employed by the hackers were. This attack has come to be known as an

“Unlimited Operation”.

How it happened

It is extremely difficulty to answer how the hackers managed to steal such an enormous

sum of cash with any degree of certainty. Given the very nature of how it was stolen,

to publicly reveal specifics on how the heist was accomplished could possibly leave the

institutions at the mercy of further attacks. However, the overwhelming online consensus

points to SQL Injection as the method most suitable for this form of cyber-attack. [2]

Structured Query Language (SQL) is a special-purpose programming language designed

for managing data held in a relational database management system (RDBMS). Databases

form the backbone of all financial institutions as they are responsible for recording all

customer information, transactions and records. [3]

casual observer that given the incredibly sensitive data entrusted to these institutions that

preserving the integrity of databases would be their foremost concern.

It would seem obvious to even the most

A SQL injection attack involves the alteration of SQL statements that are used within a

web application through the use of attacker-supplied data. Insufficient input validation

and improper construction of SQL statements in web applications can expose them to SQL

injection attacks. SQL injection is such a prevalent and potentially destructive attack that the

Open Web Application Security Project (OWASP) lists it as the number one threat to web

applications. [4]

This particular attack occurred over a number of months, targeting two banks (RAKBANK in

the UAE and Oman’s Bank of Muscat) [5]

(Enstage in India and ElectraCard in the US). Both attacks followed a similar pattern;

compromise the banks customer service web portal using SQL injection, steal valid debit

card numbers, remove withdrawal limits associated with the cards, circulate the valid

numbers to a worldwide criminal network, encode the valid debit card numbers to magnet

cards and begin to withdraw cash from ATM’s.

and their respective debit card processing partners

The first Unlimited Attack occurred on December 22, 2012 when the group compromised

RAKBANK before giving the go ahead for “cashers” to withdraw funds from 4,500 ATM’s in

approximately 20 countries. The concerned institutions suffered approximately $5 million

in losses but it appears that this attack was merely a test run for what was to follow two

months later.

On February 19, 2013 the group targeted the Bank of Muscat and ElectraCard. Over the

course of approximately 10 hours, casher cells in 24 countries executed approximately

6,000 transactions worldwide and withdrew about $40 million from ATMs. From 3 p.m. on

February 19 through 1:26 a.m. on February 20, the defendants and their co-conspirators

withdrew approximately $2.4 million in nearly 3,000 ATM withdrawals in the New York City

area. [6]

How the breach could have been prevented

Preventing injection requires keeping untrusted data separate from commands and queries.

1. The preferred option is to use a safe API which avoids the use of the interpreter

entirely or provides a parameterized interface. Be careful with APIs, such as stored

procedures that are parameterized, but can still introduce injection under the hood.

2. If a parameterized API is not available, you should carefully escape special characters

using the specific escape syntax for that interpreter. OWASP’s ESAPI provides many

of these escaping routines.

3. Positive or “white list” input validation is also recommended, but is not a complete

defence as many applications require special characters in their input. If special

characters are required, only approaches (1) and (2) above will make their use safe.

OWASP’s ESAPI has an extensible library of white list input validation routines. [7]

The ATM cybercrime could have been prevented also by using device intelligence to catch

rogue devices trying to access multiple accounts from unknown/unfamiliar locations.

Also, the incident could have been prevented by adding a ‘staging’ roles that catch any

strange activity, or at least report and log important activities such as increasing credit card

limits.

Further security measures would rely on the implementation of a layered architecture. For

example, compromising an outer layer would not result in a full system breach but would

slow the hacker down, automatically alert system admins to the intrusion and still preserve

system security. A common implementation of this approach is offered by Google through

their 2-Step Verification system. [8]

machine (ATM) typically requires two-step verification. To prove that users are who they

claim to be, the system requires two items: the ATM card (application of the possession

factor) and the personal identification number (PIN) (application of the knowledge factor).

In the case of a lost ATM card, the user's accounts are still safe; anyone who finds the card

cannot withdraw money as they do not know the PIN. The same is true if the attacker

has only knowledge of the PIN and does not have the card. This is what makes two-step

verification more secure: there are two layers of security.

Finally, payment card processors are typically expected to comply with the Payment Card

Industry Data Security Standard (PCI-DSS), a code of best practices created by the card

industry designed to prevent hackers from obtaining card details. [9]

The system operates as follows: an automated teller

Conclusion

At the most elementary level any corporate website that offers the user the ability to input

plain through a web form needs to be fully aware of the security concerns that are raised by

such a facility. Poorly configured webservers are rife with openly published vulnerabilities

that even the most inexperienced hacker can easily exploit. All companies that seek to

interact with their customers through the corporate website need to become more vigilant

as the form of attack detailed above has become the number one attack vector employed

by hackers. This is of particular concern for those businesses that are entrusted with large

amounts of sensitive consumer data and none more so than those in the financial sector.

References

1. http://news.softpedia.com/news/8-Members-of-Cybercrime-Ring-Charged-Accused- of-Stealing-45M-34M-from-Banks-352218.shtml 2. The Daily Beast, Michael Daly, The ATM Heist: How Did the ‘Casher’ Crew Do It?

(www.thedailybeast.com/articles/2013/05/11/the-atm-heist-how-did-the-casher- crew-do-it.html) Softpedia (2013) ‘Expert: Cybercriminals Likely Exploited SQL Injection to Pull

Off $45M / €34M Heist’, [online], available: http://news.softpedia.com/news/

Expert-Cybercriminals-Likely-Exploited-SQL-Injection-to-Pull-Off-45M-34M-Heist-

352865.shtml [Accessed 24 Feb 2014]

3. SQL reference https://en.wikipedia.org/wiki/SQL

4. Cisco definition: http://www.cisco.com/web/about/security/intelligence/

sql_injection.html

5. http://news.softpedia.com/news/Expert-Cybercriminals-Likely-Exploited-SQL-
Injection-to-Pull-Off-45M-34M-Heist-352865.shtml

6. http://www.justice.gov/usao/nye/pr/2013/2013may09.html

7. https://www.owasp.org/index.php/Top_10_2013-A1-Injection

8. With 2-step verification, you'll sign in to your Google Account with both your

password and a code that you'll get from your phone.

9. Jeremy Kirk (IDG News Service), PCWorld Magazine

Similar Documents

Premium Essay

Cyber Crimes

...Cyber Crimes Cyber crimes are on some of the hardest crimes for the police to stop and catch the perpetrators because they can commit a crime in one state or country and physically be in another state or country. While the invention of the Internet has had great affects on the growth of technology, it has also given criminals an extremely large place to hide in and the laws are still trying to catch up with the growth of technology. The different technology crimes that occur fall into one of the three following categories: cyber piracy, cyber trespass, and cyber vandalism, and like the original crimes of piracy, trespass, and vandalism these crimes are similar except they happen in digital form. Three Categories of Cybercrime There are three categories of cybercrimes that can cause a lot of trouble for any individual or organization who becomes a victim of these crimes. Cyber piracy, trespass, and vandalism in some ways are similar because they all involve taking advantage of individual people or organizations by stealing personal information through digital techniques. 1. Cyber piracy Cyber piracy has two definitions; the first definition is when a person uses cyber technology unlawfully to produce copies of proprietary information. While the second definition is when a person uses cyber technology to distribute proprietary information, while it is in digital form, across networks. 2. Cyber trespass Cyber trespass has two definitions as well. The first definition...

Words: 819 - Pages: 4

Free Essay

Cyber Crime

...internet is cyber crime. which is an illegal activity that committed on the internet and this includes email espionage, credit card fraud, spam’s, software piracy download illegal music, steal money from online bank account and so on .It also includes non monetary offenses such as creating and distributing viruses on other computers and posting confidential business information on the internet. Basically cyber crime can be divided into three major categories such as cyber crime against person, cyber crime against property and cyber crime against government. Cyber crime against person includes various crimes like transmission of child pornography, indecent exposure, harassment of any one with the use of email or websites where the asked to enter password, phone number, address, credit card number, bank account number and other information that are needed to steal another parson's identity .furthermore, these type of harassment can be sexual, racial, religious, on gender, nationality or other. These often occur in chat rooms, through news groups and by sending hate emails to interested parties. And badly affect to the younger generation which sometimes leave irreparable injury if not properly controlled. The second category of cyber crime committed against all forms of property including computer vandalism which distraction of others property, transmission of harmful program, stole the technical data base from other person's computer with the help of a corporate cyber spy. ...

Words: 540 - Pages: 3

Premium Essay

Cyber Crime

...WHAT IS CYBER CRIME? Crime is a common word that we always heard in this globalization era. Crimes refer to any violation of law or the commission of an act forbidden by law. Crime and criminality have been associated with man since long time ago. There are different strategies practices by different countries to contend with crime. It is depending on their extent and nature. It can be concluded that a nation with high index of crime cases cannot grow or develop well. This is because crime is the direct opposite of development. It can contribute to negative impact in term of social and economic development. Cyber crime is a new type of crime that occurs in this Science and Technology years. There are a lot of definitions for cyber crime. According to Wikipidia.com cyber crime also known as computer crime that refers to any crime that involves a computer and a network. Cyber crime is defined as crimes committed on the internet using the computer as either a tool or a targeted victim. Besides that cyber crime can be defined as crimes committed on the internet using the computer as either a tool or a targeted victim (Joseph A E, 2006). Computer can be considers as a tool in cyber crime when the individual is the main target of cyber crime. But computer can be considers as target when the crime is directed to the computer. In addition, cyber crime also includes traditional crimes that been conducted with the access of Internet. For example hate crimes, telemarketing Internet fraud...

Words: 1433 - Pages: 6

Premium Essay

Cyber Crime

...Topic Outline Crime and Cyber Risk RMI 4300-Klein Distinctive Features of Crime Risk Common Crimes • Burglary • Robbery • Shoplifting • Fraud • Embezzlement • Forger and Counterfeiting • Vandalism • Arson • Espionage • Computer Crime Fraud • Fraud involves inducing another to act to his or her detriment. • Examples of fraud • A merchant collects payment in advance for good that will not be delivered or will be greatly inferior to what was promised • A customer accepts delivery od goods with the interntion of not paying them • And inventor sells all rights to an invention that has been developed and patented by another • A unauthorized person acquired and uses the account number or pin of someone credit or debit card to change items to that person’s account Forgery and Counterfeiting • Both forgery and counterfeiting involve fraudulently creating or using false or unauthorized versions of currency, documents, artwork or other property that only specified entities or persons have the right to make or use or unauthorized versions of documents such as stock certificates, birth records, lottery tickets, licenses , passports or other papers that only government agencies or other entities can issue. • Two broad types of crimes losses from forgery/counterfeiting o Inducing an organization to accept falsified documents, etc, to exchange something od valye for something that is valueless o Impersonating an organization using and unauthorized or...

Words: 632 - Pages: 3

Free Essay

Cyber Crime

...it entertainment, business, sports , health or education. However, one of the major disadvantages of internet is cyber crime.which is an illegal activity that committed on the internet and this includes email espionage, credit cad fraud ,spams, software piracy download illegal music, steal money from online bank account and so on .It also includes non monetary offenses such as creating and distributing viruses on other computers and posting confidential business information on the internet. Basically cyber crime can be divided into three major categories such as cyber crime against person, cyber crime against property and cyber crime against government. Cyber crime against person includes various crimes like transmission of child pornography, indecent exposure, harassment of any one with the use of email or websites where the asked to enter password , phone number ,address , credit card number , bank account number and other information that are needed to steal another parson's identity .furthermore, these type of harassment can be sexual, racial, religious ,on gender , nationality or other and often occurs in chat rooms , through news groups and by sending hate emails to interested parties. And these types of crimes badly affect to the younger generation which sometimes leave irreparable injury if not properly controlled . The second category of cyber crime committed against all forms of property including computer vandalism which distraction of others property , transmission...

Words: 610 - Pages: 3

Free Essay

Cyber Crime

...CYBER CRIME Presented by : GROUP 3 CONTENT • • • • • • • • • • Introduction History of cyber crime Definition Categories of cyber crime Types of cyber crime Cybercrime statistics Cyber Threat Evolution Cyber crime in Philippines Safety tips Conclusion WHAT DO YOU KNOW? INTRODUCTION • Cybercrime is a term used broadly to describe activity in which computers or networks are a tool, a target, or a place of criminal activity. INTRODUCTION • Examples of cybercrime in which the computer or network is a TOOL of the criminal activity - Spamming and - Criminal copyright crimes, particularly those facilitated through peer-to-peer networks. INTRODUCTION • Examples of cybercrime in which the computer or network is a TARGET of criminal activity • - Unauthorized access (i.e, defeating access controls), • - malicious code, and denial-of-service attacks. INTRODUCTION • Examples of cybercrime in which the computer or network is a PLACE of criminal activity - theft of service (in particular, telecom fraud) and - certain financial frauds. BRIEF HISTORY • The first recorded cyber crime took place in the year 1820. That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. DEFINITION • Cyber Crime is a Crime committed using a computer and the internet to steal a person’s identity or illegal imports or malicious programs. Cybercrime is nothing but where the computer...

Words: 1366 - Pages: 6

Free Essay

Cyber Crime

...Name Institutional Affiliation Date Cyber Crime a 21st Century Problem Abstract Subsequent research has focused in establishing Cybercrime as an activity only for computer programmers. However, Cybercrime has recently expanded to appear as a full capital offense since it integrates multiple forms of criminal activities. Per se, Cybercrime has proved to be a social, economic, and political form of disturbance, or in other words, a mother of 21st century crimes. The commencing research will endeavor to prove that Cybercrime should be managed in a more responsive method since it encourages the development of other crimes. The research is defragmented into three main sections, firstly, a background establishing the crude nature of Cybercrime. Secondly, the research will provide a critical review of forms and the extent of crime. Thirdly, the research will provide the authors opinion on what should be done in relation to Cybercrime. Background Half a decade ago, when computers were evolving to their current state, little was known of any criminal activity, which could have been associated with the process. However, with time, Cybercrime grew leading to the introduction of malicious activities that attempts to swindle the information wealth of the user. In recent times, most countries, even in the developing world are processing laws, which should mitigate or even extinguish Cybercrime. Cybercrime is one of the most sophisticated crimes since the attacker is remotely located...

Words: 699 - Pages: 3

Premium Essay

Cyber Crime

...cyber crime Michelle Robinson Professor Renee Berry Crime and Criminal Behavior April 15, 2016 | | cyber crime Michelle Robinson Professor Renee Berry Crime and Criminal Behavior April 15, 2016 | | One of the newest areas of crime is what we call computer crime. The, anonymity of computer technologies may actually encourage some people who would not otherwise be tempted to commit crimes to do so using the Internet. They may simply believe that they will never be caught, or they may not think about being caught at all. They may simply find the lure of committing virtual crimes too psychologically appealing to resist. Many of those who commit crimes on the Internet are in fact psychologically disturbed and need compassionate treatment by psychiatric professionals. However, this does not lessen the real harm that they can do to people and they must be stopped. Combating the global computer crime pandemic is becoming an increasingly urgent issue, as identity theft and spyware are occurring with alarming frequency. Early instances of computer crime found individuals, corporations and law enforcement unprepared...

Words: 872 - Pages: 4

Premium Essay

Cyber Crime

...CYBER CRIME Crimes refer to any violation of law or the commission of an act forbidden by law. Definition: cybercrime can be defined as crimes committed on the internet using the computer as either a tool or a targeted victim According to Wikipidia.com cybercrime also known as computer crime that refers to any crime that involves a computer and a network Cybercrime includes any criminal act dealing with computers and networks (called hacking). Additionally, cybercrime also includes traditional crimes conducted through the Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit card account thefts are considered to be cybercrimes when the illegal activities are committed through the use of a computer and the Internet. Definition: cybercrime can be defined as crimes committed on the internet using the computer as either a tool or a targeted victim Computer can be considers as a tool in cybercrime when the individual is the main target of cybercrime. But computer can be considers as target when the crime is directed to the computer. In addition, cybercrime also includes traditional crimes that been conducted with the access of Internet. For example hate crimes, telemarketing Internet fraud, identity theft, and credit card account thefts. In simple word, cybercrime can be defined as any violence action that been conducted by using computer or other devices with the access of internet. This action can give harmful effects to an...

Words: 671 - Pages: 3

Free Essay

Cyber Crime

...Cyber crime: The internet has become a part of our everyday lifestyle and made it easier for us in many ways. Although like many things in life, it also has its disadvantages as well. One of the major disadvantages with the internet is cybercrime. Cyber crime is the latest and perhaps the most complicated problem in the cyber world. The term “Cyber Crime” has nowhere been defined in any statute or Act passed or enacted by the Indian Parliament What exactly is cybercrime? A simple way to put it is, any crimes committed on the internet. It can range from something like illegally downloading music from the internet to cyber-terrorism. Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime. It is rapidly evolving from simple e-mail mischief where offenders send obscene e-mail, to more serious offences like theft of information, e-mail bombing to crashing servers etc. The types of cyber crimes include pornography, cyber fraud, defamation, cyber stalking, harassment, IPR theft, data hostage, money laundering, phishing, e-mail bombing, cyber war, illegal EFT. Conclusion There will always be new and unexpected challenges to stay ahead of cyber criminals and cyber terrorists but we can win only through partnership and collaboration of both individuals and government. There is much we can do to ensure a safe, secure and trustworthy computing environment. It is crucial not...

Words: 262 - Pages: 2

Premium Essay

Cyber-Crime: What Is Cyber Crime?

...What is Cyber-crime? Cyber-crime, or computer crime, refers to any illegal action that involves a network or computer. In this sense, the network or computer may have been used to commit a crime or may be the target of a crime. In the latter scenario, a hacker or computer thief, for instance, may steal information that was stored on the targeted system. Many times people may be confused as to the classification of what constitutes cyber-crime. Although this classification is somewhat confusing, due to the relative novelty field or lack of tangible nature, cyber-crime refers to any illegal action that is committed through an electronic-based medium or targets a computer-based platform. When debating what cyber-crime is, you must evaluate whether...

Words: 823 - Pages: 4

Free Essay

Cyber Crimes

...The internet has changed how organizations conduct business. Within moments information exchange occurs and a profit is made. It has changed how crimes are investigated and solved by law enforcement agencies. Unfortunately, it has also changed how criminals conduct their crimes- through cyberspace. President Obama, Sony executives, Target organization and many of its’ customers have all been victims of some form of cyber crimes. This writer will provide a brief overview of the six types of cybercrimes and the economic loss as it affects America’s businesses. TYPES OF CYBER CRIME The growth and availability of technology has resulted in cyber attacks becoming a major concern for governments worldwide (Dzielinski, 2014). Small companies along with the larger corporations are now being targeted. A recent survey reported that more than one-third of small companies have been victims of some form of cyber attacks (Dzielinski, 2014). Approximately 75 percent of these companies were unable to recover their stolen data. The Central Intelligence Agency (CIA) has classified cyber crimes into six categories; fraud, computer trespassing, hardware hijacking, bullying-harassment-stalking, spam, and cyber warfare. Financial fraud is considered to be the most common of the six cyber attacks. The Target Corporation, the third largest U.S. retailer, and its customers were affected in 2013 (Target Corporation, 2013). Despite in place security measures, Target failed to detect...

Words: 1600 - Pages: 7

Premium Essay

Cyber Crime

...The Impact of Cyber Crime In the United States, and across the nation worldwide, we have advanced our technology further than we ever thought possible; the cavemen would definitely be proud. As expected, with this positive technological advance there are always those people who take advantage of it and use it negatively. Crime used to consist of the basic immoral acts such as armed burglary, murder, and rape. Now today we have new crimes that can be committed much more discreetly through the theft of credit cards and company funding accounts as a form of cyber theft or cyber crime. Not only is it much easier to conduct cyber crime but it is also much more valuable in favor of the criminals. Cyber crime does not only consist of theft but that is the most common form of it. It can also consist of socially exposing crimes such as murder or rape. An example of this is the way the terrorist group ISIS is exposing their graphic murders on social media as a way to put fear in our hearts. As well as the beginning of cyber crime we also set ourselves up to easily be infiltrated by terrorism groups or other countries. With our country converting to technology in about every category possible also comes with a basic root to shut us down. Not only does cyber crime affect the United States within our land but also outside; for example if our technology were shut down we can be very easily exposed and our defense would be weak to countries across the world. National Security Agency Director...

Words: 1298 - Pages: 6

Free Essay

Cyber Crimes

...Cyber crime includes everything from electronic cracking to denial of service attacks. It is also used to include traditional crimes in which computers or Research Papers. For that, it is an illegal act in which computers or computer networks are devices, desired goals, and incidental to the crime or places of criminal activities (Rao, 2011). In addition, “This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cybercrime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet” (Ştefan, 2011, p.116). In fact, it is increased in this time. Two years ago there were 250,000 thefts in U.S they wanted steal credit, money in the bank, health insurance, a passport .They want collect a few important number and facts and then use that information to apply for new accounts (Claypoole & Payton, 2008). Cybercrimes can be basically divided into three major categories. There are cybercrimes against people, governments, and properties (Ştefan, 2011). First, Cyber crimes committed against people which consist of activities the posting of obscene and pornographic materials, racist materials or those that instigate to violence, harassment of any nature such as sexual, racial, and religious by the use of computers .For example by mail. In addition, the violation of private life. For example, collection, storage, modification...

Words: 958 - Pages: 4

Free Essay

Cyber Crime

...Title: Student: Professor: Course Title: Date: Topic: Information Law Cyber crime involves criminal activities conducted using the internet and both the computer together with the individual behind it are victims. The Australian Institute of Criminology (2011) finds cyber crime to include fraud, hacking, money laundering and theft, cyber stalking, cyber bullying, child sexual exploitation, child grooming and identity theft. The crimes mostly go unreported making it hard to quantify (Australian Institute of Criminology, 2011). However, the most common cyber crime incidents remain malware code and virus attacks that corrupt software. The Australian Cyber crime Act which was assented in 2001 and commenced on 2 April 2002 added new offences streamlined to check on those kinds of cyber crime that impair the security, integrity and reliability of computer data and electronic communications. They are; a) Unauthorized access, modification or impairment with intent to commit a serious offence, b) Unauthorized modification of data where the person is reckless as to whether the modification will impair data, c) Unauthorized impairment of electronic communications. There is a maximum penalty for these offences. Investigation powers relating to search and seizure of electronically stored data have been increased (Find Law Australia, 2012). Culprits of cybercrime can ignore the realms of Australian jurisdiction and launch an attack from anywhere in the world or even design attacks that seem...

Words: 1001 - Pages: 5