Alarming new criminal activity

E-Brief News reports that a 3G card, a laptop and a cellphone enabled a Cape Town man to allegedly run an international online fraud syndicate. Police say he siphoned millions of dollars from bank accounts. But it was the very same technology - his laptop and cellphone that led to his downfall. A multi-agency force - including the Scorpions, Standard Bank and a British security consultancy firm - traced 28-year-old Abdul Malik Parker to his flat in Tygervalley, Cape Town, where he was arrested. The Cape Times reports that Parker has since been linked to 120 incidents of online fraud affecting clients of all of SA\'s major banks. Hundreds of international banking clients in the UK, France, Sweden and Australia have also allegedly fallen victim to the syndicate. According to Standard Bank, the client had apparently used an Internet cafe in Pretoria where hackers used PC spyware to steal his login details, card number and pin number. The bank then got its Internet security team to determine how the client\'s details had been compromised. It found his details had, in fact, been passed on to a computer server in Estonia in northern Europe. Advocate Gerhard Nel, of the Scorpions, said the unit was now going after the \'big guys\' in foreign countries. ‘We do not want to give too much information about the case at the moment because we want to see if we can go after the main people,’ Nel said. The Star reports that Standard Bank security head Herman Singh confirmed that the arrest is the first of its kind involving a substantial amount of money and impacting all major SA banks. ‘The type of attacks and modus operandi are totally new and this case is far more sophisticated and organised. It was generic to all secure sites and the impact is only starting to be fully understood in the banking sector,’ he said. Full Cape Times report Full report in The Star

In the US, hackers have been breaking into customer accounts at large online brokerages and making unauthorised trades worth millions of dollars as part of a fast-growing new form of online fraud under investigation by federal authorities. The Washington Post reports that E-Trade Financial Corp said \'concerted rings\' in Eastern Europe and Thailand caused their customers $18m in losses in the third quarter alone. The Securities and Exchange Commission and the FBI are looking into E-Trade\'s cases, CE Mitchell Caplan said. The scams typically begin with a hacker obtaining customer passwords and usernames. One way is by placing keystroke-monitoring software on any public computer. With the software, all keystrokes entered on the computer can be recorded and e-mailed anywhere in the world. All hackers have to do is wait until anyone types in the Web address of E-Trade, or another online broker, and then watch the next several dozen keystrokes, which are likely to include someone\'s password and login name. Full report in The Washington Post

In other developments, the Commonwealth Bank has signed off on Australia\'s largest deployment of two-factor authentication, which will enable its 2.3m Internet banking customers to use a mix of SMS and token passwords to foil scammers. Starting early next year, NetBank customers will need to enter the extra single-use password – sent either to their mobile phone or via a token – to authorise third-party payment transactions, providing additional security aimed at stopping password theft, viruses and key-logging software. AustralianIT reports that the system will be tested by bank staff in December before a public rollout early next year. Two-factor security is part of an aggressive IT investment by the bank aimed at protecting customers from the growing number of phishing attacks. Full AustralianIT report