Cyber-thieves 'grab video of victims' to steal bank cash
Cyber-thieves are increasingly grabbing video of how victims use their computer, to better steal from online bank accounts, a security firm reveals.
The report, from Dell Secureworks, details the activities of the top eight bank crime networks.
Five out of the top eight bank botnets can constantly grab images to build movies of user activity.
They also manipulate data passing between users and banks to grab logins and hide thefts.
"We see continuous evolution of the code and continued sophistication," said Dr Brett Stone-Gross, a senior researcher at Dell who helped write the report.
One trick getting more popular was the use of video capture to help criminals build up a portrait of the way a particular person used their computer, he said.
Thieves slipped past checks that looked for unusual behaviour by snooping on how users started their browser, found a bank website and entered data or by spying on use of screen-based security tools, he said.
The videos could also show thieves how to negotiate through the various steps required to move money around commercial banking networks that aid the biggest thefts, he said.
"They can measure where the mouse is and how long it takes to enter data that goes into the banks' automated transfer systems," he said
Cheap storage and higher-bandwidth net links helped the thieves' attempts to extract image streams, added Dr Stone-Gross.
Some of the networks detailed in the report first emerged in 2006-07 and have survived regular repeated attempts to shut them down.
"Their longevity is a testament to how much money is involved and how lucrative they are," said Dr Stone-Gross. Tens of millions of dollars had been stolen by the gangs behind these networks, he added.
Customers of more than 900 banks and other financial institutions in more than 65 nations had been targeted by the largest banking botnets, said the report.
Primarily the thieves sought credentials for online bank websites, said Dr Stone-Gross, but they were increasingly seeking out people who had access to commercial banking and payroll systems.
People fell victim by either clicking on a booby-trapped email attachment, visiting a site that had been compromised or was displaying adverts seeded with malicious code, he said, adding that each network had managed to ensnare tens of thousands of victims.
An "arms race" was under way as bank security teams sought to thwart thieves and the criminals tried to find ways around novel defences, he said.
"They are always monitoring and seeing what the banks are doing," said Dr Stone-Gross.
When thieves were ready to steal cash, they used other tactics, such as bombarding a bank web server with data, to cover their tracks, he said.
"They create a diversion so the security staff are all worried about the availability of the website and at the same time the victim whose account is being compromised cannot login and check their balance," he said. "They do whatever is necessary to succeed."