Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Belgian online banking customers hacked. SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Belgian online banking customers hacked.

According to this newspaper article (in Dutch), the Belgian government has arrested 2 Russian and 2 Polish nationals -legally in the country- in connection to stealing 3 million EURO through hacking online banking customers.

The article reminds me a lot of a diary we brought in 2007 of a Dutch bank being hacked.In the end they managed to arrest the money mules in that case. It seems they got one step closer to those behind it this time.

It seems customers of 5 large Belgian banks were hit by malware, money was then transferred via mules - who got to keep 5 to 10% of the amount stolen and then our 4 friends above collected it.

Now almost all large Belgian banks use solid protection for their online banking: 2 factor authentication using offline hardware tokens, different procedures for authenticating and authorizing ("signing") transactions -well one of them isn't doing this essential step-, awareness campaigns towards their customers, ...  And still the malware appears to have pulled off the job.

Luckily money leaves a trail that can be followed and lead to arrests of these -no doubt- mere middle men. The investigation is said to focus on a "criminal organization".

Interesting are the numbers they got:

  • one bank: 7500 customers for a total of 1836130.52 EURO
  • second bank: 4900 customers for 1496012 EURO
  • [no data on the other 3 banks]

That's from about 250 to slightly over 300 EUR average per victim - not a huge amount. Still, given enough victims it does add up to significant amounts.

If you're using one of these advanced systems for your online banking: make sure to always validate the transactions before you authorize them, not trusting anything you see on the screen, check what you sign: the amount has to match up! Don't just match up large amounts or most significant digits or so: they're stealing hundreds, not tens of thousands in one go. Also with the upcoming holiday season out here: do only use computers you can trust to be malware-free to do online banking, so avoid cybercafes and other public computers to access your online banking.
Now don't gloat if you're not on one of these systems: you're far more vulnerable.

I've no more details at this point - and with an ongoing investigation we're not going to get all that much details of the malware and/or who's behind it for sure.

Swa Frantzen -- Section 66


760 Posts
Jun 25th 2012

Sign Up for Free or Log In to start participating in the conversation!