Information Security News: Teenager ran internet banking scam

[InfoSec News <alerts () infosecnews org>]

http://www.stuff.co.nz/stuff/0,2106,3896626a28,00.html

By LANE NICHOLS
12 December 2006

A 16-year-old who police sent on a computer training course to improve 
his behaviour has admitted using a computer in an attempt to defraud 
banks of nearly $45,000.

The Upper Hutt teenager faces 26 fraud charges after hacking into 
people's internet banking accounts in August and September.

Police say he posted a computer virus on an internet message board and 
used it to capture details from people's personal computers.

Westpac, ANZ and ASB were all hit. The biggest transaction involved 
$6323, but the banks agreed to reimburse the losses.

The scam, combined with the boy's age, has raised fresh questions about 
the security of internet banking. It is just six months since banking 
ombudsman Liz Brown said banks had been slow to introduce two-factor 
authentication measures to fight internet fraud.

Judge Pat Grace remanded the youth to a secure residential facility in 
Palmerston North when he appeared in Upper Hutt Youth Court yesterday.

"You had set up quite a sophisticated operation to obtain some $50,000 
from unsuspecting users of the internet.

"With the seriousness of this offending, I must be considering a 
custodial sentence as far as you are concerned, and because of that I'm 
going to decline your application for bail."

The youth, who cannot be named, has also admitted unrelated charges of 
kidnapping, aggravated robbery, threatening behaviour, unlawfully taking 
a motor vehicle, reckless driving, failing to stop and a string of 
driving offences. He is understood to owe about $35,000 in fines.

The computer fraud is believed to have been committed at his parents' 
home while he was unemployed.

The court is awaiting a psychological and social workers' report before 
hearing submissions on which court he should be sentenced in.

He faces up to five years' imprisonment if sentenced in the district 
court.

Constable Chris Muir said the youth decoded large amounts of information 
from people's computers to get account numbers and passwords.

"He just keeps the things he wants. He is a very clever boy."

It was possible that others had been targeted but had not complained to 
police.

About $15,000 had been recovered. The outstanding money had mainly been 
sent to the bank accounts of several co-offenders, who were also before 
the courts.

"It's very concerning that someone can basically sit at home and get 
everything off the internet and do what they want."

The police electronic crime lab's national manager Maarten Kleintjes 
said internet banking fraud was becoming more sophisticated.

He would not say if it was increasing, because banks shared the 
information with police in confidence.

Two-factor authentication - in which customers are issued with a new 
security code each time they log on - was the best way to guard against 
internet banking fraud.

Though it was compulsory in many countries, several major New Zealand 
banks - Westpac, ANZ and National - were yet to introduce the 
technology.

"The attacks are now being taken to a new level whereby people's 
machines are deliberately infiltrated with very sophisticated spyware, 
Mr Kleintjes said.

"They basically take control of your machine. They access your bank 
accounts but also steal your identity."


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn