Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] Russian hacking ring specialises in counterfeit checks

From: security curmudgeon (jerichoattrition.org)
Date: Tue Jul 27 2010 - 18:26:58 CDT

[This doesn't spell out "data loss", but putting the details together and
  this is an incident. - jericho]


Russian hacking ring specialises in counterfeit checks
July 28, 2010 12:14am
by Joseph Menn

Most of the organised hacking rings aiming at bank fraud these days are
stealing login credentials and then taking advantage of the relatively
recent opportunities provided by online account access, wire transfers and
other means for mis-shipping electronic funds.

But a newly discovered Russian group was using networks of compromised
personal computers and techniques for hacking into databases to write $9m
in counterfeit checks, thought until now to be the purview mainly of
old-time loners.SecureWorks researcher Joe Stewart infiltrated the network
of machines used by the gang and found records showing that more than
3,000 bad checks had been written on more than 1,000 real accounts since
June 2009. The checks were sent to generally unwitting .money mules.
recruited from online job sites, who deposited them and wired money to St.

The operation had clearly put significant thought into how to stay below
the radar. It also did serious reconnaissance to figure out how to produce
credible-looking checks. The masterstroke was identifying and going after
companies that have thousands of images of checks in one place in order to
copy the format.

Mr Stewart found two such troves that had been used. One was a .lockbox.
service that archives pictures of checks for businesses. The other, in an
unfortunate bit of irony, was an anti-fraud service for check-cashing

When consumers turn to check cashers, the establishments often take
pictures of the client and the check. That way, the same places won.t fall
prey to the same counterfeiter twice. But the check images were stored in
a database and the hackers evidently used a company.s credentials to get
access to them.

.They clearly know how these businesses work on the back end,. said Mr
Stewart, who will present his findings at the Black Hat security
conference in Las Vegas this week.
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.