By Lee Rondganger
January 24, 2007
A Russian cyber-criminal syndicate, specialising in the development of
software to hack into bank accounts, is selling its software to South
And the banking industry is losing millions.
Recently, well-organised local hacking syndicates have been able to gain
access to South African accounts by using the software.
The Russian syndicate sells its software on the Internet for R10 500,
and it is designed to evolve to circumvent anti-virus and anti- spyware
software on computers.
While the banking industry refuses to divulge its losses, it is
estimated the potential loss could be in excess of R50-million.
Pat Pather, group head of IT at Standard Bank, whose team of experts
have been tracking the syndicates over the past year, said the Russian
syndicate have also hit the accounts of people worldwide.
"What these guys do is that they develop the software in Russia, use it
against European banks, and once it works, they will sell it to other
syndicates around the world.
"We are aware of local syndicates using the software and we have
identified a few members of the syndicates," Pather said.
Internet cafs are the primary target for the syndicates, he said.
Richard Archdeacon, the UK-based director of IT security firm Symantec,
said authorities world-wide were battling Russian cyber-criminals, who
had become more sophisticated.
"This whole element of cyber-crime has now become industrialised. It is
now a major criminal business, with the different parts you would expect
from big business.
"In these syndicates you have research-and-development people; you've
got the hackers, who are the engineering department developing the
attack codes; and you've got people who handle distribution and
"What makes it more difficult to fight is that you don't know where
these guys are based because you will have a guy sitting in Russia who
will launch an attack from a server based in the US," said Archdeacon.
In October last year, the Scorpions, Standard Bank and a UK security
consultancy firm arrested Abdul Malik Parker (28), the alleged African
head of an international online banking syndicate. Parker is out on R20
The arrest was the first time authorities in South Africa were able to
nail the alleged ring leader of an online banking syndicate.
Parker, who carried out his alleged hacks using a laptop and a 3G card,
has been linked to a syndicate operating in Russia, but authorities are
not sure whether it is the same syndicate selling the software.
The Scorpions have since linked Parker to 120 incidents of online fraud
affecting the clients of all of South Africa's major banks.
Hundreds of international banking clients, including those in the UK,
France, Sweden and Australia, have also allegedly fallen victim to
The Scorpions and Standard Bank have since identified another syndicate
operating in South Africa, and investigations are said to be at an
Pather said the modus operandi of the syndicate was simple: a syndicate
member buys the Russian-designed software, goes to an Internet caf and
installs the key loggers -which track a person's key strokes - at the
terminals. A user's key strokes are then captured by taking what can be
described as a photo of the computer screen. These screen-shot photos
will provide the hacker with the Internet banker's username, password
and even passwords to the Internet mailbox.
All of South Africa's major banks offer "one-time" passwords", which are
usually sent via SMS to a person's cellphone. However, many people also
get one-time passwords via e-mail.
Having captured the details, hackers can access the mailbox where the
one-time password is sent and log into that person's online bank
account. Banks have encouraged customers to switch to SMS-based one-time
passwords, leading to fraud levels declining, said Pather.
Gilbert Swartz, chief executive of the South African Banking Risk
Information Centre, warned people about conducting banking transactions
at Internet cafs because of the risk that syndicates pose.
Absa spokesperson Errol Smith said that, in addition to the Russians,
there were various other syndicates operating in South Africa.
"The most important thing we tell our customers is to always ensure that
they don't become victims, and the only way to do that is to have
adequate security on their PCs, such as patches and anti- spyware and
anti-virus software," Smith said.
Subscribe to InfoSec News