Swedish Bank Falls Prey to Internet Fraud
Security experts are calling on Nordea, the largest bank in the Nordic nations, to shape up or ship out its online banking system after 250 customers had cash siphoned from their accounts.
The phishing attacks started in September of last year, disguised as e-mails from the bank. Victims were duped into downloading anti-spam software, which was really a log-in/password-stealing Trojan.
As soon as the user navigated to the Nordea log-in page, the Trojan would kick into gear, saving the customer's details. An error message would then be displayed asking them to resend the information. The criminals then had the two access codes needed to steal cash from the accounts.
Police tracked the fraudulent e-mails to computer servers first in the U.S. and then to Russia. More than 120 people are suspected to be involved in what police say is the work of organized crime gangs in Russia. Two people have already been convicted, two others were recently arrested, and warrants have been issued for seven more.
A reporter at Computer Sweden magazine actually met the Russian-speaking hacker behind the Trojan attack in an anonymous Internet chat. The reporter claimed to be interested in buying his own Trojan tailored for attacking an Internet bank. The hacker, called Corpse, admitted he designed Haxdoor, the Trojan used in Nordea's case and was looking to sell the version for $3,000 U.S.
Just days later, Corpse's site, where he sold his Trojan program, was shut down.
In the meantime, Nordea is feeling the pressure to make some changes to its Internet system.
"Like we have said for a long time, we are carefully looking at different solutions," said Nordea spokesperson Boo Ehlin. "We are continuing to use the system we have had in place for a long time. We are constantly making small adjustments, but if major changes are made we will go public when we make a decision."
Nordea customers log in to their accounts using their date-of-birth, a four-digit security code and a one-time code. Some security experts have rated the system as the least secure of any Swedish bank.
The bank has been the target of phishing e-mails before. In August 2005, it was forced to temporarily shut down its online arm due to another sophisticated phishing attack.
Nordea has fully compensated its customers targeted in the latest attack.