The age of the trojan bandits

Written by Sharad Raghavan | Updated: Apr 1 2013, 06:23am hrs
The internet at large is under threat. And its not because of the recent moves by governments around the world to try to regulate online content. The culprits are the hackers. The largest cyber-attack in history, taking place as this piece is written and as you read it, has harmed not only its intended recipients, but also normal, every-day internet users.

The attack, called a Distributed Denial of Service (DDoS) attack, was directed against anti-spam company Spamhaus. The company is in the business of identifying sources of spam emails and blacklisting them. It then sells these lists to internet service providers. The attack reportedly originated after Spamhaus blacklisted one such source, a website called Cyberbunker, although the website in question hasnt taken responsibility for the attack.

A DDoS attack involves thousands of computers around the world (infected previously via viruses or spambots) sending bogus traffic to a single website in the hope of overloading its servers. This attack was tremendousaround three times larger in scale than the previous record holder. Once the attackers discovered that they could not disable CloudFlare, a software used by Spamhaus to deflect the increased traffic, they altered their game-plan. They instead aimed at the networks that CloudFlare connected to and began to attack the computer servers that provide this networks foundation. The attackers went after organisations like the London, Amsterdam, Frankfurt and Hong Kong internet exchanges, which route regional internet traffic and are also used by sites like Google, Facebook and Yahoo.

Here, too, they were unable to stall the internet completely. But they nevertheless had an impact: they slowed the internet down considerably. So, basically, what started off as an attack targeting one company, quickly became a much larger conflagration affecting internet users worldwide.

Now, what this episode teaches us is that the internet is fast becoming a dangerous tool in the hands of the wrong people. According to Shantanu Ghosh, VP and MD of India product operations, Symantec, India is increasingly becoming a target for hackersespecially those looking to steal money through online activity. The days of bandits holding up a bank are long gone, its now the time of the banking trojans.

The way these cyber-criminals operate is this. They use sophisticated trojan viruses built on what are called toolkits. A toolkit is basically a ready-made framework of a trojan, which can be modified and adapted for a specific use. According to Ghosh, one of the most popular toolkits, called Zeus, has been downloaded on over 400,000 computers worldwide. And thats only Zeus. The total number of computers with such toolkits on them number around three quarters of a million.

The trojan checks from your browser which bank website you frequent. Then, it starts its actions. Even though the user goes to the banks real website, he is not safe. The trojan can insert new fields in the forms you have to fill on the banks website, which it then uses to access all your secure information, warns Ghosh. These trojans can even operate during an online transaction, creating new transactions, siphoning away your money, and then erasing its tracks.

Banks have sought to mitigate this risk by adding external methods of identification, like sending a one-time password to your phone. But Ghosh warns that even this isnt all that safe. These trojans can even intercept these passwords, and carry on their activity.

How do you get infected

So, how do these viruses enter your computer in the first place They come mainly through email, via phishing attacks, says Ghosh. Phishing involves sending multiple infected emails to various computers in the hope that someone will open it and infect their computer. Others can enter through dubious websites, via what are called drive-through downloads, which means that the computer downloads the virus as soon as you visit the site, and often without your knowledge.

Who is behind it

Earlier, most of the hacking taking place was by way of pranks. Teenagers equipped with a computer and knowing how to code would hack into websites and deface them, or erase one critical line of codethe online version of graffiti. This, according to Ghosh, has changed dramatically. The culprits are increasingly sophisticated criminal gangs. Take this statistic, for example: a tweaked and targeted version of Zeus can sell for anywhere between $2,000 and $10,000, depending on the sophistication of the virus.

It is also very hard to attribute who was behind any specific attack. An attack on an Indian bank could as easily be by a crime group in Eastern Europe as one based in

India itself, explains Ghosh. Attackers use compromised computers, and India has a large number of them.

How do we protect ourselves

According to Ghosh, banks have to continuously up their game, increase security measures and remain vigilant. For example, banks are already keeping an eye on your transactions, so that they can spot an unusual one. When I was abroad, I encountered a problem while using my debit card. Right after, I got a call from my bank asking whether I had indeed tried to conduct a transaction there. They can get a good idea of what your regular transactions are, and can then flag unusual activity like, say, I conduct one transaction in India and two hours later another one from the US, explains Ghosh.

The Reserve Bank of India is also telling banks that, when debit or credit cards are issued, the default setting should be to not allow international use. This way, the banks can stymie at least one path by which online crime operates. Banks have to also invest in anti-fraud software and continuously upgrade it, because the hacking game is

constantly evolving.

But it is not only up to the banks. It is through your computer, after all, that these trojans gain access. You should be careful about who you give your email address to. Where possible, keep a separate email address for your banking information and never give that to anybody. Also, users must constantly update their softwaresecurity and otherwisebecause these updates are constantly plugging loopholes in the software, says Ghosh. One important piece of advice he gives is the importance of using the virtual keyboard on bank websites, as onerous as the task may be. Virtual keyboards keep changing every time you use them, so a virus cannot get a hold on what key have been entered. But a physical keyboard remains the same, making it easy to detect a typing pattern.

The last thing is to get out of the mindset that the online world is less risky than the real world. In the real world, we have trained ourselves from childhood to deal with the daily threats of crossing the road, using the ATM machine, etc. We have to realise that we need to internalise the safety procedures that go with using even your home computer, he summarises.