ALL >> Technology,-Gadget-and-Science >> View Article
Hackers Steal 63,000 Dollars From Kansas Car Dealership

An online bank robbery in which computer crooks stole $63,000 from a Kansas car dealership illustrates the deftness with which cyber thieves are flouting the meager security measures protecting commercial accounts at many banks.
On November 1, 2010, the controller for Abilene, Kan.-based Green Ford Sales, Inc. submitted $51,970 in payroll checks to First Bank Kansas through the bank’s online banking website. The bank’s authentication program sent the company's controller an e-mail to confirm and approve the transaction details, which he did. Unbeknownst to the controller, however, cybercriminals had infected his Windows PC with the infamous Zeus Trojan, a piece of malware engineered to aid cybercriminals in hijacking online banking information.
"Less than an hour after the bookkeeper approved the payroll batch, bank records show, the thieves logged in to Green Ford’s account from the same Internet address normally used by the dealership, using the controller’s correct user name and password," according to the blog Krebs on Security.
"The attackers cased the joint a bit by checking ...
... the transaction history, account summary and balance before they logged out of the system. They waited until the next day to begin creating their own $63,000 payroll batch, by adding nine new 'employees' to the company’s books," Krebs added.
With total access to the company’s online finances, the crooks were able to siphon $63,000, and even intercept the bank’s confirmation e-mail so the controller had no idea any illicit transaction took place.
Green Ford’s controller never received the confirmation email sent bythe bank to verify the second payroll batch initiated by the fraudsters, because the crooks also had control over the controller’s e-mail account. “They went through and deleted it,” said Green Ford owner, Lease Duckwall. “If they had control over his machine, they’d have certainly had control over his email and the password for that, too.”
Duckwall praises his bank for moving quickly to contact the mules’ banks after being alerted by the company’s controller on November 3, but he said the recovery effort was slowed considerably by the responses from many of the mules’ banks.
“The really frustrating thing was we got on phone with our bank and they immediately contacted all of the other banks, and most of them in turn fax or email you a form that you have to fill out, sign and send back,” Duckwall said. “It’s just really frustrating how long it takes to try to stop something like that. It was kind of a large disruption in our operation.”
Duckwall said First Bank Kansas managed to recover all but $22,000 of the stolen funds, and that the company and bank have made several security adjustments since the incident. However, Krebs said that as long as PC viruses exist, online banking sessions will continue to be high-priced targets for cybercriminals.
“If a bank’s system of authenticating a transaction depends solely on the customer’s PC being infection-free, then that system is trivially vulnerable to compromise in the face of today’s more stealthy banking Trojans,” Krebs wrote in one of his blog post.
One such advanced method of theft is known as “session riding,” in which crooks use malware, including the recently discovered "OddJob", to intercept a bank’s authentication ID and gain complete access to customers’ online banking sessions after the customer has logged out.
This incident highlights the need for better security systems in both the business and their bank – as security experts cite online banking transactions as one of the favorite targets of cyber-criminals. Cyber-attacks, such as this one, exploit weaknesses in many existing systems that rely on very simple and automated authentication procedures to confirm transactions.
This incident highlights the need for better security systems in both the business and their bank. The frequency of cyber crime is only going to increase if organizations and financial institutions fail to pay attention to the vulnerabilities of their network security. They need to implement robust internet security initiatives, including hiring highly trained information security experts to avoid cyber crimes and security breaches.
IT security professionals can increase their information security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.
About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT).
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced IT security trainings for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing, malware analysis, advanced social engineering, cryptography, digital mobile forensics training, and web application security, among others information security training.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).
Add Comment
Technology, Gadget and Science Articles
1. Scrape Barnes & Noble Store Locations Data In The UsaAuthor: Real Data API
2. Diwali 2025 Travel Trends & Price Insights | Actowiz Solutions
Author: Actowiz Solutions
3. All You Need To Know About Electromagnetic Field (emf) Testing
Author: Ace Test Labs
4. Scraping Amazon Seller Data For Product Launch Insights
Author: Web Data Crawler
5. Why Every Modern Enterprise Needs Custom Ai Agent Solutions For Process Optimization
Author: michaeljohnson
6. Real-time Whole Foods Supermarket Data Extraction
Author: REAL DATA API
7. Exploring Hyperlocal Data Insights India For Retail Growth
Author: Retail Scrape
8. Agile Vs. Traditional Crm Development: Which Approach Works Best?
Author: LBM Solution
9. Mx Player Dataset For Viewership Analysis – Problem Solving
Author: Actowiz Solutions
10. Extract Keeta Restaurant Listings Data – Ksa
Author: REAL DATA API
11. Amazon One Medical: Amazon Launches Pay-per-visit Virtual Healthcare Service For Kids
Author: TheTechCrunch
12. Why It Is Worth Hiring A Virtual Receptionist
Author: Eliza Garran
13. Improving Accuracy And Cost Transparency Using Smart Ebom Management System
Author: logitrac360
14. Mean Production Fixes: Real-world Deployment Error Playbook
Author: Mukesh Ram
15. Call Disposition Explained: How Smart Call Outcomes Drive Better Contact Center Performance
Author: Hodusoft