Jump to content

Thai Police Arrest Two Germans For Internet Banking Theft


Recommended Posts

Posted

An official of the Bangkok Bank said that the transaction on the Internet is risky, so internet users should refrain from using the bank account which has a large amount of money in using internet banking service...

tnalogo.jpg

-- TNA 2010-08-09

One should not spread paranoia about Bangkok Bank Bualuang I-Banking.

Registering a new third-party account to transfer money to is not that easy.

You need to have a physical access to the victim's mobile phone or SIM card.

If you use I-Banking please make sure that your mobile phone or SIM card is always in a safe place!

  • Replies 104
  • Created
  • Last Reply

Top Posters In This Topic

Posted

you know guys, instead to worry about your bank account, you should worry about your face book accounts and all these twiter crap s..t.

i can use your name, and info...text your friends and ask for personal in info about you.

then i can issue a fake passport with your name and become you.

i show at your bank and empty your account.

then i sign rent, buy cars with your name... and you will be f..d...

i am YOU.

Posted (edited)

Well you are half correct ,

but they are using a software that is ready available,

URL removed this software is labeled as a recovery tool but it actually works this way , a criminal downloads it in his laptop , then he simply goes to a internet wifi area , where there are lots of people on line. Since this is a small network with a CHEAP router hookes to a ADSL the system has no security features for this software,

The laptop of the criminal when connected becomes the hidden router [Gateway] and issues POISON Packets which redirect all the connected clients first to his Laptop, where the passwords and sign on features are captured, then it proceeds to the original Router where the transaction is completed , he captures everything, every password, everything !!!!!!!!!!!!!, try it if you not believe it. !!!!!!!!!!!!!!!!

Also most small wireless and some ISP in Thailand are so outdated or SLEEPY !!!!!!!!!!!!! that this also works on their full system, At least in North America large companys now have protection to this , but not a Cheap D-Link Router and a wireless AP in a Cafe, this is where they get you.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.

Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons. The author will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall the author be liable for such damages or loss of data. Please carefully read the License Agreement included in the program before using it.

The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.

OK, I will try to cover as many of the points raised in this thread as reasonable. But firstly I want to make it clear that I cannot get into anything specific about this customer case on a public forum like ThaiVisa. So I will speak in general not to this case being mentioned

Firstly, as you said, it is very important for everybody to realize that iBanking was NOT hacked. In effect what happens with a Trojan is that the customer PC is hacked as the Trojan attaches itself and performs what is known as a "man in the middle" or MOM attack. Trojans are a problem for customers and banks worldwide, not just Bangkok Bank and not just banks in Thailand. Please refer to the front page of the USA Today 2 weeks ago about the current wave of Trojan problems in the USA.

Trojans are installed (in general they do not attach over the net like some malware). The most usual ways in which a Trojan will get onto a computer (PC, MAC, LINUX) is to be installed with another product, such as downloaded media files, unlicensed software, and attachments which install. Trojans are often "Browser Helpers" and are targeted at multiple types of Browser, not just IE. And as I said above, Trojans affect all platforms, so nobody should be complacent, although as the dominant platform WINDOWS is the largest target.

Customers have the responsibility to protect their computer and to only use computers (and wireless networks) they are confident are secure. Included in this protection must be

· Using licensed versions of commercial software (WINDOWS and MAC)

· Automatically updating your software with security patches

· Downloading and installing software and media only from companies you have confidence in

· Running a licensed and updated AV and Malware product and configuring this properly so it checks all files in real time. Please note that many AV products are either free or very, very cheap. You can see BangkokBank.Com for details

· Being prudent about the sites you visit and download from

As I said above, Trojans are effectively a hack of the customer PC. The newer Trojans in the past several years do not harvest passwords as this is too easy to track and to block with a 2-way Firewall. What they do is allow the customer to logon, and once authenticated they do the MOM attack. So it does not matter if a OTP (either from SMS or token) are used at logon if the customer does have a Trojan infection

iBanking is a highly secure system. It is the same software as used by many world class banks that many of you will be using back home.

iBanking does not allow customers to use simple 4 Digit PINS as mentioned somewhere here. We require that customers use complex passwords which are long, alphanumeric and effectively impossible to guess. They are not subject to what is known as a "statistical attack". We never store customer passwords, so there is no way they can be stolen or misappropriated. We also perform regular penetration tests both internally and by an internationally recognized 3rd party who specializes in this activity.

iBanking does use SMS OTP extensively for sensitive transactions and we are progressively expanding this, and we provide the email option. In addition to the OTP we also include other valuable information on the SMS which customers MUST check. This includes to "Transfer To" account number.

I will try to post more later as required. Please let me know if you have questions.

Edited by sbk
url removed- trojan warning
Posted (edited)

That is absolutely not what has been happening in these cases. But it is the reason we say not to use Wifi sites you do not trust. And most Trojans nowdays are creating using the ZEUS kit which is freely available.

Edited by ianguygil
Posted

Well I just downloaded it ant tried it in the Condo building I am staying here in Bangkok and it sure does work , its been some time since I have tested this new version in Vista , Now to get it back out of my laptop !!!!

But it seems all there Condo wifi resellers systems are big targets too here in Thailand , the Owner likes making money on Electricity and Internet but with his cheap system he is exposing all of us staying here.

k.

That is absolutely not what has been happening in these cases. But it is the reason we say not to use Wifi sites you do not trust. And most Trojans nowdays are creating using the ZEUS kit which is freely available.

Posted

Just make sure you have a secure windows system like Windows 7 with all the updates and firewall/antivirus program . I have never had any problems with viruses and I never open mail from unknown people. And I never store passwords on my computer.

Posted (edited)

Just to be clear to everybody as I do not normally post in this part of the forum. I am associated with Bangkok Bank.

Edited by ianguygil
Posted

It is not a Virus

The data you send from your laptop through the internet access point is redirected to the criminals Laptop , where it extracts the Data and then forwards it on tot he original Router where there is a connection tot he Internet, the transaction works perfect , except the whole operation has been copied

This software could care less about Virus protection or Licensed software, Remember it fools the data on the wifi network into thinking the criminals Laptop is the Router or the way tot he internet [ called Poison packet] So all internet wifi locations and or networks with out protection for this HACK will pass on the data , he will be sitting there with you in the same internet cafe or in the same building somewhere. It even works on TRUE Internet wifi Access Points , i have tested it there to. Told True about it and got some DUM answer as usual. Normal Thai way !

Just to be clear to everybody as I do not normally post in this part of the forum. I am associated with Bangkok Bank.

Posted

The people who do the computer forensics identify the Trojan, so these things are not up for speculation. They do this via proper forensic processes. I will not keep going answering speculation. I posted what happened. There are many ways to tell if this was just simple password harvesting or something more complex, and that forensic work has been done.

Posted

No doubt they will get off very lightly, as seems to be the way of things in Thailand.. Punishment rarely fits the crime!

Uh, what? I very much doubt that the Thai law enforcement community will miss the opportunity to lynch a farang or two on the public place.

Seriously, a bribe and some fast talking can get you in the clear for for traffic offenses, or fraudulent business practices, but do drugs or theft and they'll have a field day on you. These two are definitely not getting off lightly, nor should they.

Odds are, they were pawns for that russian ring and transferring all the money to untraceable accounts over there, but then they thought they could do a job or two for their own profit. Of course they messed it up, and here they are: fresh out of school and looking at spending their first adult years in a Thai jail. Way to go, dudes!

Posted (edited)
Normal Thai way

make no decision !!! that way no one will have any risk !!!!!

its the worst place for this , this is why they are the way they are.!

It seems to be that bigotry and racism has no part in this discussion. This response is really totally off subject.

If anybody has any specific questions please contact me via PM. Thank you

Edited by ianguygil
Posted

OK, I will try to cover as many of the points raised in this thread as reasonable. But firstly I want to make it clear that I cannot get into anything specific about this customer case on a public forum like ThaiVisa. So I will speak in general not to this case being mentioned

Good clarification Ian. The best security systems in the world won't help you if the customer's computer is at the mercy of a third party. This particular type of attack would have worked regardless of whether the bank had a weak security system, or had top of the line encryption with token device and stuff.

I suspect this kind of rings targets Thailand specifically, because a lot of people use unlicensed or outdated software here, and often no good antivirus either. Plus, if they're in tight with the local distributors of pirated software, they can get spread their trojans very effectively.

Contrary to western countries, few people who use pirated software download it directly in Thailand: most buy a CD at a street stall (not saying that downloaded software are safe either). The middle class in Thailand also has enough cash to make it worth the pirate's while. Finally, cyber-crimes law enforcement in is its infancy in Thailand, so the offenders run a lower risk of getting caught.

Posted

It seems to be that bigotry and racism has no part in this discussion. This response is really totally off subject.

If anybody has any specific questions please contact me via PM. Thank you

Uh, Ian, it does look like I'm the one you're fuming against. If my post seemed bigoted or racist I do apologize, as my intention was precisely the opposite, but please clarify what set you off like that.

Posted (edited)

No. I am sorry. I just corrected it and included the quote. I am sorry. I was just pretty annoyed at the response from that "contributor". Your post was very good and I appreciate the contribution.

Edited by ianguygil
Posted

No. I am sorry. I just corrected it and included the quote. I am sorry. I was just pretty annoyed at the response from that "contributor". Your post was very good and I appreciate the contribution.

OK. Don't feed the troll - just leave him to wilt and die.

Posted

Well you are half correct ,

but they are using a software that is ready available,

http://www.oxid.it/cain.html

Interesting, but how do you know that's what they're using? Technically I don't doubt that your solution is possible, but it seems very impractical and risky to me, especially for a ring operating on a large scale.

The guys would have to find a vulnerable network, with someone who's using the banking service they're targetting - then they would have to by physically within wifi range, and wait until the person does an i-banking transaction - then they have only a few seconds or minutes to act - whatever the authentication window is on that site.

For large scale harvesting, a trojan is much more practical.

Posted

Thanks for the post. Yes, you are correct, iBanking would not be vulnerable to a network scan. All traffic is encrypted from the browser to the server using 128-bit SSL. So the network is safe (if you own the network at home). The problem is if a Trojan is on the computer (desktop) or if the network has a man in the middle setup to pretend to be our site. Which is why you should never do banking for any bank from a network you do not trust, regardless of tokens, certificates and OTP. The only way to do this is what is called 2-way SSL which requires certificates on both sides, and that even has vulnerabilities in some cases. Finally, as I said, this problem with Trojans is not password harvesting. It is classic man in the middle. I will not get into how we know this, but we do. There is no doubt it came from the computers of actual bank customers, no somewhere else who has captured the passwords. And as I said, password harvesting is very easily prevented with 2-way firewalls which are standard in modern computers.

Posted

What a way to start life in your twenties?

Have they actually tried and failed at something legit before this?

Or they could just be on commission just for withdrawing the cash, now left cold holding the baby, while the repeat offenders are on their yacht somewhere on the Indian ocean.

Why didn't someone tell them that they could get a legit job with a US government agency? Then you can lie, drink and steal all you want.

If your talking about the current US administration I couldn't agree with you more. However, if your talking about the USA in general and trying to compare the level of corruption in the States with Thailand I'd have to violently disagree. As Mr Haggard once said, "When your talking about my country son your walking on the fighten side of me."

Posted

Sorry, Ian, to clarify when I said harvesting, I meant more harvesting vulnerable computers. Harvesting the password itself is simply not enough for any modern i-banking system.

Posted

For this i be very happy with my kasikorn account. First if you do a transaction, you will become a SMS with a code to enter. Without this code the transaction will not be accepted. So if someone will on my money in thailand, he also need to have my mobile. The OTP (One Time Passwort) which Kasikorn use i like very much, even when it is little bit more complicated to use outside thailand, if you forget to switch on roaming. You also can choose like a PIN2, but with this you aren't allowed to do everything. With OTP you can do everything what is important.. and i think it is very secure.

And if you call the service center, they ask quite a lot of questions, not same at home, where they ask you only about your birthday and then they give away almost every information.

Last time with kasikorn, they asked me about 5 question, which are very difficult to know by someone else than me.

So be aware of the security of your online banking, and not use the online banking in an internet shop. Not use an internet shop for anything important (sensitive data).

OTP works great when u are in Thailand, NOT when u are offshore with NO chance of getting a signal roaming or otherwise... Why dont they use the little token devices that will give you a code like many other banks. What does Bangkok Bank use?

i use Kasikorn Bank also and I have no problem getting the OTP while I am in Canada, as I just turn on my AIS mobile and wait for the message from the Bank. Hope this helps

Posted

Again, thank you to the moderator for bringing us back on topic and back to planet earth:D

If any of the ThaiVisa community are running unlicensed versions of operating systems, I strongly encourage you to turn off your computers, go to the nearest authorized resellers and purchase a licensed copy. Please install it, update it with the latest software updates and configure it properly. Be defensive.

Please also make sure your AntiVirus software is licensed (even if it is a free copy it needs a license) and is updated automatically. Please configure it defensively. Please then run a full scan of your computer and makes sure you do not have any viruses, trojans or other malicious code.

And please do what you can to keep your computers clean and to make sure they stay that way. Thank you. Please do not download files from sites you cannot trust (certain torrent sites etc.) and please do not use pirate versions of software. It comes with hidden "extras" often which is one of the ways pirates make money. Don't support them! It is illegal, immoral and it is one of the ways you get Trojans!

if you have any questions or comments please feel free to post or to PM me. I will check again later tonight.

Good luck.

Ian

Posted

I apologise for the delay. I had a dinner I needed to attend. Now back to this.

Yes, Kaspersky is among the products we list on BangkokBank.Com and is a perfectly reputable product. It scores well on detection of most types of malware. Please ensure you configure it properly, make it a defensive measure and put up with any additional resource consumption. But Kaspersky is normally one of the fastest products which is one of the major strengths. Please set it to auto update and to check regularly.

Good luck and stay safe online.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...