In this issue

Jonathan Tobin: Defending the Right to a Jewish State

Heather Hale: Compliment your kids without giving them big heads

Megan Shauri: 10 ways you are ruining your own happiness

Carolyn Bigda: 8 Best Dividend Stocks for 2015

Kiplinger's Personal Finance editors: 7 Things You Didn't Know About Paying Off Student Loans

Samantha Olson: The Crucial Mistake 55% Of Parents Are Making At Their Baby's Bedtime

Densie Well, Ph.D., R.D. Open your eyes to yellow vegetables

The Kosher Gourmet by Megan Gordon With its colorful cache of purples and oranges and reds, COLLARD GREEN SLAW is a marvelous mood booster --- not to mention just downright delish
April 18, 2014

Rabbi Yonason Goldson: Clarifying one of the greatest philosophical conundrums in theology

Caroline B. Glick: The disappearance of US will

Megan Wallgren: 10 things I've learned from my teenagers

Lizette Borreli: Green Tea Boosts Brain Power, May Help Treat Dementia

John Ericson: Trying hard to be 'positive' but never succeeding? Blame Your Brain

The Kosher Gourmet by Julie Rothman Almondy, flourless torta del re (Italian king's cake), has royal roots, is simple to make, . . . but devour it because it's simply delicious

April 14, 2014

Rabbi Dr Naftali Brawer: Passover frees us from the tyranny of time

Greg Crosby: Passing Over Religion

Eric Schulzke: First degree: How America really recovered from a murder epidemic

Georgia Lee: When love is not enough: Teaching your kids about the realities of adult relationships

Cameron Huddleston: Freebies for Your Lawn and Garden

Gordon Pape: How you can tell if your financial adviser is setting you up for potential ruin

Dana Dovey: Up to 500,000 people die each year from hepatitis C-related liver disease. New Treatment Has Over 90% Success Rate

Justin Caba: Eating Watermelon Can Help Control High Blood Pressure

The Kosher Gourmet by Joshua E. London and Lou Marmon Don't dare pass over these Pesach picks for Manischewitz!

April 11, 2014

Rabbi Hillel Goldberg: Silence is much more than golden

Caroline B. Glick: Forgetting freedom at Passover

Susan Swann: How to value a child for who he is, not just what he does

Cameron Huddleston: 7 Financial Tasks You Should Tackle Right Now

Sandra Block and Lisa Gerstner: How to Profit From Your Passion

Susan Scutti: A Simple Blood Test Might Soon Diagnose Cancer

Chris Weller: Have A Slow Metabolism? Let Science Speed It Up For You

The Kosher Gourmet by Diane Rossen Worthington Whitefish Terrine: A French take on gefilte fish

April 9, 2014

Jonathan Tobin: Why Did Kerry Lie About Israeli Blame?

Samuel G. Freedman: A resolution 70 years later for a father's unsettling legacy of ashes from Dachau

Jessica Ivins: A resolution 70 years later for a father's unsettling legacy of ashes from Dachau

Kim Giles: Asking for help is not weakness

Kathy Kristof and Barbara Hoch Marcus: 7 Great Growth Israeli Stocks

Matthew Mientka: How Beans, Peas, And Chickpeas Cleanse Bad Cholesterol and Lowers Risk of Heart Disease

Sabrina Bachai: 5 At-Home Treatments For Headaches

The Kosher Gourmet by Daniel Neman Have yourself a matzo ball: The secrets bubby never told you and recipes she could have never imagined

April 8, 2014

Lori Nawyn: At Your Wit's End and Back: Finding Peace

Susan B. Garland and Rachel L. Sheedy: Strategies Married Couples Can Use to Boost Benefits

David Muhlbaum: Smart Tax Deductions Non-Itemizers Can Claim

Jill Weisenberger, M.S., R.D.N., C.D.E : Before You Lose Your Mental Edge

Dana Dovey: Coffee Drinkers Rejoice! Your Cup Of Joe Can Prevent Death From Liver Disease

Chris Weller: Electric 'Thinking Cap' Puts Your Brain Power Into High Gear

The Kosher Gourmet by Marlene Parrish A gift of hazelnuts keeps giving --- for a variety of nutty recipes: Entree, side, soup, dessert

April 4, 2014

Rabbi David Gutterman: The Word for Nothing Means Everything

Charles Krauthammer: Kerry's folly, Chapter 3

Amy Peterson: A life of love: How to build lasting relationships with your children

John Ericson: Older Women: Save Your Heart, Prevent Stroke Don't Drink Diet

John Ericson: Why 50 million Americans will still have spring allergies after taking meds

Cameron Huddleston: Best and Worst Buys of April 2014

Stacy Rapacon: Great Mutual Funds for Young Investors

Sarah Boesveld: Teacher keeps promise to mail thousands of former students letters written by their past selves

The Kosher Gourmet by Sharon Thompson Anyone can make a salad, you say. But can they make a great salad? (SECRETS, TESTED TECHNIQUES + 4 RECIPES, INCLUDING DRESSINGS)

April 2, 2014

Paul Greenberg: Death and joy in the spring

Dan Barry: Should South Carolina Jews be forced to maintain this chimney built by Germans serving the Nazis?

Mayra Bitsko: Save me! An alien took over my child's personality

Frank Clayton: Get happy: 20 scientifically proven happiness activities

Susan Scutti: It's Genetic! Obesity and the 'Carb Breakdown' Gene

Lecia Bushak: Why Hand Sanitizer May Actually Harm Your Health

Stacy Rapacon: Great Funds You Can Own for $500 or Less

Cameron Huddleston: 7 Ways to Save on Home Decor

The Kosher Gourmet by Steve Petusevsky Exploring ingredients as edible-stuffed containers (TWO RECIPES + TIPS & TECHINQUES)

Jewish World Review

The latest in cybercrime? Fully automated bank heists

By Mark Clayton

Cybercriminals have been stealing passwords to siphon off bank accounts for years, but cybercops were gaining. Now an automated system could vastly expand online bank heists

JewishWorldReview.com | (TCSM) Cybercriminals are trying something new at the bank: fully automated online heists.

In a new twist on a familiar online banking cybercrime threat, computer criminals are rolling out a new system targeting businesses' and high-net-worth individuals' bank accounts in the US and Europe, security analysts say. The new system siphons the accounts using new, highly automated crime-ware that requires no human intervention.

Since January, when the process was discovered, a dozen cybergangs using this new robo-bank-heist rip-off technique have attempted at least $78 million in fraudulent wire transfers from accounts at 60 or more financial institutions worldwide, according to a new report by McAfee Labs, the Santa Clara, Calif., cybersecurity firm, and Guardian Analytics, a Los Altos-Calif.-based firm. Total attempted fraud could be as high as $2.5 billion.

But that's just the start. The wave of automated attacks has been rolled out in the US over the past 60 days, reports McAfee, which dubbed it the "High Roller" scheme. Credit Unions, big banks, and even regional banks were targeted in the European Union, Latin America, and now in the United States, the company found.


Every weekday JewishWorldReview.com publishes what many in the media and Washington consider "must-reading". In addition to INSPIRING stories, HUNDREDS of columnists and cartoonists regularly appear. Sign up for the daily update. It's free. Just click here.

"With no human participation required, each attack moves quickly and scales neatly," the report says. "This operation combines an insider level of understanding of banking transaction systems with both custom and off the shelf malicious code and appears to be worthy of the term 'organized crime.' "

After striking in Italy and Germany, cybercriminals focused on the Netherlands, where computer logs showed criminals had attempted to withdraw $44 million from more than 5,000 accounts, primarily of businesses, in two banks. It's not clear how much was actually stolen.

In March, researchers discovered that a San Jose-based server linked ultimately to a Russian Internet service provider was being used for fraudulent transactions in the Netherlands — and also to target at least 109 financial institutions in the US.

Computerized bank heists aren't new, of course. Crime-ware programs like Zeus and SpyEye that infiltrate personal computers to steal personal banking credentials, including passwords and login information from unsuspecting users, have been a problem for years. Recording users' keystrokes when they log remotely onto their accounts, the crimeware transmits the stolen personal banking data back to the cyberthieves.

Under that familiar scenario, a bad guy plops down at his own computer terminal to use the stolen passwords to fraudulently log onto the target account. He then transfers funds to the accounts of "money mules," who pass the stolen funds along to the criminals, less their fee.

That approach has worked well for the cyber bank robbers. The Federal Bureau of Investigation reported in September it was investigating 400 criminal wire transfers that attempted to steal more than $255 million from US business bank accounts, although actual losses were closer to $85 million.

Cybercops seemed recently to be gaining on the cyber bank robbers, limiting their ability to grab the cash electronically. Over the past three years, the percentage of account takeover cases in which fund transfers were halted before they could leave the financial institution grew from 24 percent in 2009 to 41 percent in 2011, the Financial Services Information Sharing and Analysis Center, an industry group, reported recently.

But the newly automated process discovered in January holds potential to vastly expand online bank heists. To start with, there's no longer a need to have a bad guy on the other end of a mouse in Kiev, or wherever, to personally plug the stolen information into a Web browser. Instead, automated versions of Zeus and SpyEye instantly compose a fraudulent transfer request while the victim is still logged onto the computer — making it look to the bank as though the individual is responsible for the transfer, the report says.

But before the heavily automated robotic attacks can begin, criminals do research to find the rich businesses and individual accounts they want to target. Targeted individuals are then sent "spear-phishing" e-mails that appear to come from an associate, but which contain a link that, if clicked on, downloads the malicious computer code.

Once on the victim's computer, the automated version of Zeus or SpyEye prompts the victim during the login process for any additional information needed to send a wire transfer. It collects not only the login and password being typed in, but also prompts the victim to supply a special number from a digital token — a process called "two factor" authentication that European banks have long used to authenticate transfers.

Soon after, the victim sees a "Please wait..." or "System under maintenance" message appear on the screen. But the malicious software is just stalling the user — and while he or she waits — it automatically executes the wire transfer in the background using the legitimate digital token number, password, and any other data the user just entered.

Unlike in Europe, banks in the US typically don't require a second piece of identifying information for authentication of a wire transfer. In either case, the software allows cyber bank robbers to sit back and watch as private data collected from victims logged into their accounts allows money to sail automatically into accounts they control.

There are exceptions, of course. When an unusually fat account comes into view, a human operator can step in to vastly raise the amount of the fraud from a small percentage — typically programmed into the system for 3 percent or less to avoid tripping the bank's alert system, says Dave Marcus, director of advanced research and threat intelligence at McAfee.

"It's clear that the people who put this together had a good understanding of banking platforms and the transaction process," Mr. Marcus says. "From the bank's perspective, it was you that logged in, you that initiated that wire transfer."

Still, he says, the automated thefts, some of which dated back more than a year in computer logs that McAfee has examined, can be defended against. The mere discovery of the automated system should enable banks to take steps to detect such measures more easily, he says.

Every weekday JewishWorldReview.com publishes what many in Washington and in the media consider "must reading." Sign up for the daily JWR update. It's free. Just click here.

Interested in a private Judaic studies instructor — for free? Let us know by clicking here.

Comment by clicking here.


© 2012, The Christian Science Monitor