IMPOSTURE: Hunters become the hunted in this gripping murder mystery by Ray Clark (good romance books to read txt) 📗
- Author: Ray Clark
Book online «IMPOSTURE: Hunters become the hunted in this gripping murder mystery by Ray Clark (good romance books to read txt) 📗». Author Ray Clark
“What we have to do in cyber crime is something called cluster analysis. We look at what Bitcoin wallets are being used to feed scam money into, and then establish if any of the wallets have been used for legal purposes. If so, it’s very likely they used some kind of traceable identification linked to the legal transaction. That way we find the black hat hackers.”
The meeting grew very quiet with everyone glancing around the table, opening and closing files.
Finally, Gardener said, “Are you saying that you think David and Ann Marie Hunter were involved in something illegal?”
“That they were ripping the bank off?” added Reilly.
Shona Pearson leaned forward. “Actually, that’s not what we think, sir. To be perfectly honest, we think it was the Hunters who were being blackmailed.”
“Blackmailed?” questioned Reilly. “Any idea who, or why?”
“We’re not sure, yet,” replied Pearson. “This case is still in its infancy for us.”
Winter continued. “The online crooks infected computers of the Trans Global Bank with a brand-new Trojan system nicknamed Octopus, giving them direct access to the company’s network and online banking passwords–”
Gardener interrupted him. “What’s Octopus?”
“Never mind that,” added Reilly, “you might need to explain how a Trojan works, for me.”
Winter nodded. “An attacker who has compromised an account holder’s PC can control every aspect of what the victim sees or does not see, because that bad guy can then intercept, delete, modify or re-route all communications to and from the infected PC. If a bank’s system of authenticating a transaction depends solely on the customer’s PC being infection-free, then that system is trivially vulnerable to compromise in the face of today’s more stealthy banking Trojans.
“I find it hard to believe that there are still banks using nothing more than passwords for online authentication on commercial accounts. Then again, some of the techniques being folded into today’s banking Trojan’s can defeat many of the most advanced client-side authentication mechanisms in use today.
“Banks often complain that commercial account takeover victims might have spotted thefts had the customer merely reconciled its accounts at day’s end. But several new malware strains allow attackers to manipulate the balance displayed when the victim logs in to his or her account.
“Perhaps the most elegant fraud techniques being built into Trojans involve an approach known as ‘session riding’, where the fraudster in control of a victim’s PC simply waits until the user logs in, and then silently hijacks that session to move money out of the account.
“With the Trans Global Bank, it was a new strain of malware that we dubbed Octopus. It’s very active and appears to have tentacles wandering off all over the place, looking into everything. It hijacks customers’ online banking sessions in real time using their session ID tokens. We’ve also discovered that Octopus keeps online banking sessions open after customers think they have ‘logged off’, enabling criminals to extract money and commit fraud unnoticed.”
Reilly smiled and sipped his coffee. “I think I’ll stick to standard practice from now on.”
“That makes two of us,” said Gardener, staring at his phone, wondering why youngsters today ran their entire lives on them.
“Anyway,” said Winter, “a week later, the thieves made their move by sending a series of unauthorised wire transfers to money mules, individuals who were hired to help launder the funds and relay them to crooks overseas.
“The first three wires totalled more than £350,000. When David Hunter went to log in to his company’s accounts fifteen minutes prior to the first fraudulent transfers going out, he found the account was locked. The site said the account was overdue for security updates.
“He asked Brian Jennings, the bank manager, for assistance, and was told he needed to deal with the bank’s back office customer service. They were alerted but could not provide an answer for what was going on. They said they would look into it. Within seven days, the thieves sent out fifteen more wires totalling nearly £2.5 million. The bank was unable to reverse any of those fraudulent wires.”
How crime had moved on from the standard wage heist of the olden days, thought Gardener. “I spoke to David Hunter’s brother, Roger, recently. When we met, I asked if David and Ann Marie had any financial problems that he knew about.”
“He said they didn’t,” added Reilly, “but this tells me there was obviously something amiss. Do these thieves have names?”
Winter reached into a briefcase and pulled out some more paperwork. “They do but when you hear them you’ll probably laugh, like we did.”
Shona Pearson took over. “These are what we’ve uncovered. We have a Jack Heaton, an Edna Hart.”
“She sounds like your average librarian,” said Gardener.
“Conrad Morse.”
Reilly laughed. “Christ, it gets worse.”
“And finally, Alfie Price?” said Winter.
“These names can’t be real,” asked Reilly.
“Now you know why I said that,” added Winter. “Totally bogus, but it’s no less than we expected. What we did manage to uncover is that the scam appeared to have been engineered by an outfit called DPA, and at the moment that is literally all we know about them – apart from the four bogus names.”
“I love Conrad Morse,” said Reilly. “Where the hell did he find that one?”
Winter continued, “The first time anything happened, access was gained through head office in London. The bank’s clientele comprises mainly of footballers but there were other sportsmen and women, as well as musicians, actors and TV personalities – all with lots of money.
“On that occasion, DPA were simply snooping, but they deliberately left a trail informing head office in London that something was going on, but they wouldn’t be able to figure out what. No money had been taken but a
Comments (0)