[Image Source: Himalnews]
Security researchers have uncovered a huge cyber-crime operation in Brazil that aimed to steal about USD 3.75 billion from transactions. The theft has been done through Boleto Bancario, a popular online payment method in Brazil. It can be issued online and paid out through various channels like banks and supermarkets. KerbsonSecurity has called the theives “Boleto Bandits”.
The Boletos is quite a secure and easy mode of payment used by most Brazilians for all kinds of transactions, from telephone bills, health insurance to mortgages and school tuition. It was all the more popular because many Brazilians do not have bank accounts and they don’t trust the postal service for transactions.
The researchers were able to identify compromised transactions of USD 3.75 billion, but they are still not sure what percentage of that money was actually stolen. Even if half of the said amount was appropriated by the criminals, this would be one of the biggest swindles in the history of online fraud.
The New York Times quoted researchers saying that the criminal ring had been using what they called “bolware” (a play on Boletos and “malware”, a term for software intended for illegitimate purposes) to intercept legitimate Boletos payments. They then redirected them to their own accounts.
EMC Corp’s RSA Security researchers in Brazil, Israel and the United States spent 3 months studying 19 variants of bolware. They could trace them to a group in Brazil using digital logs. Based on the logs, researchers determined that 192,227 users were affected; 495,793 Boletos transactions worth USD 3.75 billion were compromised.
This cyber-crime operation, according to the investigators, may have begun as early as in 2012, and may be still going on.
The criminals infected the computers through random emails, which, once clicked, downloaded the malware into the user’s computer. The malware then worked through the operating systems and internet browsers to modify Boleto transactions and redirect payments.
According to the Brazilian Federation of Banks, 95% of the losses incurred by Brazilian banks are due to cyber-crime. Its officials said that Brazilian banks spent $910 million last year on digital security. They are now encouraging consumers to migrate from Boletos to a more secure payment system called Direct Debit Authorization.
Reuters News says : “When a computer infected with the “Eupuds” software is used to process a Boleto payment, it is very difficult for the customer to detect that the account has been modified because the validation screens often display the original inputs to make the fraudulent Boleto look authentic, according to RSA.”
The New York Times says : “RSA researchers said they had also briefed the Federal Bureau of Investigation and United States Secret Service and were working with local and international law enforcement officials to help prosecute the individuals behind the ring. The current assumption is that the group has ties to organized crime in Brazil, but Mr. Fleyder cautioned that for now, that was just an assumption.
Because the bolware only affects Windows PC users, researchers are advising PC users to take extra precautions before clicking on suspicious links or email attachments and to make Boletos payments only using the digital wallets on their mobile devices.”
To contact the author, send an email to firstname.lastname@example.org