Turkish police have arrested an international gang that allegedly stole $300,000 from online banking customers.
Police in the Turkish city of Izmir have arrested 17 members of a gang who broke into online bank accounts, according to news reports. Law enforcement agencies have said the gang worked alongside three Russian hackers, who allegedly provided them with banking user names and passwords stolen through spyware planted on unwitting users' computers. The Russian hackers reportedly shared the password information of thousands of Turks in exchange for 10% of the stolen money.
"In recent years, there has been a growth in the number of viruses and Trojan horses written specifically to steal banking information from Web surfers," says Graham Cluley, senior technology consultant for Sophos. "Spyware can silently hide on users' computers, waiting for them to type in their confidential information and then surreptitiously share it with the hackers."
Reports in the Turkish media say hundreds of Internet users in January began complaining about unexpected withdrawals from their online bank accounts. Twenty members of the Izmir Organized Crime Bureau investigated the case, discovered the IP addresses of the computers making the illegal transactions, and made simultaneous raids at different addresses in Izmir, Fethiye, Didim, and Kusadasi.
The names of the three suspected Russian hackers have been shared with Interpol.
"The Turkish authorities should be applauded for looking into this case so speedily, but this is just the tip of the iceberg," adds Cluley. "Phishing and spyware are a global problem, and all computer users need to defend themselves better against these kind of menaces if they want to continue to bank online safely."
Sophos analysts noted in the Sophos Security Threat Report 2007 that Russia is one of the top producers of malware.