Sometimes when we write about information security, we do not know whether we are talking about the right practices to secure information or about the threats that undermine security (insecurity). These topics tend to blend together. During this article, we will discuss the trends affecting the information (in)security of us all.

While it is true that the news we all hear is alarming, most of the time our first thought is “that does not happen here” or “I have nothing that can be stolen from me.” This type of thinking could not be further from the truth. To get an idea, let us examine the case of a local Panama bank.

During the month of October 2008, we required forensics services for the investigation and documentation of a cybercrime that occurred earlier that same month. When we began investigating logs, evaluating system security, and reviewing manual user provisioning processes for the e-banking application, nothing very significant could be found. However, in the middle of the investigation, a new attack on the bank unfolded, allowing us to confirm what we had suspected from the beginning: the method used to steal user credentials was a simple classic phishing attack using Google Ads as an attack tool.

Why do we refer to the perpetrators of the attack as gangs? As a result of the attack, the bank incurred losses of over USD 100,000.00 and today continue to suffer the aftermath of this attack. The people who carried out the attack had the following characteristics:

  1. The majority of the phishing websites and operations we could detect were located abroad, mostly in the United States. Domain name registrations were also made with physical addresses in that country, so someone must have served as a contact point for the purchase of the domains, denoting the involvement of participants from more than one country making this an international operation.
  2. The hiring of local personnel to withdraw money (drops) at different branches of the bank determined the presence of temporary agents in the country to take the money out and watch over the drops.
  3. The choice of targets was very clear. This was not the only bank affected in the country. In fact, since early 2008, activity had already been detected, primarily in local, medium-sized banks, avoiding multinationals like HSBC and Citibank. We can only speculate that they were trying by all means to avoid or delay FBI or INTERPOL involvement in the investigations so they would remain confined to the local environment of each country subject to existing legislation, which often does not contemplate electronic fraud in its penal code.
  4. There are reports from other countries in the Central American region affected by the same behavior. We can all remember the different cases that occurred in Costa Rica last year (http://www.nacion.com/ln_ee/2008/febrero/13/pais1418287.html). We can only suspect that this is the same international organization looking for different targets in the region.
  1. Economic income will continue to be the driving force motivating electronic fraud. In the past were left the attacks for fun or to test individual hacker knowledge.
  2. Development of localized malware, which takes longer to be discovered by the various security firms, which generally concentrate on malware developed in the first world.
  3. Development of new stealthy malware. The opinion of many is that the development and spread of the Conficker worm was nothing more than a test of new malware development techniques that evolves and is capable of receiving updates over the Internet.
  4. There will be greater interest from governments in developing legal frameworks that allow the prosecution of cybercrimes. In most Central American countries, there are basic laws, however, we will see more effort and resources invested in the matter, given that electronic business is something the region (Central and South America) has not been able to develop, precisely because we are seen as a high-risk region for fraud because it is difficult to prosecute this type of crime. Has anyone wondered why iTunes does not sell music in our countries, or why our credit cards are so difficult to use on eBay?

Common sense is generally a good companion and keeps us safe from the vast majority of malware developed to date. Using updated antivirus, verifying the authenticity of online banking sites, not conducting transactions on public sites such as kiosks or Internet Cafés, making online purchases only with prepaid cards, using fraud protection insurance on our credit cards, are just some of the things that should already be part of our daily lives and do not require much effort.

Above all, we must be clear that in order to achieve significant economic development, our countries must adopt electronic business as a growth tool, and by applying basic security measures, it can be as safe as traditional commerce.