Cybercriminals Build Massive Banking Fraud System in the Cloud

By Antone Gonsalves, CSO

Cybercriminals have built a cloud-based fraud system that targeted wealthy people and commercial accounts in bilking primarily European banks of possibly billions of dollars, security vendors say.

The international ring targeted accounts with an average of $300,000 to $600,000, and attempted to transfer as much as $130,000 to bogus business accounts, Intel-owned McAfee said Tuesday. While McAfee did not know how much money was actually stolen, the vendor estimates that it ranged from $75 million to $2.5 billion.

The ring targeted banks in Europe and then expanded to Latin America and more recently the United States, where it had just gotten started, Dave Marcus, director of advanced research and threat intelligence at McAfee Labs, said. McAfee, which investigated the ring's operation over the last six months with Guardian Analytics, is working with law enforcement agencies to shut down the fraudsters.

What is unique about the fraud was the amount of automation used, a feat made possible through the use of cloud computing, Marcus said. The combination of remote servers and an intimate knowledge of banking transaction systems made it possible to automate the theft, rather than simply stealing user names and passwords and having someone manually transfer money from a computer.

"The automated nature of these attacks really require that kind of server/cloud functionality," Marcus said. "It can't all take place on the host [computer]. All of the logic and all of the sophistication really does reside on that [cloud] server."

McAfee first discovered the fraudsters operating in Italy, and later followed them to Germany, the Netherlands and other countries in Europe. In March, the ring was found operating in Colombia and one server was later traced to the United States. "It looks like it [the ring] just started making the transition to the U.S.," Marcus said.

The fraud started with an email cleverly disguised to look like it came from the recipient's bank. Clicking on a link in the message downloaded the malware that would later use web-injects to steal the information needed to perform fund transfers. Web-injects are fake pages or form fields launched while a person is on an online banking site.Ã'Â

McAfee, which dubbed the investigation "Operation High Roller" because of the wealthy victims, found 60 servers processing thousands of attempted thefts. Most of the transfers were for less than $10,000, with the highest reaching $130,000.

The fraudsters used common Zeus and SpyEye malware platforms as the base of the malicious code, which was customized for each targeted bank. Once the malware stole the needed information, transfers were performed via the control servers, which were even able to obtain the information needed to bypass smartcard readers often used in Europe for two-factor authentication. "We have not seen this level of sophistication before," Marcus said.

Besides the use of the cloud, the fraudsters had an impressive knowledge of how banking transaction systems worked. McAfee wasn't able to determine how the criminals gained that level of understanding. "You can't make a fraudulent transaction look like a valid transaction, if you don't know what you're doing," Marcus said. "And these guys know what they're doing."

Nexus 7 Tablet and Android Jelly Bean Announcement Expected Today At Google I/O Conference

By JOANNA STERN

Apple and Microsoft both had their turns to show off their latest software and hardware this month; today it is Google's turn.

Google executives will take the stage at the annual Google I/O Developer's Conference at the Moscone Center in San Francisco, where they will show off the latest versions of Google software, including Android and other services.

Google's next version of its Android operating system is expected to be one of the major points of conversation. Like earlier Android versions, this one is named after a dessert -- Jelly Bean. Ice Cream Sandwich, the current version of Android, was announced last November. Before Ice Cream Sandwich, there was Gingerbread and Honeycomb. Google put out a statue of a bowl of jelly beans at its Silicon Valley campus yesterday.

While there haven't been many details to spill out yet about Jelly Bean, Google is likely to announce a tablet to go along with the new operating system. Rumored to be called the Nexus 7, the tablet is said to have a 7-inch screen, a fast quad-core processor, and a very affordable $199 price. The tablet is expected to go head-to-head with Amazon's Kindle Fire. These rumors have been widely reported, and most recently the Wall Street Journal corroborated the reports.

While there have been lots of Android tablets released, none have been as successful as the iPad. It is expected that the Nexus 7 will ship in July and that Taiwanese manufacturer Asus is making the tablet itself. Microsoft's Windows 8 Surface tablets, which were announced last week, aren't expected until later this year.

But Google isn't only expected to talk about Android and its tablet strategy. The search giant will discuss its maps platform and other services like its Cloud storage solutions, including the new Google Drive. Apple recently ditched the Google Maps in iOS 6; it has created its own 3-D mapping for the iPad and iPhone.

Over 5,550 thousand developers will be at I/O this year. A Google spokesperson also said that the mini-kitchens at the Moscone Center will stock 1,455 pounds of snacks for the three day event. ABC News did see a Jelly Belly truck pull up in front of the conference center yesterday.

Assad says Syria at war as battle reaches capital

By Oliver Holmes

BEIRUT (Reuters) - Syrian President Bashar al-Assad declared on Tuesday that his country was at war and ordered his new government to spare no effort to achieve victory, as the worst fighting of the 16-month conflict reached the outskirts of the capital.

Video published by activists recorded heavy gunfire and explosions in suburbs of Damascus. A trail of fresh blood on a sidewalk in the suburb of Qudsiya led into a building where one casualty was taken. A naked man writhed in pain, his body pierced by shrapnel.

Syria's state news agency SANA said "armed terrorist groups" had blocked the old road from Damascus to Beirut.

The declaration that Syria is at war marks a change of rhetoric from Assad, who had long dismissed the uprising against him as the work of scattered militants funded from abroad.

"We live in a real state of war from all angles," Assad told a cabinet he appointed on Tuesday in a speech broadcast on state television.

"When we are in a war, all policies and all sides and all sectors need to be directed at winning this war."

The rambling speech - Assad also commented on subjects as far afield as the benefits of renewable energy - left little room for compromise. He denounced the West, which "takes and never gives, and this has been proven at every stage".

The United Nations accuses Syrian forces of killing more than 10,000 people during the conflict, which began with a popular uprising and has built up into an armed insurgency against four decades of rule by Assad and his father.

The U.N. peacekeeping chief said it was too dangerous for a U.N. observer team, which suspended operations this month, to resume monitoring a ceasefire. The truce, part of a peace plan backed by international envoy Kofi Annan, has long since been abandoned in all but name.

The Syrian Observatory for Human Rights, a group which compiles reports from rebels, said 115 people were killed across Syria on Tuesday, making it one of the bloodiest days of the conflict. Its toll included 74 civilians it said had been killed, including 28 in Qudsiya.

It described heavy fighting near the headquarters of the Republican Guard in Qudsiya, and in other Damascus suburbs of al-Hama and Mashrou' Dumar, just 9 km from the capital.

SANA said dozens of rebels were killed or wounded and others arrested in fighting on the old Beirut road. Government forces seized rocket launchers, sniper rifles, machineguns and a huge amount of ammunition, it said.

Accounts from the rebels and the government cannot be verified because access for journalists is restricted.

Samir al-Shami, an activist in Damascus, said tanks and armored vehicles were out on the streets of the suburbs.

Turkish Prime Minister Tayyip Erdogan said Syria must beware the wrath of Turkey after Syrian forces shot down a Turkish warplane on Friday at the Mediterranean coast. He ordered his armed forces to react to any threat from Syria near the border.

"Our rational response should not be perceived as weakness, our mild manners do not mean we are a tame lamb," he told a meeting of his parliamentary party. "Everybody should know that Turkey's wrath is just as strong and devastating as its friendship is valuable."

NATO member states, summoned by Turkey to an urgent meeting in Brussels, condemned Syria over the incident in which two airmen were killed. The Western alliance called the incident "unacceptable" but stopped short of threatening retaliation.

NATO's cautious wording demonstrated the fear of Western powers as well as Turkey that armed intervention in Syria could stir sectarian war across the region. So far there has been no sign of an appetite for intervention like that carried out last year by NATO against Libya's Muammar Gaddafi.

NO ACTION "AT THIS STAGE"

A Turkish official said Ankara's ambassador had not asked the NATO envoys for action "at this stage". Erdogan's speech was seen in Turkey as less belligerent than it might have been.

"Those who want war may be disappointed by the prime minister's speech," Turkish journalist Mehmet Ali Birand wrote. "But a big part of society breathed a sigh of relief."

Nevertheless, Turkish officials say they are ready for scenarios that include a possible need to protect civilians near the border. A Turkish official who asked not to be identified said: "For Turkey there are two bad scenarios: one, a mass influx of refugees and two, large-scale massacres in Syria."

"Ankara has not taken a decision for military intervention or a humanitarian corridor at the moment. But if these are needed, everybody would prefer that they will be done with international legitimacy. However, if things go really badly we have to be ready for any kind of eventuality," he added.

Erdogan said the armed forces' rules of engagement had been changed as a result of the attack, which Turkey says took place without warning in international air space.

"Every military element approaching Turkey from the Syrian border and representing a security risk and danger will be assessed as a military threat and will be treated as a military target," he said.

Russia, which has acted as Assad's main defender in the U.N. Security Council, called for restraint and said shooting down the aircraft should not be "viewed as a provocation or a premeditated action."

Syrian and Turkish accounts of the incident differ. Syria says it had no choice but to take out the plane as it entered Syrian air space flying low and at high speed. It found out it was Turkish only after the engagement. Turkey insists its aircraft entered Syrian air space only briefly by mistake.

Turkey is the base for the rebel Free Syrian Army (FSA) and shelters more than 30,000 refugees - a number Erdogan worries could rise sharply as fighting spreads. Rebel soldiers move regularly across the border and defectors muster inside Turkey.

Moscow has close relations with Damascus and has a naval base at Syria's port city of Tartus close to the spot where the jet was downed. Some defense experts said the Turkish plane could have been testing Russian-supplied Syrian air defenses.

Moscow-based defense think-tank CAST said Russia was expected to deliver nearly half a billion dollars worth of air defense systems, repaired helicopters and fighter jets to Syria this year despite international pressure to halt the arms sales.

Russia said it was crucial Iran should also attend a meeting on Syria of the five permanent U.N. Security Council members and regional players organized by Annan in Geneva this weekend.

Western countries oppose Iran, Syria's closest regional ally, taking part in the meeting and some diplomats have said it was not entirely clear whether the meeting would take place.

Obama rebuffs Erdogan’s appeal to lead Turkey in Syria attack

DEBKAfile Exclusive Report

Another urgent bid for the US to lead an allied offensive against Syria’s ruling regime fell on deaf ears in Washington. It came Tuesday, June 26, from Turkish Prime Minister Tayyip Erdogan, who is spoiling for action after a Syrian anti-air ambush downed a Turkish reconnaissance jet flying over Latakia last Friday.

In several phone calls to President Barack Obama, Erdogan argued forcefully that the incident provided the perfect opening for a Western-Muslim-Arab offensive, according to debkafile’s military and intelligence sources. This offensive, said the Turkish leader, could drive into Syria, create no-fly zones, attack regime and military targets and establish safe zones for rebels and refugees. The Turkish army, air force and navy stood ready for immediate action, he said, but the US must take the military lead in this operation – and not just “from behind,” as in Libya.

Obama replied the time had not yet come for direct US military intervention in Syria, and covert operations by American, British, Turkish and French special operations forces should continue inside the country.

Erdogan maintained that covert tactics would neither stop the bloody violence in Syria nor upend the Assad regime. Only the open exercise of American military might and logistic and military capabilities could work and without it Turkey was constrained from going forward on its own.

That disagreement was behind the mixed signals coming from Ankara over the Syrian shoot-down of the Turkish military plane – insistence on punishing Damascus, on the one hand, and statements that Turkey does not seek war, on the other.

Tuesday, the prime minister stated to parliament: “After this attack, we have entered a new stage,” he said. “The rules of engagement of the Turkish Armed Forces have changed. Any risk posed by Syria on the Turkish border, any military element that could post a threat, will be considered a threat and treated as a military target.”

Erdogan’s statement was couched in the future tense, meaning Syria was off the hook this time.

However, in the interests of muscle-flexing, Turkey’s media reported Wednesday that its military had moved forces including tanks up to the Syria border and placed them on “red alert” with license "to shoot to kill.”

This train of events shows Prime Minister Erdogan, notwithstanding his close friendship with the US president, is in the same bind on Syria as Israeli Prime Minister Binyamin Netanyahu is on Iran.

Ankara is more than ready to hit back at Syria, just as Jerusalem has been standing prepared for military action against Iran’s nuclear program. But both are held back by President Obama. He hopes that by keeping Iran’s key ally Bashar Assad untouched and diplomacy rolling, an accommodation with Tehran on the nuclear issue is attainable.

This has left Erdogan falling back on the stratagem Netanyahu employs with regard to Iran and HIzballah: tough rhetoric accompanied by inaction.

This did not stop Syrian President Bashar Assad from declaring to parliament Tuesday, when he introduced a new cabinet headed by Riyad Hijab: “We are in a state of real war in every respect of the word and when we’re in a state of war, all of our politics must be concentrated on winning this war.”

As he spoke, British special forces (whose presence in Syria was exclusively revealed by debkafile Monday) carried out two tasks: They helped rebel groups, including the Free Syrian Army, extend their control of territory in the Idlib province on the northern Syrian border with Turkey and Lebanon, and gave them badly-needed hi-tech communications equipment.

They also made it possible for the first Syrian opposition leader, Burham Ghalioun of the Syrian National Council, to set foot in Syria. Under their heavy guard, Ghailioun toured rebel-controlled local villages in Idlib for a few hours before crossing back into Lebanon. Assad’s heavies watched helplessly.

Our military sources note the resemblance of this method of operation to the tactic employed by British special forces in Libya in early 2011, when they set up shop at the rebel center of Benghazi and from there, organized resistance to the Qaddafi regime.

Embry: We’re On The Edge of Collapse, We’ve Run Out of Time

Today John Embry told King World News, when referring to what is needed to bail out Europe, “All I know is that these numbers are staggering ... We are on the edge of collapse. We’ve run out of time.” Embry, who is Chief Investment Strategist of the $10 billion strong Sprott Asset Management, also told KWN that if the euro does split apart, it “will be extraordinarily chaotic.” Here is what Embry had to say about the crisis: “We’ve got to focus on what’s coming up in the short-run with regards to the European situation. It’s going to be an extremely interesting summit they are hosting this Thursday and Friday. The problems are piling up at such an enormous rate they can’t be ignored anymore.”

John Embry continues:

“There was this amazing back and forth today, where Merkel said, ‘There would not be euro bonds as as long as she was alive.’ Then, not longer after, Monti, the Prime Minister of Italy, came out and said that if there weren’t euro bonds, he was going to resign.

So this is turning into a comedy, even though it’s a tragedy....

“The only way this can be dealt with, in the short-run, is by enormous monetary creation. If Merkel and the Germans want to block that because they don’t want to give the ECB that power, the euro is going to split apart and that will be extraordinarily chaotic.

If the euro doesn’t split apart and they do create the money, it will ultimately be very inflationary. So the Germans are caught between a rock and a hard place. You’ve got to remember that the Germans have seen their currency destroyed twice in the last century. The know full well that if you go too far down this path, you are headed towards hyperinflation. They have been there.

I think the money will be created. I was very intrigued by Don Coxe’s fantastic interview with you earlier today. He outlined the degree to which the European banking system is impaired. He used the number $2 trillion. To me, once you get into those numbers, it’s open-ended.

All I know is that these numbers are staggering. It wasn’t even that long ago that one trillion was a number that we couldn’t even fathom. Now they throw it around as though we’ll just print it up tomorrow.

For what it’s worth, if the euro were to break-up and the Germans were to introduce their own currency, that currency would go to the moon relative to most of the others. This would make them uncompetitive in many ways. The Germans have a lot on the line here, so I think they print.

In the very short-run, if they create enormous amounts of money, it could buoy markets a bit, but it doesn’t solve anything. The fact is the system needs unlimited liquidity just to keep floating all of the boats.”

Embry also warned: “We are on the edge of collapse, it’s imminent. We’ve run out of time. If they don’t take action, continue to play this brinksmanship, and this thing gets away on the downside, when you get a hard deflation going, it’s really difficult to reverse.

I don‘t think you can say anything with total assurance, for the simple reason that we have never, ever been remotely in a condition like this in all of world history. So the only things that I am comfortable in at this moment are physical gold and silver and gold and silver shares.”