Online banking Trojans going after your money!

Online banking users in Malaysia need to be wary of sophisticated Trojans. 

IMAGINE a burglar hiding in your house and slowly cleaning out your valuables, bit by bit, without you even realising it.

According to security firm Symantec, that is the common modus operandi of banking Trojans today, which have grown so sophisticated that they are almost impossible to detect and very difficult to get rid of.

As its latest white paper the World of Financial Trojans reveals recently, malware (short for malicious software) attacked over 600 financial institutions worldwide last year.

With this growth, bank hold-ups or ATM robberies, the bank heist of choice in Malaysia these days will soon be a thing of the past.

The phenomenon is no doubt partly due to the growing trend of online banking. As banks move online to make their transactions fast, easy and convenient for customers, cyber criminals are also finding the digital route the faster, easier and more convenient mode for looting.

A big threat, the report highlights, is the rate at which banking Trojans are now developed: with state-of-the-art mechanisms to circumvent the more complex security systems and exploit their weaknesses.

“Trojans have indeed evolved and the attackers have become more specialised and sophisticated,” Symantec Corporation (Malaysia) Sdn Bhd director (systems engineering) Nigel Tan concurs.

Most worrying, is that while the United States and Japan remain top of their target list, the banking Trojans are increasingly targeting emerging economies with high Gross Domestic Products (GDP) in Asia and the Middle East like Malaysia.

Tan notes, “Malaysia is on the radar of these cyber criminals and our financial institutions experienced attacks out of the 600 reported globally last year. We are not in the top 10 of countries attacked but the threat for Malaysia is no less dangerous.”

Internet banking has grown steadily in Malaysia since it was first launched in June 2000, and is now offered by 29 banks in Malaysia. As of September last year, there were 12.8 million registered users, rising from 3.2 million in 2006 and eight million in 2009.

Predictably, cyber crimes in Malaysia have also increased, with some RM2.75bil losses recorded over five years, from 2005 to 2010, especially in the financial sector.

The fact that cyber criminals are starting to eye Malaysian banks means we need to be more vigilant and tighten up our cyber security, says Tan.

End-users need to keep abreast with what security measures there are. - Nigel Tan

“They need to look at the malware threats they are risked to and look for measures to mitigate them because any organisation will face these threats.”

However, one problem is that many of these institutions cannot keep up with the constantly evolving sophisticated attacks. Another is the gap in the ability of certain organisations to detect threats on customers systems, according to the report.

Tan concedes that the security of our financial institutions can be improved.

Another challenge is that the Trojans are beginning to work out which banks have less security, and going after them, he warns.

“There is a difference in quality between the different banks in terms of how much of the protection and fraud detection methods they put in place.

“And if you are a robber trying to decide between two houses one big house with full security or one smaller house with minimal security; it is secured with only a padlock and chain which one will you target?” Tan quizzes.

As the report sums it, banking Trojans now “enter through the backdoor, strike with clinical precision, and have evolved to a degree of sophistication that allows attackers to conduct high-value transactions while evading traditional fraud-detection measures.”

It is not that banks have been unaware of this growing threat. Since online banking was first introduced in 1994, cyber criminals have looked for various ways to attack them. By 2003, around 20 distinct banking Trojans have existed including simple keylogging Trojans and phishing, said the report.

In response, the banks bolstered their security and fraud detection capabilities.

The problem is, the cyber criminals started adapting, until most security systems and measures were neutralised.

Tan calls these cyber criminals a specialised hacking community that is no longer searching for notoriety and fame, but is in it for the money.

“Hackers now are less noisy than five years ago, but just because there is less noise right now, it does not mean that they are not there. Trojans now stay in your computer as quiet and as long as possible to steal as much money as possible,” Tan cautions.

As mentioned, an attack technique increasingly used is called “man-in-the-browser” which basically involves an application hooking into the browser and manipulating data before it is displayed.

Sophisticated thievery

The report explains, the users will not be able to detect any malicious activity but the Trojan will intercept their transactions and inject a form in the browser requesting sensitive information. Once the user submits the requested personal information, it steals the data for future thievery.

The more sophisticated Trojans can automatically execute transactions in the background, the report highlighted.

What makes it difficult to notice with the naked eye, says Tan, is that “the domain is legitimate and the security page is accurate. It is your computer that is affected, so it can steal your personal data or attack your bank.”

One thing that makes it difficult to clamp down on the attackers behind these Trojans is that it is not easy to pin the crime on them.

“Just writing malware is not an offence. It is hard to pin it as a crime, as long as the writer does not go out and sell it,” Tan points out.

It also does not help that they are reportedly organised underground groups who are not only experts at scripting and automating attacks, but are also knowledgeable about the sophisticated global financial industry and supported by a service industry of widely available malware.

It is akin to organised crime, he opines.

As the report puts it, “The financial fraud marketplace is also increasingly organised. It is a service industry where a wide variety of financial Trojans, webinjects, and distribution channels are bought and sold. Services being offered are dedicated to each aspect of a financial fraud campaign. These offerings will improve effectiveness of established techniques.”

The Top Three of the “Most Wanted” malware list in 2012 were the Zeus Trojan, also known as Zbot (+ Gameover), having compromised more than 400,000 computers worldwide; followed by Cridex at more than 250,000 computers compromised and Spyeye at more than 50,000.

Symantec also points to third-party remote webinjects which can circumvent security countermeasures, targeting a large number of financial companies “concurrently and intelligently” as posing a threat to financial companies.

According to the report, it is not only the main financial organisations like commercial banks that are high on the list of targets, but also organisations that perform online financial transactions such as automated clearing house payments systems and payroll systems.

It is thus crucial for the “good guys” to be alert all the time. They can't slip up and must put in place adequate security mechanisms and take strong measures to deter attackers from targeting these institutions, Tan urges.

Ultimately, users cannot leave the responsibility for security solely to the institutions, he warns.

“End-users need to raise their awareness of the threats out there as at the end of the day, the criminal will go through the end-user to attack the financial institutions.”

The best measure, he stresses, is not to get infected in the first place, so installing a good anti-malware programme on your personal devices is crucial.

As he puts it, anti-malware solutions can stop the malware, even if you were already infected, shares Tan.

“The scanning will pick it up and delete it off your system.”

Tan also emphasises ongoing education in security, as the threats are constantly evolving.

“There will not be a point where you can say this is it. This is what everyone should do. End-users need to keep abreast with what security measures there are.”

Good practice needs to be adopted such as reading the message box or running an anti-virus before downloading anything from a website.

“Most of the time when people get a pop-up to say that you have a malware, they just cancel it or click it close, or when it says your computer is infected, they just ignore it.”

Significantly, Tan says this is not a call to say that Internet banking is bad.

“Quite the contrary. Internet banking has a lot of benefits.

“But as we embrace any new technology or media, we just have to be aware of what the threats are on the Internet. As long as we take adequate protection, we will be safe.”

By HARIATI AZIZAN sunday@thestar.com.my

The China dream

Tan Sri Lin See-Yan analyses the China Dream' and that President Xi Jinping needs to assure middle-class Chinese that the nation can remain rich and strong.
 
PRESIDENT Xi Jinping, general-secretary of the ruling Communist Party as well as chairman of the Military Commission, talked of the “China dream” to unite an increasingly diverse nation of 1.35 billion people. What's Xi's vision which incidentally sounds somewhat like the American dream?; even evokes Martin Luther King's “I have a dream,” reflecting some US-style aspiration.

Since the revolution, China's goals have centred on unity, strength and wealth. Mao Zedong tried to attain them through Marxism and failed: the cultural revolution ended with his death in 1976. Deng Xiaoping's catchphrase was more practical: “reform and opening-up.” Then, Jiang Zemin pushed the more arcane “Three represents” to embody the changed society, including allowing private businessmen to join the party. Lately, Hu Jintao championed the “scientific-development” outlook which was about being greener and dealt with disharmony created by the divisive wealth gap. His Prime Minister Wen Jiabao dwelt repeatedly with the need to rid the economy of the 4-UNs unstable, unbalanced, uncoordinated and ultimately unsustainable growth.

Now, Xi talks of his dream of “the great revival of the Chinese nation,” of a “strong army dream,” and of our mission “to meet the people's desire for a happy life.” He also alludes to ordinary citizens wanting “to own a home, send a child to university and just have fun.” The Chinese dream, he said “is an ideal. Communists should have a higher ideal, and that is Communism.” Frankly, even though short on detail, Xi's dream is different from his two predecessors' stodgy ideologies. I see practical politics at work here. With growth slowing, Xi's new vision appears to emphasise nationalism going beyond middle-class material comfort. Of course, there is the usual tough talk on the rule of law and on corruption (“fighting tigers and flies at the same time”); also on meeting the public's wish for “better education and more stable jobs.” His dream seems designed to inspire rather than inform. In the end, “The China dream is the people's dream,” so he says.

Promises and pledges

China's US$8.3 trillion economy went through its worst slowdown in 13 years in 2012 when weak exports and increases in interest rates dragged annual growth to 7.8%, the grimmest since 1999. The economy faces more headwinds as it struggles with surplus production capacity and underlying risks in the financial system. So it's not surprising the new administration has called for sweeping reforms and lessening state control. Areas requiring pressing change include freeing interest rates, promoting private investment, encouraging consumption and “greener” growth, and enforcing the rule of law. It has even declared “fair competition is our common goal,” vowing to end subsidising SOEs (state owned enterprises) and levelling the playing field for private enterprise.

The new leadership has since pledged to slash bureaucracy, commit to market-oriented reforms, boost social spending and services, and fight pollution. China is expected to rely on migration to the cities to boost domestic consumption and re-make the economy to be less dependent on massive outlays on fixed investment at home and exports abroad. Such “rebalancing” needs to give markets room to operate competitively. In finance, market forces will be given freer play in setting interest and exchange rates, to ensure savers get a better deal, and businesses have ready access to funding through more effective capital markets.

The Xi administration now puts China's fast growing consumer class at centre stage. Perhaps, the most far reaching change thus far is the urbanisation policy being pursued. This involves reforming the rigid urban hukou household registration system by giving residency permits to some 220 million migrants to the cities, and allowing farmers to sell land at market prices to protect their land rights and boost incomes. Empowering a whole new class of consumers underpins the national drive to reorganise the entire economy from government to banks to SOEs. Such radical overhaul is needed to seriously expand domestic demand. China's plan includes adding 9 million new jobs in urban areas to keep unemployment at or below 4.6% to ensure that real per capita income for both urban and rural residents continue to increase. Its inflation target this year remains at 3.5%, lower than 4% last year. China's actual inflation last year came-in well below that at 2.6%. But these achievements came at the cost of widening inequality and environmental degradation. China's Gini coefficient a measure of income differences was 0.474 last year, higher than the 0.4 level which signals a potential for social unrest.

Transformation

China's GDP (gross domestic product) rose 7.7% in the first quarter this year (down from 7.9% in the fourth quarter 2012), slower than the median analysts' forecast of 8%. Given continuing weak US conditions and a eurozone locked in recession, disappointing Chinese data cast a long shadow over the global outlook. Frankly, I am not as worried provided it reflects the transformation that's said to be already in train. Elements of this reform include shift from investment-export led growth to a new structure providing widespread support for domestic private consumption. This rebalancing will involve new initiatives emanating from services-led consumption, which in turn relies on more labour-intensive services. These require 35% more jobs per unit of GDP compared with manufacturing and construction (thus ensuring rising employment and poverty reduction), with a much smaller resource and carbon footprint.

Xi’s dream is different from his two predecessors.

As I understand it, this services-led pro-consumption reform remains a core initiative in the current 12th 5-year Plan. The agenda needs complementary support from implementing an enlarged and better designed social safety net; reform of SOEs; and ending financial depression of households by raising the artificially low interest rates on saving. But there are strong headwinds coming from several directions: deteriorating credit quality affecting the integrity of bank balance sheets; weakening export competitiveness reflecting continuing rising wages; pollution, corruption and inequality; and political economy missteps, including escalating disputes with Japan and others. China has come through two major crises in the past four years. Its economy remains robust and resilient but it still needs to modernise. Make no mistake, the risks are real. Only purposeful transformation can provide China with the needed strength and resolve to pull through future crises. Reality check: as the economy matures, its pace of growth will surely slacken.

Urbanisation

Urbanisation (movement of rural population into cities and towns) has become a focus of China's reform plans. Its urban population reached 690 million in 2011, against 170 million in 1978. The percentage of urban population rose to more than 51% in 2011 (17.9% in 1978) and will touch 60% by 2020. Consequently, rural population fell from 82.1% in 1978 to 48.7% in 2011. This movement highlights the strategy to rebalance the economy:

● It drives market demand; per capita consumption ratio of urban residents to rural is about 3.3:1;

● Pushes investment in infrastructure and social housing which in turn creates employment and new incomes, which further raises consumption. A 1-1.5 percentage point rise in urbanisation adds 15-20 million people to the city;

● Promotes industrial restructuring and upgrading thereby raising the quality and productivity of employment;

● Increases jobs in the service industry. According to the World Bank, emigrants send home US$45bil a year, with some sending as much as 80% of their income to support their families. This leads to rising rural spending on better homes, education, consumer durables and higher grade groceries. Contrary to common belief, migrants actually maintain their rural shopper habits as they work and sleep in urban environments. The entire process will help to restructure the economy. It is projected that 400 million people will become urban dwellers over the next decade. Under the 12th 5-year plan (ending 2015), 36 million social housing units will have to be built in addition to the 7.2 million units built in 2012. To meet the growing demand for urban jobs, China created 10.24 million new jobs in the first nine months of 2012 (exceeding the 9 million target set for the entire year).

But urbanisation comes at a cost. It is accompanied by chronic environmental degradation and worsening pollution, posing a serious threat to human health and social stability. Urban migration is drastically changing patterns of consumption and behaviour city residents use three times more electricity than rural dwellers; consume 10 times as much sugar, and require vastly more infrastructure and utilities to service their daily lives. Despite efforts to make cities greener, progress is slow because local officials are rewarded for high investment and fast growth, rather than for sustainability. Hence, repeated calls for urbanisation to be “balanced with ecological security.” Additionally, there is fear that the surge of migration would turn cities into Latin-American style slums. But urban reformers are pushing for “bigger-is-better” the idea that cities gain by having people more tightly packed forcing greater use of public transportation (hence, raising its effectiveness), forcing old-line high polluting industries to relocate (thus raising productivity and freeing valuable social space), forcing new energies into a city thus, helping to create new businesses and investment.

Surprisingly, many of China's biggest cities are much less densely populated than Singapore, Seoul, Manhattan and downtown Tokyo, all of which have made strong, successful transitions to the consumer-led service-industry model China wants. Beijing (20 million) has a density of less than 5,000 per sq km and Shanghai (18 million), less than 6,000 against 11,000 in Singapore, 18,500 in New York and 10,400 in Seoul. Rightly so, the Chinese leadership is worried about building super-size urban centres because they create slums, worsen pollution or spur pockets of political dissent.

What then, are we to do?

National unity requires China to be one big bed. But its people can, and do have different dreams indeed, as many as 1.35 billion. The challenge is to get them all to dream the same dream. Xi hopes this would be his “China dream.” China's rise in national strength is well known. It's already the world's second largest economy and the world's largest exporter. Over the past decade, the economy rose 9.3% on the average, raising per capital income to over US$6,000 by 2012. Historians remind us that in 1820, China's GDP was one-third of the world. Then humiliation of the century brought it down to a low so that by the 1960s China's share fell to just 4%. Now, it has recovered to about one-sixth in purchasing-power parity terms. Xi's dream needs to reassure the new middle-class that China can remain “rich and strong” in the hope of reigniting “the great revival of the Chinese nation.”

From the “people first” approach to the “Scientific Outlook” on development, and then to campaigning for a “harmonious society” and “inclusive growth”, the Hu-Wen administration shifted the single-minded pursuit of GDP growth towards more emphasis on balance, reorienting its strategies towards a stronger focus on social security (by 2012, 480 million were on pension and 1.3 billion covered by medical insurance); education (reforms at decentralisation and addressing the need for innovation and entrepreneurship); urban-rural divide (reform of subsidies and taxes, and free and compulsory education in rural areas); and social housing (leading to massive building). Despite much progress, these areas remain of deep enough concern to require bold and innovative action by China's new fifth generation leadership. As I see it, gradualism (instead of cold turkey) is still the tone of future reforms. I see this manifested by the new emphasis on introducing pilot programmes first to test their workability on the ground when carrying out major reforms.

As part of reform, it does appear now there won't be any large-scale stimulus to boost growth as the government pares the state's role and rely more on workings of the market mechanism and the initiative of private enterprise. Many analysts have since begun to lower China's 2013 growth to 7.6% for the year as a whole, as the road ahead gets bumpy. It's unlikely to grow at 8.2% in 2014 (International Monetary Fund forecast). For the Xi administration, speed isn't everything. Better balance holds the key to unlocking China's dream.

WHAT ARE WE TO DO
By TAN SRI LIN SEE-YAN

● Former banker, Dr Lin is a Harvard educated economist and a British Chartered Scientist who speaks, writes and consults on economic and financial issues. Feedback is most welcome; email: starbiz@thestar.com.my.

Related posts:
No easy path to 'Chinese dream' 
China all out to rejuvenate the nation
China Dream a nightmare for others? 
President Xi: Russia ties ensure peace; foreign debut illuminate China's 'world dream'
Chinese smartphone innovators shrug off Android ... 
China's prodigy whiz kid wants to quit school and a quiet  
The West envious of global economy led by China 
China newly elected President Xi Jinping and Premier Li  
China's First Lady Peng Liyuan leading by example

Taiwan stages military drill as Philippines killing Chinese fishermen

Standard Type II missiles (front) are ready to launch and 5-inch canon (back) is ready to fire during a joint military drill on a Kidd-class destroyer outside a navy base in Kaohsiung port, southern Taiwan, on Thursday. Photo: Reuters

Taiwan on Thursday staged a military exercise in waters near the northern Philippines in response to the killing of a Taiwanese fisherman, after rejecting repeated apologies for the death.

Philippine coastguards shot dead the 65-year-old last week after they said his vessel illegally sailed into Philippine waters. Outrage in Taiwan at the incident has grown amid a perceived lack of remorse in Manila.



.
A flotilla of one destroyer, two frigates and four coastguard ships sailed to the waters near Batan island to press Taiwan’s territorial claims in the area, defence authorities said.

Taiwan’s Foreign Minister David Lin and the fisherman’s family refused to meet a personal representative sent by President Benigno Aquino in a bid to contain the diplomatic fallout. He was due to return to Manila later on Thursday.
“I came to convey the president’s and the Filipino people’s deep regret and apology over the unfortunate and unintended loss of life,” Amadeo R Perez told reporters at the airport.

Philippine special envoy Amadeo Perez (centre) and Philippine envoy in Taipei Antonio Basilio (right) meet the media during a visit to Taiwan's Foreign Affairs Ministry in Taipei on Wednesday. Photo: AFP 
Perez is chairman of the Manila Economic and Cultural Office which handles relations with Taiwan in the absence of diplomatic ties. The Philippines, like most countries, formally recognises China over Taiwan.

Taiwan has deemed it “unacceptable” that the death has been described as unintended by the Philippines.

Tensions mounted after Taiwan on Wednesday slapped sanctions on the Philippines, including a ban on the hiring of new workers, a “red” travel alert urging Taiwanese not to visit the Philippines and the suspension of exchanges between high-level officials, trade and academic affairs.

Taiwan’s President Ma Ying-jeou reiterated on Thursday that the Philippines should take the responsibility over the fisherman’s death.

“I do hope they (the Philippines) will understand they have to be responsible in the international community. Shooting unarmed and innocent people in the open seas is not an act tolerated by civilised nations,” Ma said.

Taipei has repeatedly pressed Manila to issue a formal apology by its government, to compensate the fisherman’s family and to apprehend the killer.

It also rejected an initial apology on Wednesday by the Philippines’ de-facto ambassador.

Maritime tensions are already high over rival claims in the South China Sea, adjacent to where last Thursday’s shooting took place.

China, the Philippines, Taiwan, Vietnam, Malaysia and Brunei all have competing claims to parts of the strategic and resource-rich maritime region.

“This (exercise) highlights Taiwan’s navigation and fishing rights,” said Vice Admiral Hsu Pei-shan, the Navy Chief of Staff, Central News Agency reported.

- Agence France-Presse in Taipei

Related posts:

The Philippines recklessness killing Chinese Taiwan fishermen 

China warns Philippines over Huangyan Island as tension rise
Who owns the South China Sea islets in the eyes of the world?