Hacked Chinese Bank Server Phishes for US Banks 47
1sockchuck writes "A Chinese bank's servers are being used in phishing attacks against U.S. institutions, apparently the first time one bank's infrastructure has been used in attacks on other banks. A hacked server from China Construction Bank Shanghai Branch is hosting pages spoofing Chase and eBay. The scam is one of numerous sites using a social engineering hook promising a $20 reward for recipients who complete a survey about the bank's online services. It then asks for your account login and password - so it can deposit the $20 in the correct account, of course. Plus your Social Security number, mother's maiden name etc."
Chinese hackers (Score:4, Funny)
We need to bomb their Internet Center ASAP before they build another tank rush.
Re:Chinese hackers (Score:1)
Can't believe people is still playing Command & Conquer: Generals.
Re:Chinese hackers (Score:2)
stupidity is the most common element in universe, even more common than hydrogen.
So that's why (Score:3, Interesting)
Dave
Indeed. (Score:3, Insightful)
Re:Indeed. (Score:2)
So wrong! (Score:2)
Now, if you have net access, you are in the top 1/3 or so of the US intelligencia. Went to college? More like the top 10%. Active and aware of the political an
Re:So wrong! (Score:1)
I was with you up to this part. As the saying goes, "You must be new here" All crowds and most people think they are above average.
Re:So wrong! (Score:2)
In any case, my family is generally steel millers and Nascar watchers (I don't get it, but they are). I have to regularly delouse their machines of spyware and what not, but not one has been hit with a phishing scheme...few people...even knuckle-draggers believe the UK lottery has not only aut
Re:So wrong! (Score:1)
So, I'm in the top third because I have net access? Never went to college, although I work at one and even teach a course. Have long been aware of the political and technical aspects of more than just issues like this one. So where does that put me? Oh yeah, I'm a /.er so that makes me instantly intelligent! w00t!
Try this on for size: by your "formula" the faculty I work with should all be in the top 5-10%, yet with every new phishing scheme (and even some repeats of old ones) I have to answer the question
Re:So wrong! (Score:5, Interesting)
Really? That's suprising seeing that nearly 75% of U.S. households have internet access [websiteoptimization.com]. (And that was back in 2004)
Went to college? More like the top 10%
So, going to college puts you in the top 10% eh? From 1990 to 2002, the number of high-school graduates entering college went from 60% to 64%. The percentage of Americans [usatoday.com] ages 25 to 29 with a bachelor's degree rose from 23% to 29%. Top 10% just by going to college? I don't think so.
I expect you must be one who has fallen for the scams the way you pull numbers out of your ass to describe the American public.
Re:So wrong! (Score:2)
I am in college now, and I can tell ya for sure that colleges are full of idiots, again, people with some money that want to be in college. Oh yeah, and they think they're smarter than everyone, and have networked with people that can help get them cushy well-paying jobs.
People don't work the crap shifts at McDonald's because they're stupid; the stupidity is that enough people want to eat junk food at midni
Re:So that's why (Score:2)
And I don't even have a Chase account!
Seems odd (Score:5, Interesting)
And, the way TFA reads, the bank server (owned by the Chinese government) is currently hosting phishing pages. Can anyone confirm whether the affected server has been taken offline, or are they just letting it go on phishing?
Re:Seems odd (Score:2)
Inevitable comment... (Score:1)
(Sorry. Couldn't resist it.)
Re:Inevitable comment... (Score:1)
China Construction (Score:4, Informative)
It's what you get when you limit information (Score:3, Insightful)
And if those people are responsible for security... think Demolition Man, just on an IT-scale.
Re:China Construction (Score:2)
communist countries tend to be like that. though the problem is of course not exclusive to them, for instance south korea is a giant cesspool of pwned boxen and incompetent admins.
still, for a state bank to be used for phishing has got to be a little embarassing. of course it's just a plot by evil capitalist americans to make china look bad.
Another reason (Score:3, Interesting)
I have to wonder whether there is a deliberate strategy by the chinese government to encourage the world to cut off access to western sites. Allow every kind of malware, be entirely unresponsive to abuse requests, and wait for the west to defensively wall China off so the chinese government won't have to do it themselves. Pretty stupid strategy long-term, though, so I can't believe it's deliberate.
Re:Another reason (Score:1)
Re:Another reason (Score:4, Informative)
058/8 Apr 04 APNIC
059/8 Apr 04 APNIC
060/8 Apr 03 APNIC
061/8 Apr 97 APNIC
121/8 Jan 06 APNIC
122/8 Jan 06 APNIC
123/8 Jan 06 APNIC
124/8 Jan 05 APNIC
125/8 Jan 05 APNIC
126/8 Jan 05 APNIC
202/8 May 93 APNIC
203/8 May 93 APNIC
210/8 Jun 96 APNIC
211/8 Jun 96 APNIC
218/8 Dec 00 APNIC
219/8 Sep 01 APNIC
220/8 Dec 01 APNIC
221/8 Jul 02 APNIC
222/8 Feb 03 APNIC
There are other ranges where APNIC is interspersed with other stuff, but this list gets you all the /8 space which can be blocked conveniently.
Bill's Blacklist [scconsult.com] is more extensive and gets into the APNIC space that's wedged within other /8 netblocks, and he also identifies other problem children. His list is probably too agressive for your tastes if you're running a public website, though.
Re:Another reason (Score:1)
Re:Another reason (Score:2)
Think hard before you use such an imprecise hammer like this.
Re:Another reason (Score:2)
Re:Another reason (Score:1)
Re:Another reason (Score:2)
Re:Another reason (Score:2)
I think that's why the GP used the phrase, "I have to wonder".
Where (Score:1)
Re:Where (Score:2)
Bank network security (Score:4, Interesting)
The IS Coordination was rabidly anti-Microsoft. The network was mostly windows 98/NT machines on Banyon Vines 3.0 (this was in 2001, right about the time Novel released Banyon 6 I believe) with a handful of Unix based servers.
To prevent possible security breaches, none of the machines had access to the internet except for a few special machines. Those machiens where not suppose to have access to the internet and the intranet at the same time. What actually happened was that those employees with "one or the other" access figured out they could just leave both cables plugged in and no one would know.
Towards the end of my contract, relations where breaking down. The IS Coordination was accusing me of purposely introducing bugs to inflate my hours, and I was accusing her of blatant incompetence. The bug that she had been accusing me of creating happened only on the normal staff's PC. My laptop, and her brand new PC worked fine. Turns out that not only were they using an out dated version of Vines (v3 -> v6) they had also not patched it on any of the worker machines (They were on v3.0, and at that time v3 was patched to v3.3). Her machine and my laptop had been fully patched. The problem wound up being one of the dated libraries included in Vines 3.0.
Unregulated internet access + outdated and compromised network system + a high volume of multi-million dollar transactions = receipt for disaster.
-Rick
Limits (Score:2)
What is the limit before the government does something about it? I mean we could do it any number of ways. Covertly..overtly..fast..slow..with a side of fries..whatever you want.
Whats it going to take to make us drop a server like an armed drunk charging an officer?