Install

Get the latest updates as we post them — right on your browser

. Last Updated: 07/27/2016

Internet Crime Group Bilked Users of $1.1M

If you want to see a bank's Internet security analyst wince, mention the Rocky Group.

The shadowy gang an Internet security agency says has operated out of St. Petersburg is among the world's most active phishers, robbing unwitting computer users out of millions of dollars.

The Rocky Group is believed to have masterminded one of the biggest online swindles of all time, the daring theft of $1.1 million from 250 customers of Nordea, a leading Swedish bank, late last year. The customers were bombarded with e-mails containing a Trojan virus that surreptitiously collected personal information about their credits cards and bank accounts by keeping track of their keystrokes. Unknown to them, the information was e-mailed to a server in the United States and then onto Russia.

The Rocky Group is at the forefront of what Internet security specialists warn is a growing problem worldwide.

"The bad news is that the trend is uncontrollable, and it is expected to accelerate in the months ahead," said Ramil Yafuzov, a Russia and CIS consultant for Symantec, a global leader in information security and the maker of the popular Norton AntiVirus software.

No one knows exactly how much phishers are stealing, but people in the United States alone lost more than $2.8 billion last year, according to a recent report by E-Secure IT, a New Zealand-based watchdog.

Online anonymity makes it next to impossible for law enforcement agencies to track down thiefs. Moreover, hackers such as the Rocky Group have wrecked havoc on the computer systems of banks that have tried to fight back, discouraging others from following suit.

Phishing attacks account for 78 percent of all cyberattacks worldwide, Symantec says.

A computer hacker executes a phishing attack by sending an e-mail to a user, falsely claiming to be a bank or other legitimate business. The e-mail directs the user to a web site to update personal information -- such as passwords and credit card, social security, and bank account numbers -- that the legitimate organization already has. The web site, however, is bogus and meant only to carry out identity theft.

The Nordea scam went one step further, planting a virus that kept track of users' online activities at legitimate sites as well.

Little is known about the Rocky Group. E-Secure IT, which has carried out an investigation into the group, says it is based in St. Petersburg and is composed of at least 12 people who launch a minimum of three concurrent phishing attacks a week. It says the hackers also flood e-mail accounts with millions of spam messages every week.

The group uses scare tactics to stop banks from seeking assistance from law enforcement. "Banks are warned that if they try, their web sites will be rendered inaccessible," E-Secure IT head Arjen de Landgraaf said in an e-mail.

A recent E-Secure IT report cited the example of an unidentified Australian bank whose business was disrupted for three days after it tried to disable the group's online activities remotely.

Banks also are letting the Rocky Group and other phishers go unpunished because their losses are relatively minor, de Landgraaf said. "No bank is going to start up an international investigative case where losses are ... covered by insurance," he said.

Also, phishing is a low-cost, low-risk business.

"Phishing is different from other cybercrimes because the threshold for entering the market is so low," said Alexander Gostev, senior virus analyst at Moscow-based Kaspersky Lab, a world leader in preventing online attacks.

Gostev said special construction kits are available that allow inexperienced hackers to create fake web sites with a click of the mouse. The ease with which this can be done has attracted a large number of so-called "script kiddies" who are not sophisticated enough to engage in complicated cybercrime, he said.

Another weapon in the arsenal of phishers is social engineering -- a collection of techniques used to manipulate people into performing actions or divulging confidential information, Gostev said. No anti-hacker software can defend gullible clients from these kinds of attacks.

The only way to protect Internet users is to educate them to avoid opening e-mail attachments from unknown sources and to never enter personal information on a web site without first verifying that the site is really what it claims to be, Gostev said.

While Internet users are becoming savvier, many don't realize that hackers are as well, said Viktor Popov, director of technology at IBS. "A misconception is that hackers are always looking for information in incoming e-mails, whereas they mostly attack a computer's archive system with Trojan viruses written to collect information," he said.

Russian cyberpolice said they were eager to catch the hackers behind the Rocky Group but they have few leads. Irina Zubareva, head of the Interior Ministry's computer crimes division, said part of the problem was that international law enforcement agencies rarely report the activities of Russian hackers to her division.

"We have national contact points set up in about 50 countries to monitor and gather reports on the activity of Russian hackers," Zubareva said. "Police divisions and Interpol representatives in those countries are aware of the presence of the national contact points."

Coupled with this is the fact that the Rocky Group plants viruses that are only active for a week in a particular region, making it technically impossible to track down the hackers, de Landgraaf said.

So, at least for now, many security specialists can do little more than keep their fingers crossed that their banks are not targeted by the Rocky Group.