Hackers¹ target the home front
Thursday February 15, 2007

The Guardian²

1. One of the UK's leading banks has been forced to admit that organised hacking³ gangs have been targeting its executives. For the past year, Royal Bank of Scotland has been fighting systematic⁴ attempts to break into its computer systems from hackers who have sent personalised emails containing keyloggers to its senior management. This has included executives up to board level and is now the subject of a separate investigation⁵ by the Serious and Organised Crime Agency.

2. The hackers are homing in on the trend for people to work from home. The hackers make the assumption that the computers being used outside the work environment are more vulnerable than those protected by a corporate⁶ IT department.

Growing threat

3. For companies it is a growing threat as home working increases: a recent survey from the Equal Opportunities Commission found that more than 60% of the UK's population wants the option of flexible working.

4. And the hackers are employing increasingly sophisticated techniques. Each email they send is meticulously⁷ built to make it attractive to its target, who the criminals have carefully researched by trawling the internet for information. Once the email is composed, the malware is just as carefully designed: it is often modified to avoid detection by security software.

5. The keylogger contained in the email installs itself automatically and then collects details of logins and passwords from the unsuspecting user. This means that hackers can, using the usernames and passwords stolen by the keyloggers, connect to VPNs, or Virtual Private Networks, which many companies use to create an encrypted pathway into their networks.

6. Once inside a bank's network, the hackers can communicate directly with computers holding account information and manipulate funds.

7. Has this actually happened? In some cases sources claim that the login details of VPNs have been obtained and used though there has been no confirmation⁸ that any losses have occurred as a result. The attacks are not believed to have focused on RBS but to have been across the whole of the banking⁹ industry.

8. Royal Bank of Scotland said that the bank had suffered no losses as a result of the attacks and added: "RBS has extremely robust¹⁰ processes in place in order to protect our systems from fraud. Trojan email attacks are an industry-wide issue and are not isolated¹¹ to a particular area or a particular bank."

9. It is not just banks that have been targets. Last year attempts were made to steal information from the Houses of Parliament using malicious¹² email. Messagelabs, the company responsible for monitoring much of the email traffic of the government and big business for suspect software, said at the beginning of the year that criminals have been evolving more sophisticated techniques to attack corporate networks.

10. According to Mark Sunner, chief technology officer of Messagelabs, the number of malicious emails targeted at individuals has been increasing. Two years ago they were being seen once every two months, but now they are seeing one or two a day. This has been accompanied by an increase in quality in the creation of Trojans and spyware.

11. "The hackers are now aiming to take over computers, particularly those of home users. Some of the malicious software that we are routinely seeing for that purpose will have its own antivirus system built into it so that they can kill off the programs of their competitors."

Increased vigilance

12. Tony Neate, the head of Get Safe Online, a government-funded organisation¹³ set up to raise awareness¹⁴ among UK businesses of computer criminals, says: "There is now an attempt to target individuals within UK businesses - including the banking sector¹⁵. What is happening is that crime is doing what it always does, which is look for the weakest link. Home working is where they perceive a weakness.

13. "This points to a need for increased vigilance and security by those working from home and by those responsible for letting them work from home. For home working to be effective, security needs to be as effective as if working in an office."