Not long ago, one of our team members attended a security conference in Amsterdam. He absorbed a lot of information, but was particularly impressed by a presentation about how money flows from stolen credit cards, bank accounts etc to criminal groups in Eastern Europe. This 'flow' seems to be in many directions and in large volumes we think!
We have been quite busy and couldn't give enough time to this tale, but finally and deservedly, here you have it.
Some time ago, we wrote a post about protecting public wireless connections using a VPN service :
As we already pointed out there, public wireless access to the Internet is becoming more and more ubiquitous and people is getting more and more used to being always connected whilst in airports, hotels, bars and a multitude of other public places. As already mentioned too, these new habits come with new risks. We no longer know about the networks that we are connecting to as these change all the time, are of different types over different technologies, and with different levels of security. This opens the door to new ways of gathering and stealing information, as we clearly pointed out in the aforementioned post (ref: fake access points).
All these new threats come from new, very specialised, organisations/entities that focus on gathering private financial information (bank account access details, credit cards etc) and using those to steal money. According to the security presentation, these criminal bodies are hierarchic, very well structured and professional organisations that operate throughout Europe, and possibly extend their reach worldwide.
We are not at all scaremongering but relaying very 'real world' facts about crimninal organisations and their modus operandi.
We will focus here on the sofisticated operations of one of these groups and how they managed to move very considerable amounts of money from Western Europe to Eastern Europe by using money mules, and simple yet very efficient procedures.
Obviously, the first step is to get the financial details from as many individuals as possible. This was outsourced to other global networks such as trojan creators, botnet sheperds, phishing masters, hot-spot crackers etc. These groups of self-employed techies have the technical resources to deploy their weapons, but not to monetize them, to convert this private sensitive information into real money. So in most cases, they package this information and resell it to other more specialised networks, like the one we are talking about in this example, who have the structure and resources to make good money out of it.
But how do they do it ?
We have to introduce here our friend the money mule. A money mule would typically be a low income individual with financial needs to cover and not many options to do it. Most importantly, he/she possesses a bank account.
In our example the money mule will be Jack. A friend of Jack´s, or a friend of a friend of Jack ´s, or a friend of a friend of a friend of Jack´s has come to know a very easy way of making some good money through a reasonably low risk process.
Here it is:
- Our money mule's shepherd does a large number (let's say a thousand) of transfers from stolen bank accounts to our Jacks´ bank accounts. Transfer amounts are never really big, so as not to create serious trouble for Jack (let's say €1000). So that would be €1 million worth of transfers if we were to have a thousand Jacks.
- Immediately after receiving the transfer, our 'Jacks' in Western Europe do a thousand transfers to some thousand Johns in Eastern Europe each for 950€. So our Jacks have made €50 just for doing a transfer to some John they have been told about. Not too bad.
- Obviously, no sooner our Johns have got the money in their accounts, they all take the 950€ out of the account and the money mules shepherd happily collects €900 from each of them… giving away €50 more to the Johns.
So, all in all, €900,000 have made their way to our happy sheperd and it will be extremely difficult for the police to grab anyone related to it as they have two thousand low profile individuals that have received and processed small amounts of money while the real final target is unknown to all of them.
We would like to insist that this is a completely real world example that would be sharing 'the landscape' with, we assume, plenty of others.
It is in this context and environment that we insist on the importance of correctly protecting your communications from EVERYWHERE. Particularly when we rely on quasi permanent internet access through all types of wireless networks to do all kinds of operations e.g buying stuff, checking bank accounts, reading corporate mail etc, and using a plethora of devices (laptops, netbooks, mobile phones, iPads …).
It is here where, as already explained, a VPN connection to a good VPN provider can show itself to be worth the few bucks we have spent on it. We don't have to worry any more about the security of the network we are connecting to. We are bringing in the security (in the form of encrypted communications) with us!!
We hope this has been helpful.
Get Your VPN NOW!