Hacker tutorial teaches bypassing fraud detection

Security vendor Trusteer has found an underground tutorial that teaches hackers an easy way to bypass fraud detection systems used on many e-commerce and online banking sites.

The company uncovered the document while prowling forums used by cybercriminals to discuss the latest tools and techniques for penetrating security systems.

The tutorial is aimed at technology that identifies devices contacting a site. Such systems monitor the visiting smartphones, tablets or personal computers for hacker-like behavior.

The document shows how cybercriminals work together in promoting techniques for circumventing security systems. The discovery emphasizes the need for organizations to continuously upgrade systems and take a layered security approach to keep hackers out of corporate networks.

"What was effective two or three years ago may be much less effective now," Amit Klein, chief technology office for Trusteer, said on Tuesday.

[See also: With new bank-security guidance, how safe is your firm?]

The tutorial was written in English, even though it came from an underground forum where documents are typically written in Russian, Klein said. The document describes how to fool detection systems that monitor for unusual transactions.

For example, hackers who have obtained a list of stolen credit- and debit-card numbers will attempt to use multiple cards on e-commerce sites or banking sites to obtain goods or cash, respectively.

Key to the effectiveness of the detection systems is the ability to "fingerprint" each device to watch for behavior like multiple transactions, Klein said. The identifying information includes the IP address and the version of browser and operating system in the device.

The latter two identifying bits are taken from what is called a "user-agent header" that the browser uses to identify itself as the software making the request of the Web site. Because multiple devices can have the same IP address, the information within the user-agent header is used by many detection systems to identify devices.

The hacker tutorial recommends using a commercially available virtual private network or proxy server to hide the device's real IP address. It then instructs hackers to use a browser plugin available on an underground site to modify the user-agent header each time the device starts a new transaction, Klein said.

The discovery means organizations using fraud detection systems need to evaluate their methodology. Those still using user-agent headers should be replaced with systems that are less likely to be tricked, Klein said.

"What [technology] people put in front to protect transactions have to be constantly evaluated and reevaluated against emerging threats," he said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts