Australian hacker in guilty plea over banking info stealing software: protect yourself!

Alex Zaharov-Reutt
Monday, 26 July 2010 19:04

Your IT - Home IT

Anthony Scott Harrison, from the major Australian city of Adelaide, has pleaded guilty to a range of counts of technological offences that saw him create a software trojan to steal banking and credit card details from PCs, striking 3000 of them around the world and in Australia, with 74,000 more PCs targeted for infection.

Australia is not free of computer hackers on the dark side of the force, the black hat hackers who use their skills for criminal purposes, as opposed to the white hat hackers (or even the “real” hacker) whose journeys on the light side of the force lead them to help secure computer systems, networks and the Internet while simply enjoying the adventure of exploring life, technology and online.

The local black hacker to hit the news is Anthony Scott Harris, aged 20 and from the coincidentally named suburb of “Black Forest” in the state of South Australia and its capital city of Adelaide.

His creation of banking malware saw 3000 computers infected with software that could steal banking and credit card information, presumably with the intent of being used fraudulently at some future time after collection, or perhaps for sale in the underground economy, something well explored by security companies such as Symantec.

Harrison last faced the Adelaide Magistrates Court on September the 4th, 2009, as reported by Larine Statham in the Sydney Morning Herald, with police reportedly spending four months building its case against the accused.

Months have now passed, and finally, a court outcome has today been achieved at the South Australian District Court, with Adelaide Now’s court reporter, Sean Fewster, reporting that Harrison “pleaded guilty to four counts of modifying computer data to cause harm or inconvenience”, “admitted two counts of possessing or controlling data to commit a serious computer offence” and “pleaded guilty to one count of dishonestly manipulating a machine for his own benefit.”

Fewster also noted that “Judge Paul Rice remanded Harrison on continuing bail for sentencing submissions in September.”

Although the reports don’t mention it, the likely target of the malware concerned was the Windows operating system, be it Windows XP, Vista, 7 or others.

The incidence of malware for the Mac and Linux operating systems is infinitesimally smaller than that for Windows PCs, and while security vulnerabilities, the bulk of the banking and other info stealing malware is targeted at PCs running Windows.

The only real way to protect yourself when using Windows PCs is to ensure the following:

- Make sure your operating system is fully up to date through its OS update mechanism. 

- Make sure the programs you use, from the Adobe Flash player to browsers to office software is updated to the latest version or has the latest updates for that particular version.

- Make sure you are using Internet security software and that it is updated, such as that from Symantec, McAfee, AVG, Trend Micro, CA, BitDefender or even Microsoft’s free Security Essentials software.

- Use software such as the standalone AVG Linkscanner to pre-scan in real time the next page you’re going to before you get there - even if you use some other Internet security software besides AVG, although naturally AVG will remind you in the free Linkscanner version that its Internet security products include the Linkscanner capability.

- In conjunction with your existing Internet security software, use software like TrustDefender to completely “lock down” your computer and even disable any actively running malware, rootkits or other nasties before and during any banking or other transactions online. TrustDefender is currently only available for Windows PCs, to give protection where the risk is greatest and where the very latest malware attacks are the most cunning and ferocious.

- Get help from someone who knows how to do this if you don’t. Learn about it even if you don't want to or pay someone competent to do it for you. We all take our physical security and that of our homes and cars very seriously - sadly the time has long ago come where the same is necessary for our digital lives.

Yes, you may be safer on a Mac or Linux PC, and if that’s a direction you want to go, even if it’s just to boot a Linux live CD or into a dual-boot copy of a well known Linux distro (amongst many good ones) such as Ubuntu 10.4 for your banking, it’s all possible, easier than ever and even cheaper today than ever before.

So, while the courts do catch computer criminals along with the regular kind, the damage has already been done by the time it gets to court.

Given there are ways to protect yourself in the meantime, it’s essential you do so, lest your personal information ends up being used for identity fraud or worse through criminal black hat hackers and the scarily vibrant underground e-‘con’-omy.