This Week In Cybercrime: Some New Computers Have Malware Already Installed
WILLIE JONES / FRI, SEPTEMBER 14, 2012
—We’ve been warned for years: Our online behavior puts us at risk for having our
accounts emptied, our data misused, and our identities stolen. But as an Albany,N.Y.
article reports, court documents unsealed on 13 September in a U.S.federal court show that some computer users have absolutely no hope of avoidingbecoming the victims of hackers. The evidence, presented in a computer fraud casefiled by Microsoft against Chinese Web domain 3322.org, revealed that brandnew computers, right out of the box, are sometimes infected with malware. The instant
the machines are turned on for the first time, the software directs the computer to attackwebsites and steal money and information.How could this happen? According to the
an investigation by a team of
Microsoft researchers in China revealed that in the interests of greater profitability, “less
reputable computer manufacturers and retailers may use counterfeit copies of popular software products"
particularly the operating system
"to build machines more
cheaply.” The bogus software contains the malware within itself. Maintaining a tight reinon the supply chain, says the article, “is nearly impossible, especially in less regulated
markets such as China, and that leaves openings for cybe
rcriminals” who embed themalicious code into counterfeit versions of Microsoft’s Windows. Cybercriminals "are out
to get you," Richard Domingues Boscovich, assistant general counsel for Microsoft'sDigital Crimes Unit, told PC World."They will do whatever it takes.If the supply chain is
how they're going on get on [computers], that's what they're going to do," saidBoscovich
On 12 September, a group of Cambridge University researchers presented a paper ata cryptography conference in Belgium wherein they report a serious vulnerability arisingfrom the way cash machines authenticate transactions before dispensing money.Surprisingly, the flaw concerns the supposedly more secure cards that containmicrochips, as opposed to old-fashioned ones that use magnetic strips.Europay, MasterCard, and Visa, the firms behind the eponymous EMV chip-and-pin
standard developed to put a stop to fraudulent transactions, put so much trust in itsefficacy that when a chip-and-pin card is used to conduct a transaction, the cardholder is on the hook for the charges unless he or she can prove beyond a doubt that they didnot present the card and did not authorize the purchase. There have been an increasingnumber of incidents where victims of credit card fraud had their requests for refundsrefused by the issuing banks on the grounds that there is no way to explain the card
having been authenticated without the cardholder’s involvement.