Epidemic of cyber theft hits government and business

Checked your bank account lately?

Individuals, companies, and government agencies are at risk of losing money to cyber thieves in a new an unprecedented way.

In fact, many, including some state government agencies, have already lost hundreds of thousands each.

Rodney Joffe, the senior technologist at Neustar, a network services company in Sterling, Va., and an expert on Internet-borne malware, joined Tom and Jane on the Federal Drive to explain what is going on.

The virus is called 'Jabberzeus' -- and Neustar has released a report on what it calls "widespread e-Crime".

The virus is designed to intercept, via classic man-in-the-middle attacks, information that gives the cyber thieves the credentials they need to transfer funds over the internet -- essentially, to commit wire fraud.

Through phishing e-mails targeted to people with financial management titles, they tell officials who possess the credentials to update their account information.

After a false report that their banking institution is momentarily unavailable online, the thieves use the log-in credentials and the two minute delay to access the account.

They wire funds, typically in increments of $100,000 or $200,000, to several pre-recruited "mules."

These accomplices deposit the money in their own accounts, and then wire it to the crime ring members after deducting a percentage for their efforts.

By the time the target realizes his or her organization has been hit, it's too late.

The banks aren't much help; they point out the money was moved with perfectly good credentials.

How bad is the damage and who is behind it?

Says Joffe, "It's a single group behind it. We've been tracking this for about nine months now. This one particular group is based in Eastern Europe. And it adds up to about $50 million so far."

But because the occurrences are scattered throughout the U.S., law enforcement and federal authorities such as the Secret Service or FBI must deal with them as local events. And the individual amounts stolen fall below the threshold needed to trigger action, Joffe said. He added that federal field agents are frustrated that there is no concerted federal effort.

"What is really needs to happen is for the federal government, for the U.S. Attorney's Office, for the FBI headquarters and for the Secret Service to recognize that this is an epidemic," Joffe said, adding Washington must connect the dots and "put together a federal task force that goes after the people behind this."

Joffe said that although no federal agency has reported losing funds, Neustar's network monitoring activities show that several federal networks are infected with the virus in question, which incorporates the Zeus key-logging program.