Computer programs that can spy on websites and e-mails are readily available - free of charge - via the worldwide web.
Experts say the hackers who allegedly stole R530 000 by hacking 10 Absa clients' bank accounts could easily have downloaded everything they needed off the internet.
The hackers would have sent e-mails to clients who used Absa's internet banking.
The e-mails would have contained a type of computer virus called a Trojan horse, which downloads automatically as soon as the e-mail is opened or previewed.
Absa forensic investigators have learnt that this Trojan horse contained spy software that was programmed to report back to the hacker, giving away security codes such as passwords, account numbers and PINs.
The hackers then use the passwords and the account holders' home PCs - which are more vulnerable than most banks' computer systems - to access the money.
Johan Reynders, director of software designers ADS, said the hackers could have obtained the e-mail addresses by simply doing an internet search using the last part of the address - @freemail.absa.co.za.
They could even have used spy software which could give them the e-mail addresses of everyone who accessed a bank website.
They could then have sent out a mass mailing which included the Trojan horse, to get the required information.
According to computer network specialist Malcolm Schwegmann, at the last count there were 1 285 spy software servers on the worldwide web.
They might be illegal, but are difficult to police, Schwegmann said. The potential for havoc by spy software hidden in e-mails was enormous.
Spy software was also often transmitted during internet surfing without the computer user noticing it.
The Banking Council said yesterday that the "industry should seek a solution to the problem".
Sapa reports that Absa was to hold talks with its competitors today to discuss internet banking fraud.
The meeting was to take place at Absa's headquarters in Johannesburg at 8am and would last about an hour, Absa group information security officer Richard Peasy said.
Meanwhile, Banking Council spokeswoman Claire Gerbhardt-Mann advised bank customers to install the latest anti-virus applications on their computers, exercise control over shared folders, keep their PIN secret and to never disclose their PIN to anyone, including bank staff.
Schwegmann said that, in addition to anti-virus applications, home PC users should also download anti-spy software programs off the internet.
Both he and Reynders said that anti-virus packages alone were not enough to provide protection.
Absa spokesman Errol Smith said yesterday that there appeared to have been no new internet frauds on their bank accounts overnight, which is when most of the hacking appears to take place.
Bellville police spokesman Superintendent Riaan Pool said the investigation could take a while to complete.
"It's a very difficult and long investigation," he said.
"And we'll just have to wait."
Posts
