Multi-Year Security Assessment of Business Services for U.S. Immigrants

Wire transfer services are at extremely high risk of cyber-criminal penetration.

by / December 12, 2008 0

Panda Security today announced the findings from its multi-year security assessment of business services for U.S. immigrants. These multiservice businesses, primarily used by U.S. immigrants to send money back to their home countries, also known as remittances, were analyzed by Panda Security and were found to be severely lacking in security measures and at extremely high risk for cybercriminal activity such as illegal interception of money wire transfers, as well as credit card and identity fraud. You can obtain a free copy of the entire report and findings from Panda Security's multi-year study by contacting CriticalAlert@us.pandasecurity.com.

According to U.S. Immigration Support, it is estimated that worldwide remittances amount to more than $126 billion and have become a considerable force in the economy of many countries. Last year alone, Mexico received more than $17 billion in remittances through U.S.-based workers, the highest of all countries. Since these offices cater to the immigrant population, they are primarily located in geographic regions that contain a high concentration of Hispanic workers. Panda Security's multi-year assessment focused on the greater Los Angeles, Calif. and Las Vegas, Nev. regions and encompassed an observation of over 300 locations and approximately 1500 computers, representing an estimated 0.45 percent of all multiservice businesses nationwide. Panda Security was granted access at each site and conducted assessments, interviews with the business owners, and an investigation of the network security measures in place within each operation.

The Findings and Threats

The results are alarming and deduce that these businesses, numbering approximately 66,000 in the U.S. alone, are at very high risk for cybercrime security breaches and theft. Surprisingly, the computers present in these offices are typically consumer grade Dell personal computers with very few enhancements or software additions. In repeated visits over the past two years, Panda Security consistently found that trial antivirus software on these machines had long since expired and any kind of proactive security measure was viewed as an unnecessary business expense. At least 30 percent of the 1,500 computers directly observed had outdated antivirus software and an alarming 60 percent were actively infected.

In addition, employees at these businesses are frequently minimum wage young adults who spend time chatting, using peer-to-peer networks and visiting chat sites on the very same computers that store sensitive data such as social security numbers, DMV records, tax records and credit card information. This combination of lack of maintenance, low security consciousness and end user behavior result in highly vulnerable systems that are very easy for cybercriminals to infiltrate.

Since approximately 80 percent of the machines studied are being used for remittances and money transfer to immigrants' home countries, analysis of the security assessments conducted over a two year period found that each network computer is at extremely high risk for cybercriminal activity. All of these risk exposures significantly increase the probability for criminals to successfully intercept authorized remittances to beneficiaries in Mexico via the following tactics:

  • A Trojan / Keylogger can be installed on the target computer (either through a targeted phishing attack or other means of malware infection) capable of capturing screen information and/or taking details directly from the browser session via a sophisticated HTML injection. This would be facilitated by high-risk behavior of the people who operate the terminals and poor security standards, such as trial antivirus software and infrequent system maintenance.
  • A terminal operator who authenticates with a Web-based transfer system can then initiate a wire transfer on behalf of the client (who has appeared in person at the location in the USA). The information regarding the transfer is typically visible on their screen as is the PIN number, beneficiary name and bank/branch where the money will be available. The money is available as early as 15 - 45 minutes on the receiving end and service bureaus watch to see if multiple small
  • transactions to the same beneficiary occur. On a compromised machine, all of this required information can be obtained instantaneously and the cybercriminal can determine whether or not to strike, depending on dollar amounts.
  • False identification bearing the name of the recipient or beneficiary can be created in a matter of minutes and a mule with false identification can be sent to pick up the funds. Due to advanced dye sublimation card printing technologies and corrupt government employees, high quality false documents made with real substrate can be available in mere minutes. In one popular wire transfer service that makes wire pickup available in a large Mexican national bank the beneficiary does not even need to pick up at the designated branch.

"By targeting businesses geared towards immigrants' needs, cybercriminals are picking an easy target and taking advantage of computer systems that have little to no barriers to entry," said Carlos Zevallos, security evangelist and lead researcher of this project. "The lack of education on the part of these business owners coupled with the sheer vulnerability of their networks is creating the biggest potential in cybercriminal gain we've seen yet. If security measures aren't put in place immediately on these networks, we as a country could stand to lose millions of additional dollars due to cybercrime activity."

Preventing and Protecting

For all businesses geared towards U.S. immigrants whose systems are vulnerable to attack, Panda Security recommends the following protocol:

  • Make sure you have an up-to-date anti-malware suite and set it to scan regularly.
  • Make yourself aware of the security practices put into place before conducting your business. Panda Security suggests using FDIC accredited banks or Western Union because they have higher security standards than most multiservice businesses.

Panda Security is offering complimentary security consultation and certification for businesses in need of assistance. For businesses affected by these security problems (this includes check cashing and money transfer locations), please visit our Web site to receive assistance from the Panda Security Critical Situation Line. In addition businesses can scan and disinfect their PCs for free with Panda ActiveScan 2.0.