Home » Levitt Letter » LLX News

This article by Byron Acohido served as the basis for Mark’s Wise As A Serpent column on page 21 of the November 2010 Levitt Letter.

By Byron Acohido, USA TODAY

For generations, U.S. consumers have relied on banks to bear the primary responsibility for keeping their hard-earned cash deposits out of the hands of thieves. Now, banks want consumers to share the load.

About 80% of U.S. households have come to do their banking over the Internet, banking consultancy Novantas says. Many consumers believe online banking is every bit as safe as branch banking. But that’s clearly not the case, banking and tech security specialists say.

Cyber-attacks against individual online accounts have become so sophisticated and pervasive that the American Bankers Association (ABA) is now asking consumers to “partner” with banks to keep cyber-robbers in check.

The banking industry wants consumers to monitor their online accounts for unauthorized transactions on a “continuous, almost daily, basis,” says Doug Johnson, the ABA’s vice president of risk-management policy. That’s because PCs and smartphones have become “the online bank branch for a lot of individuals,” he says. “The customer needs to really recognize that security is most effective when they work in partnership with their financial institution.”

This shifting burden has come about because of developments that the banking industry did not anticipate a decade ago, when it began promoting personal computers as convenient venues for consumer banking. Ambitious online attacks soon followed. Banks have spent heavily to shore up cyber-defenses, and they’ve kept a policy of reimbursing individual online account holders who can verify that they’ve been ripped off, Johnson says.

Even so, cyber-robbery has evolved into a multifaceted, multibillion-dollar global industry that shows little sign of cooling. Last year, the number of malicious software programs designed to pilfer online bank accounts — referred to as banking Trojans — rose to 65,098 in December, up from 4,295 at the start of 2009, according to Panda Security, a Madrid-based antivirus software supplier.

Writers of malicious software code are prolific, always focusing on new ways to get past the latest defenses erected by banks and antivirus companies, says Panda Security researcher Sean-Paul Correll.

A 2009 ABA survey of 170 U.S. banks revealed that 85% of big banks are incurring losses stemming from cyber-attacks on consumer online accounts. Banks responding to the survey rated the “threat level” of online attacks at 2.58 on a scale of zero to five; that’s up from a 1.84 rating in 2007.

“Every single bank I’ve talked to in the last six months, big and small, has seen these attacks,” says Avivah Litan, banking security analyst at research firm Gartner. “It’s an arms race. There are solutions — until the next kind of attack comes along. And if you’re caught in the middle, you’re screwed.”

Successful robbers are patient

Janis Stuart, a retired San Diego personal trainer, barely dodged one recent cutting-edge attack. Returning from an out-of-town trip in April, Stuart booted up her desktop PC and began checking e-mail. She found a notice from her community bank advising her that all future e-mails would be sent to a new e-mail address, as per her online instructions. Stuart never requested such a change.

“My immediate reaction was that they had confused accounts, and this was a big mistake,” she recalls. Stuart drove down to the branch office. A clerk informed her that $5,836.66 was about to be transferred from her savings account to a woman Stuart had never heard of, in the form of a bill-payment check. Payment was stopped.

Stuart says bank officials advised her that she most likely had a computer infection that allowed an attacker to gain access to her account, change the e-mail address and set the bill payment in motion. The bank authorized the transfer because the thief knew the answers to Stuart’s “secret questions” — such as her mother’s maiden name and the city of her birth — and because a similar bill-payment check had been sent from Stuart’s account to the same woman 12 months earlier. That initial check was never cashed, Stuart says.

It was a ruse that allowed the attacker to remain undetected while establishing the woman as an approved recipient of bill-payment checks from Stuart. After waiting a year, the attacker triggered the second payment. “It was a fluke that I caught it in time before the money disappeared,” says Stuart. “I was very upset.” Stuart says she “felt the bank was somehow responsible” for enabling an intruder access to her account.

Stuart’s experience illustrates a prerequisite for accomplished cyber-robbers: patience. The cyber-underground has advanced to the point where very powerful hacking tools and tutorials are readily available for free, and a highly efficient and organized support infrastructure has been established to help thieves. Taking full advantage of such tools takes time.

Chasing thieves’ technology

Instead of holding up a bank branch at gunpoint, modern-day cyber-robbers do their homework.

“To maximize their effectiveness and streamline their ability to move money quickly, criminals take the time to learn your online banking platform and do account reconnaissance,” says Terry Austin, CEO of Guardian Analytics, which supplies fraud-detection systems.

First, they acquire valid account log-ons, often by purchasing them from specialist data thieves. Next, they quietly access accounts, making note of high cash balances and access to credit lines. They also familiarize themselves with the bank’s protocols for authorizing the creation of new online accounts and approving cash transfers.

They look for coding security holes — and invariably find them in the Web browser, the tool banks rely on to run programs that serve as a virtual bank teller. But Internet Explorer, Firefox, Opera, Google Chrome and Apple Safari are designed to let users navigate the entire Internet; they weren’t meant to execute secure financial transactions. Cyber-robbers craft banking Trojans that inject software code into the Web browser, letting the attacker take control of online banking sessions, alter what the account holder sees and make stealthy transactions.

“With the exception of some rare cases, the current online banking systems are at least one full generation behind the current techniques employed by cyber-crooks,” says Costin Raiu, Kaspersky Lab research director.

Cyber-robbers also take great care in setting up “drop” accounts — online accounts they control, usually at the same bank as victims — poised to receive cash transfers. They typically recruit “money mules,” accomplices who execute the final, riskiest step of withdrawing cash from drop accounts and forwarding proceeds to the ring leaders.

Mules are recruited through work-at-home advertisements on employment websites and, increasingly, on popular social networks. Typical pitches promise high earnings for minimal work involving accepting deposits and handling cash transfers. Kaspersky Lab researcher Dmitry Bestuzhev recently tracked down one Facebook-based mule recruiter who had 224,000 friends. “Who knows how many of them accepted the offer to be a money mule?” Bestuzhev says.

In one caper recently investigated by SecureWorks, the attacker embedded a banking Trojan in the victim’s Web browser by getting the person to click on a corrupted Web link in an instant message. The Trojan watched for when the victim next accessed his online bank account and sent a copy of the user name and password to the attacker. It also automatically injected a spoofed bank form into the legitimate banking Web pages.

The bank form asked for the last four digits of the user’s debit card number, ostensibly to complete a security update. The victim complied and filled out the form. The attacker now had a key piece of information necessary to execute large cash transfers.

On a Wednesday shortly before noon, the attacker logged on and began a series of transactions. He changed the e-mail address associated with the account, so notices of any questionable transfers wouldn’t reach the account holder. He next accessed a credit card line of credit and transferred the maximum loan amount into checking.

He then emptied the account of more than $20,000, via a series of transfers into a drop account. To execute the transfers, the thief had to answer this question: “What are the last four digits of your debit card account number?” It took four days for the bank to reimburse the victim.

Such attacks are likely to continue to be commonplace, says Joe Stewart, senior threat researcher at SecureWorks. “Cybercriminals can steal credentials for thousands of accounts at a time with very little effort,” he says. “They have access to more accounts than they could possibly ever use, and most of those are personal accounts.”

Consumer distrust increases

To slow down cyber-robberies, banks increasingly are asking “knowledge-based authentication” questions at key junctures of online banking sessions, says Johnson, the bankers association risk expert. Such questions, derived from data amassed by the big three credit bureaus, Experian, Equifax and TransUnion and by data aggregators LexisNexis and Axiom, ask about obscure personal details such as the name of one’s mortgage holder or father-in-law, a previous address, even the color of one’s car.

“The questions are going to get more difficult over time,” Johnson says. “The threat is real, and (banks) are providing the tools to help customers protect themselves.”

Citibank and Bank of America rank third and seventh among the top 10 most frequently attacked banks in the world, according to Kaspersky Lab. Each uses a variety of security systems and relies on consumers to help protect their online accounts.

“It is paramount that our customers know how to protect themselves,” says Bank of America spokeswoman Tara Burke. “We recommend that customers always protect their passwords, ensure the bank has up-to-date contact information and review their accounts on a regular basis.”

Litan, the Gartner banking security analyst, says banks need to move away from technologies that rely on common Web browsers, which is where banking Trojans thrive. Handheld optical readers, a more advanced technology, are available from Gemalto and Cronto. These devices must be used to take a picture of a visual cryptogram — a secure image produced by the bank — as part of authorizing any cash transfers.

Mandatory use of a verification device that operates separately from the browser would enable banks to ensure “secure transactions no matter what is on the customer’s PC,” says Paul Beverly, executive vice president at Gemalto.

But Litan says banks are a long way from even thinking about widely distributing such devices to consumers. “They don’t want to get into the business” of providing hardware to customers, she says.

Banking and security experts say the only thing that will change the banking industry’s current approach is widespread consumer backlash. Stuart’s reaction to her brush with a near robbery could be a harbinger. The experience prompted her to get offline and revert to branch banking.

“It’s inconvenient not to be able to check my account whenever I feel like it. I have to go by the bank and ask for printouts,” says Stuart. “But at this point, I distrust the system of online banking.”

By James Zumwalt, www.HumanEvents.com

Islamic extremists quote the Koran to justify violence. They believe the words in the Koran are not open to interpretation by man. As the words are Allah’s, communicated to the Prophet Mohammed through the Archangel Gabriel, they have only the meaning Allah—and not man—intended.

Yet many words and phrases in the Koran are open to interpretation due to man’s imperfection in understanding Allah’s intent. Resolving this interpretation is difficult, as no single authoritative, spiritual leader exists for all Islam. While Muslims rely on the Koran for spiritual guidance, a schism within Islam after Mohammed’s death left Sunnis and Shias adhering to different beliefs and interpretations due to these ambiguities.

But these ambiguities provide the vehicle by which Islamic extremists issue their violent interpretations of Allah’s words. Lost upon followers in accepting them is, in offering their interpretation, the extremists violate their own basic tenet that the Koran’s words are those of Allah alone. If, as Islamic extremists suggest, the Koran is given Allah’s interpretation alone, upon what basis do they claim the right to interpret Allah’s message?

It is interesting to examine an origin of modern day Islamic extremist thinking, which, ironically, was triggered in the U.S. by an act of kindness seeking to include a visiting Muslim scholar.

Egyptian educator Sayyid Qutb came to the U.S. in 1948 to study the educational system. Invited to a church social dinner and dance, he fumed as he watched women dancing suggestively close to their male partners. A confirmed bachelor unable to find a woman of sufficient “moral purity and discretion” to marry, Qutb—in an article very critical of America’s immorality—recorded his observations: “The dance floor was replete with tapping feet, enticing legs, arms wrapped around waists, lips pressed to lips, and chests pressed to chests. The atmosphere was full of desire.”

Qutb’s revulsion over America’s animalistic sexuality dominated many of his later writings, which claimed only Islam offered salvation from the West’s decay. Returning to Egypt in 1950, he went on to lead the fundamentalist Muslim Brotherhood—before being executed in 1966 for plotting against the government. His writings and ideas ultimately were an inspiration for Osama bin Laden, shaping al-Qaeda.

It is interesting to compare Qutb’s criticism of Western moral decay to the debauchery of the afterlife the Koran promises loyal followers. What Qutb witnessed in America was quite tame in comparison.

Mohammad Asghar is a former Muslim who left Islam only after coming to understand its true teachings. In an interview with FrontPageMagazine a few years ago, he shared insights, described in the Koran, as to what believers and martyrs are told they can expect in Heaven’s “Gardens:”

“Everything in the Gardens will be for the enjoyment of their residents. In them, their male residents will have companions who will provide them with immense pleasure without feeling shame… Bashful with dark eyes and virgins … will provide them constant company and sex. Those men who will not have interest in sex with the female Hurs (maidens), Allah has made arrangement for them as well: they shall be attended by boys graced with eternal youth… Allah will make them drunk, so that they can serve their clients to their entire satisfaction… The male residents of the Gardens and their virgin companions will be doing only one thing: sex.”

The wives of Muslim men who make it to Heaven, Asghar says,

“will chase their husbands to satisfy their sexual needs. Orgies will always take place in the Gardens. With their male residents’ desire for sex always remaining present in them due to the presence in their midst of, perhaps, naked Hurs, they will have nothing to do, but to have sex with them with no barriers to shield their activity from the next copulating man and Hur. Fathers will be having sex with the Hurs before the eyes of their sons and daughters, and sons will be having sex with the Hurs before their fathers and mothers… Muslims believe in every word of the Koran, as it is from Allah. Many of them wish to die as martyrs so that they can drink and have sex with the Hurs. Not to make them wait, until the Day of Judgment, to enjoy the bliss He has promised to Muslims, Allah transports the martyrs to the Garden as soon as they lay down their lives in His cause.”

The Koran’s sex theme spills over to Hell and the fate of non-believers. Asghar reports there is an interpretation that even sinners will have sex “while burning in the fire of Hell.”

The Koran explains Allah uses deception, when necessary, to dupe mankind. It would appear in preaching their violent interpretations of the Koran, so too do Islamic extremists.

By Ludwig Schneider, Israel Today

There is only night or day. Everything else, whether dawn or twilight, leans towards either day or night. The same thing applies to our attitude toward Israel. We either bless Israel or we curse it (Numbers 24:9). It is not possible to be indifferent toward Israel.

In other words, there are just two camps. One teaches that God has abandoned the nation of Israel and set up the Church in its place. This is known as Replacement Theology. The other says that God will never abandon His people Israel. Both camps cite the Bible, but the former ignores the context.

For example, opponents of Israel refer to Jeremiah 7:29: “The Lord has rejected and forsaken the generation of His wrath.” The rejection of Israel was an issue even in the prophet’s time, as God bemoans in Jeremiah 33:23-24: “Have you not observed what this people have spoken, saying, ‘The two families [Judah and Israel] which the Lord chose, He has rejected them?’”

Friends of Israel on the other hand quote Judges 2:1: “I brought you…into the land (Israel) which I have sworn to your fathers; and I said [or promised], ‘I will never break My covenant with you.’”

God confirms this in Jeremiah 31:37- 38: “Thus says the Lord, ‘If the heavens above can be measured and the foundations of the earth searched out below, then I will also cast off all the offspring of Israel for all that they have done.’”

The Bible is full of promises from God that He will not reject His people Israel, but also of warnings that He will reject Israel. Which is right? What is relevant for the times we are living in now?

The answer is in the timing—whether God has rejected Israel temporarily or permanently. The early Christians in Rome also had a problem with this issue, for Paul responds to the question as to whether God has rejected His people Israel with a clear, “May it never be!” (Romans 11:1). However, a few verses later, he writes that God has rejected His covenant people for a limited time through the “partial” hardening of their hearts. Why? So that during this period, salvation may come to the gentiles (11:25-29).

This rejection, however, is temporary; it will only last “until the fullness of the gentiles has come in”—i.e., until the full number of the chosen gentiles has entered the Church of God. Then “all Israel will be saved.” At that point, God’s permanent covenant with His people Israel will be restored. The bottom line: When God speaks of His rejection of Israel, this is only a temporary state.

Indeed, the “stone which the builders rejected has become the chief cornerstone” (Psalm 118:22). While Peter correctly interprets this as referring to Jesus (Acts 4:11), it also refers to the nation of Israel in the End Times.

Zechariah 8:23 clearly indicates that the Jewish people have not been permanently rejected and will still play a role in salvation history: “Thus says the Lord of hosts, ‘In those days ten men from all the nations will grasp the garment of a Jew[!] saying, “Let us go with you, for we have heard that God is with you.”’” At this time Israel will move out of the state of temporary rejection and will once again, in the sight of the whole world, become God’s eternal covenant nation.

Whenever Israel was disobedient to God, He rejected His people for a period of time—temporarily—in order to reinstate them after they had repented. He has not rejected Israel forever, for “the Lord will not abandon His people on account of His great name” (1 Samuel 12:22).

The Lord also says: “I have chosen you and not rejected you” (Isaiah 41:9); “Yet in spite of this, when they are in the land of their enemies, I will not reject them, nor will I so abhor them as to destroy them, breaking My covenant with them” (Leviticus 26:44). Here God confirms His eternal covenant with Israel, which was not annulled by His temporary rejection of the nation.

This is why He is leading Israel back again into the Land of the fathers; “and they will not again be rooted out from their land which I have given them” (Amos 9:15). Just as God keeps His oath regarding His people Israel, so He also keeps His word to the Christian household of faith.

PUTTING DOWN ROOTS: The Bible says Israel will never again be uprooted from the Promised Land

By Sara Lehmann, www.JewishPress.com

Non-Jews are no strangers to Israel’s policy of inclusivity in its government. What is strange is finding a non-Jewish Knesset member (MK) who is more Zionistic than most of his fellow parliamentarians. Ayoub Kara, a Druze Likud Knesset minister, is proud to consider himself one of the most right-wing members of the Knesset.

Kara, who was appointed deputy minister of the development of the Negev and Galilee by Prime Minister Netanyahu, was first elected to the Knesset in 1999. He was appointed Speaker of the Knesset, served as chairman of the Committee on Foreign Workers and later as chairman of the Anti-Drug Committee.

In a unique position to reach out to others, Kara spoke with the mufti of Turkey following the flotilla incident in an effort to mend bridges. He defended Israel as “the most humanitarian country in the Middle East” and urged the mufti to preach brotherhood “because there are no winners in war, and the way of peace and dialogue is preferable to the miseries of war.”

Kara lives in the Druze town of Daliyat al-Karmel near Haifa with his wife and five children.

The Jewish Press: Can you explain the history and attitudes of the Druze people?

Kara: The Druze descend from Jethro, the father-in-law of Moses. Both Jethro and Moses are prophets of the Druze, and we share the same book of religion as the Jews. The Druze believe, through the prophet Jethro, that the land of Israel is for the Jews and should be defended for the Jews.

Around a hundred years ago, when the Jews wanted to make a state of their own, the Druze helped them. They defended Jewish kibbutzim and gave the Jews in the North guns. They even cooperated with the Druze in Syria to support the Jews. There are around two million Druze in Israel living in the North, in the Galilee, the Carmel, the Golan Heights, and we serve in the Israeli army. Unlike the Palestinians, we have no aspirations for our own state.

Do Druze in other countries share the same beliefs regarding Israel?

This is the philosophy of most Druze, but they’re scared to speak out about it. The Druze are afraid of the Muslims. Privately they say they share a historical religion with the Jews, but out loud most of the Druze don’t speak like that. There is no democracy and free speech in Arab countries and many of the Druze are pressured to convert to Islam. In Israel it’s different because we have freedom to say we’re Druze, and we even have a Druze flag next to the Israeli flag. We can’t do this in Arab countries. I was in Lebanon and Syria, and I know how the Druze there feel. They feel like outsiders and are scared of the Muslims.

To what extent has your family been involved in Israel’s struggle for survival?

Before 1948, my grandfather helped the Jews and paid a big price. His son, my uncle, was the first Druze to be killed by the Arabs in 1939. He was an officer on the side of Chaim Weizmann, the first president of Israel, and he was killed by Arabs in Acco [Acre] because they said that he supported the Jews. My father fought with Tzahal (IDF) in 1948 in the Galilee. Another uncle of mine was killed by Arabs at that time. And my two brothers were killed in the Lebanon War in 1982 near Beirut.

I was also severely injured in the Lebanon War, and my parents died soon after from heartbreak. I returned to my village near Haifa and started my own family after that. I need peace. I don’t like war, but I speak about my tragedy because it’s important to hear how my family paid such a price to defend Israel. I believe the ultimate importance for me, more than anything, is that I live in a democratic state with human rights. In all the surrounding Arab countries there are no human rights, no courts, no justice.

You serve as deputy minister of the Galilee and Negev. What do you consider the most significant challenges you face in these areas?

The big problem in the Galilee and Negev is the migration of people from these areas to the center of Israel. They move there to study and work because we don’t have companies and business in the north and south to provide work for the young people. And when they move to the center, that means the Arabs gain in these areas. President Peres keeps talking about demographics as the reason to give the Palestinians another state. In the future a new Peres could come and say we have to give the Arabs in the north and south another state. I am afraid of that because there will be more Arabs than Jews.

What efforts are you making to combat this problem?

I am trying to introduce new initiatives in the government. One is in the area of education. We now offer soldiers who finish the army the opportunity to study for free in the Galilee and Negev, and we’re also building a big college for medicine in the Galilee. We are trying to build new big roads for people to commute more quickly from the center [of Israel]. We support companies who come to these areas and provide incentives for them. We allowed Intel to open a big factory in the Negev with many rights from the government. This is our opportunity to change the demographics. If we don’t pursue this we will find ourselves with more Arabs than Jews in these areas. In 1948 there were 20,000 Bedouin in the Negev. Now, with no immigration, there are 200,000 Bedouin.

You spoke out very strongly against the Gaza Disengagement. Do you think the Israeli public has learned anything from the results of that withdrawal?

I think the Jewish people are very naïve. I was against the withdrawal from Lebanon and was alone in my opposition. I said that Hezbollah will be motivated from this. In 1982 most of the public in Lebanon were more liberal—Christian, Druze, and secular Muslims—and we were mostly at peace with them. I told [then-prime minister Ehud] Barak that it was important for us to support this group. But we withdrew quickly, and Hezbollah gained power in this area as a result of the withdrawal.

The same thing happened when Sharon withdrew from Gaza. I led the opposition to this plan in the government, but when I spoke out I was accused of opposing peace and supporting war. I tried to stop the Disengagement through the finance committee in the Knesset, but I was told if I don’t agree with them they will throw me out of the parliament. Now it’s different. More than 90 percent now understand that what happened in Gush Katif and South Lebanon was a mistake. They know that if there are any withdrawals in Yehudah and Shomron, the same thing would happen and there would be an Iranian ascendancy in those areas.

But we have the Supreme Court and other liberals in Israel who think we are negotiating with people who have the same mentality as Jews, Europeans, or Americans. But in the Middle East, the Arabs tell you what you want to hear and not what you have to hear. The Jews did not understand this until now.

I don’t want Israel to make another mistake. This is my state. For me the religion is not important—Druze, Jewish, or Christian. I am an Israeli patriot.

Yet you serve as a deputy minister in a Likud coalition whose prime minister endorsed the two-state solution and is in direct talks with the Palestinians. Do you see this as a contradiction?

I support Netanyahu and am one of his close friends. I don’t think Netanyahu would give up any land, but he’s realistic and knows he would look bad to the world if he opposes Obama. Obama has an agenda to give a state to the Palestinians. But he doesn’t live here. We do. When they pushed us on Gush Katif, we gave them land; and when we were attacked afterward, I didn’t see the U.S. come to defend us.

It’s very popular to say two states for two people, but when you speak about this you have to have a partner and leadership to give them a state. Who would lead this state? Abbas and Fayyad cannot cross the border of Hebron. If there were an election in the West Bank, Hamas would win. And Abbas and Fayyad don’t lead in Gaza. They are not relevant there. If they crossed the border into Gaza, Hamas would kill them. That’s why I laugh when they talk about two states.

In all history, there was never a Palestinian state. I don’t support the two-state solution. We have to look at the Palestinians’ intentions. Most of the Palestinians don’t believe Israel should exist. The state of the Palestinians is Jordan. More than 90 percent of Jordan is Palestinian. If they want us to go back to the 1967 borders, then Jordan should lead the Palestinian cities in Judea and Samaria civilly, not in defense, while Israel should [maintain its presence] in the big cities and all the areas in between. And Egypt should retake control of Gaza. We should end any relationship with Gaza. We don’t have any other solution for Gaza. De facto, we have another state there.

But what if Egypt doesn’t want a relationship with Gaza?

So what? We are being pushed to give another state and we don’t want that either. If they want us to move to the 1967 borders, then they have too also. Egypt has problems with the Muslim Brotherhood, but we have our problems too. If the Egyptians kill a few thousand people in Gaza in broad daylight, no one would say anything; but if Israel kills one Palestinian, it makes news around the world. If we do not give Gaza to Egypt, there’s no other solution. The same thing with Jordan and the West Bank.

We need real peace in the Middle East, but I am not going to agree with Obama’s plan. No Obama and no Osama can push us to enable Iran to come into Jerusalem.