What happens when news gets out that a gang is recruiting botmasters to help them with online breaking-and-entering? Does it help the banks or halt the attacks? Maybe, say experts. Hard to say if there are more attacks on U.S. banks or we’re just hearing more about them. Possibly both. On Tuesday, Capital One said it was the latest target in a new round of coordinated cyber attacks aimed at disrupting the websites of major U.S. banks, and SunTrust Banks and Regions Financial said they expect to be next. This comes after last week news from RSA that an internet gang is (or was) recruiting some 100 botmasters to join a planned Trojan attack spree against 30 US banks. The RSA report raised a whole bunch of interesting questions, like: Does it make any difference to the bad guys that word of this has gotten out? What are the banks supposed to do with this information? So I went and asked a few experts about it. But first, some background about what was being planned. The campaign, dubbed “Project Blitzkrieg” by its inventor who goes by the name “vorVzakone,” is supposed to use a whole bunch of hacker cells who will all attack at the same time. RSA says they will all be using a version of the Gozi Trojan called “Gozi Prinimalka.” Previous incidents involving this Trojan, handled by RSA and other information security vendors, appear to corroborate the gang’s claims that since 2008 their Trojan has been at the source of siphoning $5 million from American bank accounts. Analysis by the company said attacks by this Trojan can be identified by several features, notably phone-flooding that will block a bank’s attempts to verify unusual online account transfers. According to RSA, this includes: A novel virtual-machine-synching module announced by the gang, installed on the botmaster’s machine, will purportedly duplicate the victim’s PC settings, including the victim’s time zone, screen resolution, cookies, browser type and version, and software product IDs. Impersonated victims’ accounts will thus be accessed via a SOCKS proxy connection installed on their infected PCs, enabling the cloned virtual system to take on the genuine IP address when accessing the bank’s website. Using VoIP phone-flooding software, the gang plans to prevent victim account holders from receiving the bank’s confirmation call or text message used to verify new or unusual online account transfers. That’s all pretty detailed info for the public to know. If you were robbing a physical bank, that would put the kibosh on your efforts. The online world – as you know – is different. While it’s possible this attack may get called off, that won’t make much difference as far as the targets are concerned. Even “without the call-out of this event from RSA we’ve been seeing similar attacks all the time,” says Zheng Bu, senior director of security research at FireEye. “With the multiple layers of obfuscations [in these attacks] it is very difficult for traditional anti-malware vendors to catch those attacks. These malicious binaries can be changed easily over time. People may call off this operation and tomorrow there will be another set of malware generated to do the same thing.” So how much good does a story like this do? “Reports such as this are a double-edged sword,” says Ori Eisen, founder, chairman and chief innovation officer for 41st Parameter. “On one end they help recruit new attackers and teach attackers about new MOs. On the other side, these reports also notify the good guys about the latest attacks so they learn about it and then can help to stop it by knowing what to look for.” While spear-phishing attacks like these can be very sophisticated, the best way to combat them involves giving your staff training and training and then more training on basic computer security hygiene. They are the weak link the hackers are going after. Related content opinion Why Bitcoins are Just as Viable as Any Other Currency The true value of any currency is a reflection of how much people believe it's worth, according to CIO blogger Constantine von Hoffman. But it's wise to remember just how fast beliefs can change. By Constantine von Hoffman Apr 15, 2013 4 mins Government Technology Industry opinion No Surprise: Docs Show Obama Administration Lying About Drones President Obama has repeatedly said drones would only be used against members of al Qaida and allied groups. However, leaked intelligence documents show the administration has been using them to settle political and tribal feuds for at least four yea By Constantine von Hoffman Apr 10, 2013 3 mins Regulation Government opinion How Big Data Can Quickly Become Big Garbage The bigger the data the bigger the chance of mistakes or inaccuracies. In that vein, a large database used by retailers to screen people accused of stealing from employers is identifying innocent people and could result in major lawsuits, according t By Constantine von Hoffman Apr 04, 2013 2 mins Big Data opinion Why Crazy Trumps Logic on the Internet The earth is flat. Vaccines cause autism. 9/11 was a government conspiracy. These are just a few of the many ideas that continue to find adherents online despite overwhelming proof that they're not based on fact. CIO.com blogger Constantine von By Constantine von Hoffman Apr 02, 2013 3 mins Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe