DNS Perspectives

April 23, 2010

DNS - Cybercriminals Attacking SMBs through ACH Fraud

By Michael Dinan

TMCnet Editor

Small- and medium-sized businesses are facing a major cybersecurity threat involving ACH fraud, an expert in the field told TMCnet during an interview that forms part of an article that appears in a special technology section of the Chicago Tribune today.

According to Rodney Joffe, senior vice president and senior technologist at Neustar, a Sterling, Va.-based company that delivers addressing, interoperability, and infrastructure services, criminals are stealing banking credentials from SMBs and then making use of those credentials to initiate wire and ACH transfers from the business accounts, out to mules and then back to where the cybercriminals are based - typically in Eastern Europe.

"This particular thing has been going on for (18 months) now," Joffe, who has served as an Internet security advisor to the U.S. Department of Homeland Security and FBI, told TMCnet. "It's now reached epidemic proportions, to the point where federal law enforcement actually has a task force to deal with it."

One particular group involved in the scam already has stolen $100 million from U.S.-based SMBs, he said.

Why are SMBs targeted?

Joffe believes it's because they're viewed - relative to enterprise businesses - as lacking IT sophistication and staffing.

"You generally wouldn't find a qualified network administrator that's also a really goo d security professional," he said. "So there's a lack of awareness. We're talking about the kind of compromises that generally wouldn't work in the enterprise."

In the SMB, generally speaking, Joffe said, business processes also generally do not include serious considerations of cybersecurity.

The Chicago Tribune article, "Solving the Digital Divide," discusses the role that outsourced IT professionals might play in helping SMBs defend themselves against security threats - as well as helping those smaller businesses leverage cloud-based tools to run more efficiently.

Joffe, during our interview, opined that while it's a good idea to outsource some IT work, it's also a good idea to have someone in-house on staff to address security issues, because that person has more at stake.

"I would want to make sure that there was one person working for me that had my interests always in mind," Joffe said.

Michael Dinan is a group managing editor for TMCnet, overseeing TMCnet's Web editorial team and covering news in the IP communications, CRM and VoIP industries. He also oversees production of e-Newsletters in the areas of 4G wireless technology and smart products. To read more of Michael's articles, please visit his columnist page.

Edited by Michael Dinan