In the past, police in Brazil have worked hard to put hacking gangs behind bars.
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have welcomed the news that police in Brazil have arrested 55 people suspected of being part of a gang which phished millions from online bank accounts. Approximately 10 million reals ($4.6 million) is estimated to have been stolen from innocent internet users.
The police swoop, which involved 330 members of the federal police force, took place mostly in Campina Grande, in the state of Paraíba, some 1,100 miles north east of Rio. Other alleged members of the gang are still being looked for by the authorities.
According to the police, the gang broke into approximately 200 accounts at six different banks, infecting internet users' computers with spyware Trojan horses to steal confidential information such as account numbers and passwords. The Trojan horses were sent to online banking customers via email since May 2005.
According to a police statement, computers, cell phones, credit cards and other materials have been confiscated and will be examined as part of the investigation.
"Phishing is big business, and in recent years we have seen a tidalwave of Trojan horses and other malware coming from Brazil designed to spy upon users of internet bank websites," said Graham Cluley, senior technology consultant at Sophos. "The Brazilian police should be congratulated for putting resource into investigating these organised crime campaigns, and we hope this will send out a strong message to others contemplating emptying online bank accounts."
Sophos has expressed concern that the alleged leader of the gang is said to be only 19 years old, and that nine others arrested so far are minors.
"It's disturbing to see young people turning to internet crime to make fast and easy money," continued Cluley. "Criminals are writing more malware than ever before, designed to steal bank account information from innocent computer users. All internet users need to ensure their computers are properly defended with the latest up-to-date protection software, and make sure they are not putting themselves at risk."
More information about the arrests can be found on the Brazilian Federal Police's website.
The British banking industry has published information about how online bank customers can take steps to stay safe online at www.banksafeonline.org.uk. The Australian Bankers Association has also published information about how consumers and small businesses can protect themselves against online fraud.
Sophos recommends that companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection. Additionally, computer users should ensure they are defended by personal firewalls and the latest Microsoft security patches.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.