Cyber- criminals have abused the Boleto Bancário online payment system to steal potentially billions of dollars, according to security firm RSA.

Cyber-Criminals have infected nearly 200,000 computers in Brazil and used their access to issue payment vouchers with an estimated value of $3.75 billion, according to an analysis of the attack published by security firm RSA on July 1.

Dubbed the "Bolware" gang, the criminals abuse the Brazilian payment system known as Boleto Bancário, which allows customers to promise to pay an online merchant, print out a payment slip with a barcode and remit money at a bank. While previous attempts to defraud the payment system used fake boleto, the latest attack, which started in late 2012, infects Web browsers on compromised computers and modifies legitimate boleto to route payment to the criminal accounts.

"The Boleto Malware (is) a newer and more sophisticated kind of fraud in Brazil that leverages MITB (man-in-the-browser) technology to attack online operations, and is based on transaction modification on the client side," RSA stated in its analysis. "Like any substantial cyber-criminal operation, the Bolware gang has continued to innovate, revising their purpose-built malware through 19 different versions.

While the details of the fraud differ from payment fraud in other nations, the techniques—such as using a man-in-the-browser attacks—are similar to how criminals are attempting to steal money from financial institutions in the U.S. and Europe. Criminals adopted man-in-the-browser attacks to defeat additional countermeasures—such as IP address and device identification—deployed by financial institutions.

"It is a class of problem where the arms race has migrated," Dan Kaminsky, co-founder and chief scientist of White Ops, an anti-fraud technology firm. "Once upon time, it was good enough to steal a customer's username and password and log into the bank from wherever and do whatever you wanted, but they soon figured out that a California customer should not be logging in from Latvia."

While banks in Brazil and other nations continue to fight against payment fraud, such attacks expose weaknesses and undermine trust in the financial ecosystem in most countries. Because customer-owned computers are generally thought to work on behalf of the user, banks typically argue that any fraud that originates from compromised customer systems are the responsibility of the victims. Such fraud rose more than 200 percent in the first nine months of 2013, according to Symantec.

Small U.S. businesses, for example, have lost hundreds of thousands of dollars to such attacks and sued their banks for allowing funds to be transferred to foreign nations, even though it was the business's machine that was compromised. Courts have generally split on whether the business is responsible for the lost money, or if banks should catch anomalous transactions and perform extra security measures.

A similar scam, where the attacker changed the banking information to which publisher Conde Nast sent funds, resulted in $8 million being transferred in six weeks, but the money was frozen before attackers could transfer it to their own bank accounts

While the Brazilian crime network is not large compared to other botnets, the potential profits for its operators are huge, according to RSA.

"Boleto malware is a major fraud operation and a serious cyber-crime threat to banks, merchants and banking customers in Brazil," the company stated. "While the Bolware fraud ring may not be as far-reaching as some larger international cybercrime operations, it does appear to be an extremely lucrative venture for its masterminds."

Most common cyber crimes in UAE are fraud involving money and extortion

Dubai: The number of people reporting cyber crimes has almost doubled in Dubai, according to Dubai Police.

Statistics from the cyber investigation department of Dubai Police show that they received a total of 1,419 reports in 2013, 792 in 2012 and 588 in 2011.

Lieutenant Colonel Saeed Al Hajiri, Director of the Cyber Investigation Department at Dubai Police, told Gulf News that the most common cybercrimes are fraud involving money and blackmail or extortion, especially sextortion.

He said these crimes are common because they are easy to commit from anywhere in the world.

All the cyber crimes that are found in the UAE, he said, are also found everywhere in the world, as the internet is an open environment.

“But what matters is how we handle them. We work with international organsiations such as the Interpol, VGT [Virtual Global Taskforce] and the Europol to fight all kinds of internet crimes.” he said.

He added that the “internet has a lot of evil; we get a lot of different reports and complaints, so we have up-to-date data of all the trends in cyber crime.” Recently, the department launched a campaign to raise awareness about cyber crimes such as promises of non-existent jobs, personal information theft – especially photos, money-related fraud and so on.

No tolerance for paedophiles

Lt Col Al Hajiri, said they get reports from people of all ages, and there is no specific age group that is most vulnerable.

However, he said, they have a zero tolerance policy for paedophiles.

“We are proactive in protecting children from internet predators. Anyone who posts photos or videos or content that have paedophilic themes is tracked and arrested immediately, and sent to court for trial and deported.”

He said that they do not wait for someone to report such a crime; they monitor the internet and handle it instantly.

In the UAE, he said, there aren’t many instances of children-related internet sex crimes.

People fall into the trap of internet criminals due to a number of reasons, all of which have nothing to do with how well educated they are, he said.

He explained that usually people who fall into the trap of online criminals have some weakness or character flaw that the criminal uses to abuse and exploit them. Lack of social intelligence, being greedy, not being content, having an emotional void, and having financial troubles are some weaknesses that criminals target, he said.

Pornographic activities are illegal, and people should not get into illegal activities that can later on lead to sextortion. Lt Col Al Hajiri added that the country has a proxy in place to block pornographic content in order to protect people. However, he said, some people bypass this security measure and get into problems related to sextortion.