Police arrest two in cyberfraud incident

  • 2002-12-19
  • Aleksei Gunter

Estonia's Central Criminal Police detained Dec. 17 two young men suspected in an attempt to defraud Hansabank clients using security passwords from some 50,000 users of Hanza.net, the bank's online banking service.

According to police, the two young men, Sergei, 20 and Sergei, 22, whose last names are being left undisclosed and both of whom live in Tallinn, used an Internet café in the city center to send out their message at 1:30 a.m. on Dec. 16.

The suspects allegedly used a corporate server in Tallinn to redirect the message to up to 50,000 users of Hanza.net.

Thousands of Hanza.net users received an e-mail message in the morning of Dec. 16 resembling the welcome page of their online banking service. The message, written in Estonian with a number of grammatical mistakes, claimed that due to certain technical problems Hansabank was asking for the login name, the permanent password and the 24 security passwords of its users.

The message also contained a form to enter the desired information which, according to the message source, was to be processed by a script on a server located in Russia.

According to Ando Noormets, spokesman for Hansabank, the bank received forwarded copies of the fraud message from several clients at about 6.30 a.m. Dec. 16, just a few of hours after the message was sent.

"The fraud was basically intended to use naiveté of our customers and was not directed against the bank's IT system. However, the criminals used Hansabank identity to get the information, and that is why we had to interfere," said Noormets.

It took the police a little over 24 hours to find and detain the suspects.

If found guilty of fraud, they may face a fine or three years in jail.

Noormets said that although some 50 people called customers service and confessed they gave their passwords away, no client of Hanza.net lost any money as a result of the fraud.

Hansabank stated it would never request that kind of information from its clients by e-mail, and claimed its client database was not hacked and that the probability of internal information leak is close to zero.

It is still unclear how the cyber-criminals obtained the e-mail addresses of Hanza.net clients.

The fraud attempt caused a major stir and took the front-pages of major national dailies considering that Hanza.net has about 400,000 users in Estonia, or more than one-fifth of the population.

Tonis Reimo, director of Privador, an information security company, said that cybercrime had reached Estonia long ago and that computer users themselves must be more careful.

"The attack on Hanza.net users used a previously hacked third-party computer as a starting ground. Given that more and more people are getting permanent Internet connections and often do not think of firewalls, the number of such possible starting grounds is rising," he said.

People can protect themselves from frauds similar to this by being pragmatic and not trusting their passwords to anyone, Reimo said.