Hacker Nearly Stole $8M from Aussie Hedge Fund Using a Fake Zoom Invite (opens in new tab)

(gizmodo.com.au)

47 pointspbadenski5y ago15 comments

15 comments

I have been waiting for this to happen. Any service that normalizes clicking a link in an email and encouraging the user to immediately run an autodownloaded executable is a giant security issue.

1 more reply

jt21905y ago

> [I]nvestigators have pinpointed a fake Zoom invite opened by one of the fund's cofounders...

By doing so, the hacker was able to install a malicious software program that gave them access to the fund's email system which they used to send off fake invoices [to the fund’s trustees and administrator for the amount of approximately AUD 8 700 000, of which AUD 88 000 was paid.]

Edit: Note that there was a lapse of diligence on the payer’s side as well.

max_hammer5y ago

> Following that, a Pakistani national Muhammad Bhatti made 64 (!) withdrawals from one bank where the money was transferred, as well as a small shopping spree, before leaving Australia.

It should be easy to track the criminal.

mschuster915y ago

Tracking yes, prosecuting... not so much. Pakistan does not have an active direct extradition treaty with Australia (per http://www.austlii.edu.au/au/other/dfat/treaties/notinforce/...).

sudhirj5y ago

About three discussions on the front page right now are about Apple controlling the Mac platform, but this is one of the upsides. Companies that use only Macs with gatekeeper on have automatic protection against a whole class of cyber security problems.

brian_herman5y ago

I think Zoom would be allowed still. It doesn't prevent against human ignorance/stupidity.

sgerenser5y ago

The program was a Trojan/malware, not actually Zoom:

By doing so, the hacker was able to install a malicious software program that gave them access to the fund's email system which they used to send off fake invoices.

1 more reply

netsharc5y ago

The article is light on the details (it's an article that digests the contents of another article - behind a paywall bypassable by having a Google referer), but it doesn't talk about how the hack works. Presumably the fake Zoom invite was a link to a non-Zoom website that promptly popped up a window to download an executable named ZoomUpgrade.exe . The victim clicked "download and run", and ta da, he installed a backdoor.

So, despite me not liking them, Apple would be safer because no one probably bothered to write the backdoor for Macs (maybe that's a market, since rich "hedge fund" folks would prefer bling computers?), and their nanny software would probably have said "No, you can't install this!".

Alternatively the hacker could've written a browser extension, I doubt those have adequate protection...

2 more replies

bergstromm4665y ago

> Companies that use only Macs with gatekeeper on have automatic protection against a whole class of cyber security problems.

So would everyone else if Apple shared their blacklists, or we had collaborative and open lists.

Using this as a reason to recommend taking the corporate OS route is deceiving, as it doesn't address the underlying roots of why antivirus is needed in the first place (systemic Capitalist exploitation, and the Elites privatizing and owning the means of production).

j / k navigate · click thread line to collapse

15 comments

artvark115y ago

I have been waiting for this to happen. Any service that normalizes clicking a link in an email and encouraging the user to immediately run an autodownloaded executable is a giant security issue.

1 more reply

jt21905y ago

> [I]nvestigators have pinpointed a fake Zoom invite opened by one of the fund's cofounders...

Edit: Note that there was a lapse of diligence on the payer’s side as well.

max_hammer5y ago

> Following that, a Pakistani national Muhammad Bhatti made 64 (!) withdrawals from one bank where the money was transferred, as well as a small shopping spree, before leaving Australia.

It should be easy to track the criminal.

mschuster915y ago

Tracking yes, prosecuting... not so much. Pakistan does not have an active direct extradition treaty with Australia (per http://www.austlii.edu.au/au/other/dfat/treaties/notinforce/...).

sudhirj5y ago

brian_herman5y ago

I think Zoom would be allowed still. It doesn't prevent against human ignorance/stupidity.

sgerenser5y ago

The program was a Trojan/malware, not actually Zoom:

By doing so, the hacker was able to install a malicious software program that gave them access to the fund's email system which they used to send off fake invoices.

1 more reply

netsharc5y ago

Alternatively the hacker could've written a browser extension, I doubt those have adequate protection...

2 more replies

bergstromm4665y ago

> Companies that use only Macs with gatekeeper on have automatic protection against a whole class of cyber security problems.

So would everyone else if Apple shared their blacklists, or we had collaborative and open lists.

j / k navigate · click thread line to collapse