Meeting the Swedish bank hacker

For US$3,000 our reporter was offered his personal bank Trojan by a hacker whose victims have also included Australian banks

Computer Sweden reporter Linus Larsson interviewed the hacker behind the recent Internet frauds perpetrated against Sweden's Nordea bank. The hacker claims responsibility for many more intrusions. "Ninety-nine percent of all bank intrusions are kept secret," he insists.

The very same Trojan that stole 8 million Swedish kronor (about AUD$1.47 million) from the Nordea bank was also used for a major attack in Australia. So says the hacker who calls himself "Corpse", a developer of advanced Trojans. Computer Sweden's reporter met him for an anonymous chat.

With the aid of security expert Per Hellqvist of Symantec, Computer Sweden tracked down the Russian-speaking hacker. Using a pseudonym, our reporter claimed to be interested in buying his own Trojan, tailored for attacking a bank online. It soon became obvious that Corpse knows very well that his application is used for major online banking frauds.

The bank accounts broken into are selected at random: "It's like roulette," he says in broken English. "Some have a million dollars, some have one dollar. You never know who gets infected."

The Trojan that some people call Haxdoor, is that yours? Does it have the same functionality?

Yes, Haxdorf (there are so many varieties) is mine.

Corpse himself sells the Haxdoor Trojan under the name A311 Death. Haxdoor is the name given to it by antivirus vendors.

Have you heard about the Nordea attacks? That was Haxdoor, wasn't it?

Haxdoor and Nuclear Grabber (a Haxdoor version without a back door).

Quite impressive. Is that the version that I could get for $3,000?

Yes, and ...

And...

[Provides a URL to information about the attack in Australia.] That's Haxdoor too.

I get that for $3,000 dollars?

Yes, it's the same version.

Join the newsletter!

Error: Please check your email address.

More about HISNordeaNormanSymantec

Show Comments

Market Place