Check fraud is an old-fashioned kind of crime, but a criminal ring with ties to Russia is using modern cybercrime techniques, including botnets, online databases of financial information and check imaging archives, to run a highly automated, multi-million-dollar counterfeit-check operation.

The crime ring, dubbed “BigBoss” after the name found on a directory server used as part of the massive check-fraud operation, was discovered by researchers from SecureWorks last April.

Is ubiquitous encryption technology on the horizon? 

“We figured out they’re running a large-scale check counterfeiting scheme,” says Joe Stewart, director of malware analysis for SecureWorks, who stumbled upon evidence of BigBoss while researching botnet code on the Internet.

Network World; By Ellen Messmer

A slick, new e-mail scam is putting well-intentioned job seekers at risk of losing $3,000—and being arrested for check fraud, an investigator revealed at the Black Hat security conference Wednesday.

A cybercriminal gang based in Russia is sending e-mail directly to thousands of job seekers who’ve posted resumes on popular job websites, according to Joe Stewart a senior researcher at SecureWorks.  The job offer: the recruit can earn more than $300 for cashing a commercial business check, made out to him or her, and wiring the proceeds to a contact in St. Petersburg, Russia.

USA TODAY; By Byron Acohido

NCUA is investigating allegations that manager fraud caused a failure at Mutual Diversified Employees FCU, a one-time $10 million credit union that was closed and folded into nearby giant SchoolsFirst FCU in February.

Documents filed in a civil suit allege manager malfeasance in the failure, with one member claiming his elderly grandmother, who is suffering from dementia, lost more than $175,000 of funds that were misplaced by the president of the credit union. In her suit, the member charged fraud, fiduciary abuse, elder abuse and unjust enrichment.

Credit Union Journal

It took only a modicum of skill for a cybergang to steal 94 million credit and debit card payment records from the TJX retail chain — and follow that up by hauling in 130 million records from credit card processor Heartland Payment Systems.  Court records reveal that those record-setting break-ins were almost too easy. Even more surprising: The thieves were able to take their sweet time extracting the data, in each case going undetected for more than a year.

CHART: A tale of two hacks

What happened to TJX and Heartland was not unusual. And details unveiled in the prosecution of gang members involved in both thefts have shed fresh light on a business truism demanding more scrutiny: Workplace networks have turned out to be much more porous and difficult to defend than anyone ever anticipated.

USA TODAY; By Byron Acohido

A Bennington man whose lawyer said had “too big a heart” to be a banker was sentenced to four months in prison Tuesday by U.S. District Judge Christina Reiss.  Kevin Thivierge, 44, could have been sentenced to up to 30 years in prison and fined $1 million for “misapplication” of three bank loans while he was manager of the local then-Chittenden Bank in Bennington.

Instead, Thivierge will serve four months at a federal prison in Massachusetts, and remain on supervised release for three years , Thivierge has already paid $100,000 in restitution to the bank, according to Paul Van de Graaf, the assistant U.S. attorney who handled the case.

TimesArgus.com; By Susan Smallheer

Organizations are getting hit by at least one successful attack per week, and the annualized cost to their bottom lines from the attacks ranged from $1 million to $53 million per year, according to a newly published benchmark study of 45 U.S. organizations hit by data breaches.

The independent Ponemon Institute’s “The First Annual Cost of Cyber Crime Study” (PDF), which was sponsored by ArcSight, showed a median cost of $3.8 million for an attack per year, a price tag that includes everything from detection, investigation, containment, and recovery to any post-response operations. “Information theft was still the highest consequence—the type of information [stolen] ranged from a data breach of people’s [information] to intellectual property and source code,” says Larry Ponemon, CEO of the Ponemon Institute. “We found that detection and discovery are the most expensive [elements].”

DarkReading; By Kelly Jackson Higgins

Hedge fund manager Paul Greenwood, the general partner of WG Trading Co., plead guilty to six charges including conspiracy and securities fraud and is cooperating with the U.S. against his codefendant, Steven Walsh.

Greenwood and Walsh, his fellow manager of WG Trading and WG Investors, were indicted last July on charges that they conspired to defraud investors of $554 million. The U.S. said the pair schemed to defraud investors from 1996 until their arrest in February 2009.  Greenwood said he and Walsh took out funds for their own personal use, which a federal prosecutor said cost investors between $800 million and $900 million.

Businessweek.com; By Patricia Hurtado

Joseph C. Donohue, 70, Greeley, Kan., has been sentenced to six months in federal prison followed by six months of house arrest for bank fraud, U.S. Attorney Lanny Welch said today. The court also ordered Donohue to pay $10 million in restitution.  Donohue pleaded guilty to one count of bank fraud. In his plea, Donohue admitted he provided false information to Lyons State Bank in order to obtain loans for purchasing and feeding cattle.

FBI - Kansas City

The number of records compromised in major data breaches dropped sharply last year, according to a new study being issued today. But the causes of those breaches changed dramatically, shifting strongly toward insider attacks.

Those are just two of the conclusions revealed in the 2010 Verizon Data Breach Investigations Report (PDF), a study that has been conducted annually by the forensics unit of Verizon Business, and this year combines Verizon’s data with breach data compiled by the U.S. Secret Service.  The drop-off in records affected might also be a reflection of a shift in targets—cybercriminals are becoming more interested in passwords and privileges than in pure credit card data.

DarkReading; By Tim Wilson