Hacking and banking
Hacking and banking; 2009 was full of it. Law enforcement was able to capture a ring of hackers responsible for some major 2008 bank data thefts and subsequent fraudulent transactions. ‘Hacking and fraudulent banking’ is likely attractive enough from a risk/reward point of view to see whole floods of hackers trying their luck (or testing the banks luck). The sophistication of the cyberattacks and the level of cooperation with ‘regular’ crime groups grows, making the potential fraud losses of data breaches larger than ever.
This week WSJ and FOX reported that Citibank is allegedly a victim of a Russian hackers ring.
The Federal Bureau of Investigation is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang, according to government officials….The threat was initially detected by U.S. investigators who saw suspicious traffic coming from Internet addresses that had been used by the Russian Business Network, a Russian gang that has sold hacking tools and software for accessing U.S. government systems. The group went silent two years ago, but security experts say its alumni have re-emerged in smaller attack groups.
U.S. banks have generally been loath to disclose computer attacks for fear of scaring off customers. In part this is an outgrowth of an experience Citibank had in 1994, when it revealed that a Russian hacker had stolen more than $10 million from customer accounts. Competitors swooped in to try to steal the bank’s largest depositors. Citibank said at the time that it was able to recover most of the money and that the attack didn’t put customer funds at risk.
The new attack targeting Citibank highlights the growing sophistication and threat posed by overseas criminal networks. “There were a couple of days of struggling,” said one person familiar with the attack. “There were some sophisticated elements that made it hard to block.”
Although the alleged Citibank attack was reported this summer, the actual hack could have taken place as early as in 2008. Any relation to the larger data breaches in Worldpay and Heartland (see earlier posts)? A Citibank spokesman denied that there was a breach of system or any fraud losses and that the FBI was not investigating a multi million dollar cyberfraud related to Citibank.
The Italian police finally caught up with one of Italy’s most wanted hackers. The suspect, Iannelli, allegedly collaborated with Camorra (Naples Mafia) organizations to hack into (“secure”) websites of online businesses. He then exploited the details of credit cards used to pay for purchases to make purchases himself or to switch funds onto payment cards that were then used to withdraw money from bank ATMs. Ianelli was arrested after Italian police pinpointed him in Thailand and Thai authorities kicked him out of the country back to Italy where police was waiting for him.
Will (y)our information be safe in 2010?
http://www.foxnews.com/politics/2009/12/22/fbi-probes-hacks-citibank-govt-agency/
