Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Three Banks Lose Millions After Wire Transfer Switches Hacked

Soulskill posted about a year ago | from the we're-all-choked-up,-really dept.

Security 179

mask.of.sanity writes "Criminals have stolen millions from three unnamed U.S. banks by launching slow and stealthy denial of service attacks as a distraction before attacking wire payment switches. The switches manage and execute wire transfers and could have coughed up much more cash should the attackers have pressed on. RSA researcher Limor Kessem said, 'The service portal is down, the bank is losing money and reliability, and the security team is juggling the priorities of what to fix first. That's when the switch attack – which is very rare because those systems are not easily compromised [and require] high-privilege level in a more advanced persistent threat style case – takes place.'"

cancel ×

179 comments

Smart Criminals (5, Insightful)

Fluffeh (1273756) | about a year ago | (#44627467)

I like stories like this. If something is done really well and in a clever way (whether it was really being naughty or not) the effort, cleverness and ingenuity should indeed have its merits praised. Slashdot should have more stories like this: Hey, they did a bad thing, but look at just how WELL they did it.

Re:Smart Criminals (2)

flargleblarg (685368) | about a year ago | (#44627479)

I immediately thought of Daniel Ocean when I read TFS.

Re:Smart Criminals (-1, Troll)

Anonymous Coward | about a year ago | (#44627593)

Yeah, kind of like when a rapist stalks a woman for weeks then figures out a clever way to sneak into her apartment. Sure, he committed a crime but you have to respect his planning and dedication.

Re:Smart Criminals (5, Funny)

Anonymous Coward | about a year ago | (#44627643)

I once stalked a woman for fifty years before making my move. It was a beautifully coordinated attack that required no less than sixty seven coincidences to occur at once. Once I have her isolated, I realized that she was like ninety, so I gave up and left. Kind of a let down. Just one of the downsides of being a vampire I guess.

Re:Smart Criminals (2, Insightful)

sound+vision (884283) | about a year ago | (#44627749)

In that situation, the woman hadn't committed any wrong against the man. Maybe didn't even know him. On the other hand, banks rape the people on a daily basis...

Re:Smart Criminals (2)

sonamchauhan (587356) | about a year ago | (#44627947)

Three unnamed banks. They could be three credit unions who have done you no wrong.

Plus, the more banks r*** people on a daily basis, the more profit bank robbers achieve. Its in their best interest this situation continue.

The banks simply pass on the costs to their customers.

Re:Smart Criminals (1)

Jesrad (716567) | about a year ago | (#44628031)

And so, in the end, it's really the customers that the thieves did fark over, weighted inversely against the efficiency of these customers' bank's security. This is exactly like how, with welfare states, net wealth transfers are averaging to the base amount of voluntary contribution to the wealth pool by participants, minus the losses of doing the transfers ; and at the individual scale those net effects are weighted against the participant's competitive advantage at being a recipient and at avoiding being a contributor. Same mechanics, same dubious morality, same usual victims.

Re:Smart Criminals (1)

Anonymous Coward | about a year ago | (#44628069)

Gosh, I didn't even know!

Re:Smart Criminals (1)

Shavano (2541114) | about a year ago | (#44629355)

And that's your justification for stealing money out of my account?

Re:Smart Criminals (3, Funny)

narcc (412956) | about a year ago | (#44627863)

In this specific case, it's more like a serial rapist finally getting raped.

I miss car analogies...

Re:Smart Criminals (5, Funny)

tuo42 (3004801) | about a year ago | (#44627935)

*clear throat

*taptap...onetwo...thisthingon?...taptap...onetwothree...good

*clear throat again

Ladies and Gentlemen, I present to you: the car analogy for our topic tonight

It's like...with the police behind following you in your car...

blinking left, but taking a right turn!

*badabumm

Thank you, thank you, I'm here all night.

Re:Smart Criminals (1)

Antonovich (1354565) | about a year ago | (#44628075)

Sorry, no mod points but +1 anyway!

Re:Smart Criminals (2, Funny)

Nidi62 (1525137) | about a year ago | (#44629095)

I miss car analogies...

The Ford Pinto plant getting rear-ended and blowing up?

Re:Smart Criminals (0)

Anonymous Coward | about a year ago | (#44628147)

I'm guessing you aren't a fan of the detective\mystery genre....

Re:Smart Criminals (5, Insightful)

ls671 (1122017) | about a year ago | (#44627689)

Where do you think those US banks are going to take the money to make it up? In their customer pockets maybe? It's like insurance fraud, shoplifting etc. The end consumer ends up paying for that. We might think; well they already make enough money so, good for them but don't let that fool you. They are going to make up for that to keep investors happy and their stock healthy.

Worse, they may have insurance coverage and insurance companies may raise premium for all banks making sure everybody pays for it.

Sure, it looks nice as a hacker movie scenario although...

Re:Smart Criminals (1)

Anonymous Coward | about a year ago | (#44627845)

Shoplifting raising prices is a popular myth. Prices are determined by profit maximization. Raising prices will only reduce sales volumes, make the merchandise more attractive to thieves, and hurt profits. Shoplifting hurts the owner(s) of the store and nobody else. Most people with a 401(k) are probably stock holders in a little bit of everything making most investors victims.

Re:Smart Criminals (2, Insightful)

ls671 (1122017) | about a year ago | (#44627981)

Supermarkets have a typical profit margin of 1 to 2%. It means that if you steal 10$ worth of food they need to sell 1000-2000$ worth more to make it up unless they already have calculated the shoplifting costs in their 1-2% profit margin. No store stays open for long without makings profits so your "profit maximization" argument makes no sense.

Any businessman will factor in all costs, like hiring more cashier, security guards, security cameras, utility bills etc. when determining their sale prices, it is economy 101.

The goal for any business is to keep shoplifting as low as possible for the cheapest cost ratio possible in order to be able to keep prices down and maximize profits.

Still in many products you pay 300-400% (0)

Anonymous Coward | about a year ago | (#44628025)

Aaaand still in many products you pay 300-400% or even more of what many small farmers get paid for them.

Re:Still in many products you pay 300-400% (2)

ls671 (1122017) | about a year ago | (#44628087)

I wrote:
"Any businessman will factor in all costs", especially if they only make a 1-2% profit margin.

There is just too many middle men taking cuts along the way but this is a different topic. Local agriculture and buying local is one solution to that topic. Do you practice it? It sure beats shoplifting as a solution.

https://en.wikipedia.org/wiki/Local_food [wikipedia.org]

Re:Still in many products you pay 300-400% (0)

Anonymous Coward | about a year ago | (#44629707)

Fast, conditioned transportation is expensive and food spoils on the shelf far too frequently. Both of these contribute greatly to the cost.

Re:Smart Criminals (3, Informative)

bobstreo (1320787) | about a year ago | (#44628435)

Actual supermarket profit margins statistics:
http://answers.google.com/answers/main?cmd=threadview&id=204979 [google.com]

Re:Smart Criminals (3, Insightful)

ls671 (1122017) | about a year ago | (#44628559)

Don't forget gross margin is not real profit. Net profit margin is. Gross margin doesn't take into account salaries, rent, utility bills, security camera installation and maintenance etc. And of course; lost due to shoplifting.

Re:Smart Criminals (0)

Anonymous Coward | about a year ago | (#44628793)

Don't forget gross margin is not real profit. Net profit margin is. Gross margin doesn't take into account salaries, rent, utility bills, security camera installation and maintenance etc. And of course; lost due to shoplifting.

You're going by what they used to say over 10 years ago to guilt employees into not organizing over poverty-level wages. Read the parent's link and follow its sources. It puts the modern supermarket's -net- profit around 6-7% or higher. It's reasonable to speculate that the 1-2 of the leading chains have significantly greater margins. It's also reasonable to speculate that today in 2013 the average is greater as well, since the figures shown are almost a decade old.

Re:Smart Criminals (3, Informative)

ls671 (1122017) | about a year ago | (#44629005)

Profit margin isn't constant from year to year, look at the averages. Some even have negative averages. I would say the average of all the averages is around 1-2% over the years, say 3% if that makes you happy ;-) Oh, and this is from 2009 to 2013. Not a decade ago:
Link 1:
http://ycharts.com/companies/LBLCF/profit_margin [ycharts.com]
Link 2:
http://ycharts.com/companies/SWY/profit_margin [ycharts.com]
Link 3:
http://ycharts.com/companies/KR/profit_margin [ycharts.com]
Link 4:
http://ycharts.com/companies/SVU/profit_margin [ycharts.com]
Link 5:
http://ycharts.com/companies/WFM/profit_margin [ycharts.com]
Link 6:
http://ycharts.com/companies/NGVC/profit_margin [ycharts.com]

Re:Smart Criminals (2)

AmiMoJo (196126) | about a year ago | (#44628873)

UK supermarkets make much more than that. The US ones must be doing something wrong.

Maybe on the cheapest lead-in items they make 1-2%, or even a small loss, but there are lots of higher profit items they sell too. The classic rip-off are the "premium" ranges like Tesco Finest which are basically the same shit as their value stuff but in a different packet. Medicine is even worse - if you look at the "PL" code on the box you will see that the cheap own-brand stuff is usually exactly the same as the expensive premium brands, only 1/10th the cost or less. Exactly the same medicine.

Re:Smart Criminals (1)

Shavano (2541114) | about a year ago | (#44629497)

Not so. Kroger corporation, which owns a huge number of supermarkets, has a gross profit of 20.3% (basically margin on sales), EBIDTA of 4.6% and net income AFTER interest, depreciation, taxes and amoritiztion of 1.5%. So to make up for a loss (say spoilage or pilferage) of $1 value, they need to sell about $5 worth of product because the interest, depreciation and amortization are FIXED COSTS and the taxes are a combination of fixed costs (such as real estate taxes) and income taxes.

Re:Smart Criminals (1)

ls671 (1122017) | about a year ago | (#44629747)

I wrote:
" to sell 1000-2000$ worth more to make it up unless they already have calculated the shoplifting costs in their 1-2% profit margin"

which they obviously have, along with other costs. Thank for the clarification anyway ;-)

Also if you look here, you will find out that Kroger as an average net profit of 0.99% for the past 5 years.
http://slashdot.org/comments.pl?sid=4111255&cid=44629005 [slashdot.org]

Re:Smart Criminals (1)

Nyder (754090) | about a year ago | (#44629911)

Supermarkets have a typical profit margin of 1 to 2%. It means that if you steal 10$ worth of food they need to sell 1000-2000$ worth more to make it up unless they already have calculated the shoplifting costs in their 1-2% profit margin. No store stays open for long without makings profits so your "profit maximization" argument makes no sense.

Any businessman will factor in all costs, like hiring more cashier, security guards, security cameras, utility bills etc. when determining their sale prices, it is economy 101.

The goal for any business is to keep shoplifting as low as possible for the cheapest cost ratio possible in order to be able to keep prices down and maximize profits.

http://www.foxbusiness.com/personal-finance/2012/12/20/retail-worst-enemy-their-own-employees/ [foxbusiness.com]

Says that employee stealing is worse then shoplifters, so it seems that Supermarkets biggest problem is it's own employee's.

Re:Smart Criminals (3, Insightful)

geekymachoman (1261484) | about a year ago | (#44628509)

End consumer (commoners) always end up paying, one way or another, in all situations. Nothing new there.

Sometimes I think that instead of being a obedient sheep, waking up early, working 10 hours and generally being exploited while barely having enough for comfortable "life", I should turn to let's say.. victimless crime*.
I know this is frowned upon by society, but only because those in power are propagating idea that we should be obedient.. so they can keep all the f money and have less competition.
The banks are criminals, the politicians are criminals, the religious leaders are criminals, insurance companies, pharmaceutical companies, governments, etc. In modern world, they just upped it to a new, modern level. It's not corruption same as in 3rd world country, but it still exist just behind the curtains and/or through loopholes they made for themselves.

I know people that acquired wealth by pillaging (literally), smuggling cigarettes and guns. Now they are respected businessmen that have legal businesses, and are hiring you to work 10 hours a day for them while they propagate the idea that doing anything "illegal" is bad. Exactly the same as those mentioned above are doing.
It's all just to keep you in check and under control. Every each one of them are full of it.

(*) = As a programmer, that would be let's say hacking wordpress sites and selling them to someone or using them to make a profit. System Administrators should be happy. This creates jobs for them.

Re:Smart Criminals (1)

Mike Frett (2811077) | about a year ago | (#44628555)

What's worse is those new fees they attach to recover those lost funds, will be ongoing long after the funds have been recovered from our pockets. It's Corporate Rape against the populous.

Re:Smart Criminals (0)

Anonymous Coward | about a year ago | (#44628987)

Er.. all they took were a few electrons. The bank will just fill up their end with mroe pretend money.

Re:Smart Criminals (0)

Anonymous Coward | about a year ago | (#44629239)

I call bullshit. It isn't like they pass on their lower profits anyway - if there are enough non-robbed competitors out there they still have to deal with them.

Re:Smart Criminals (3, Interesting)

Hatta (162192) | about a year ago | (#44629469)

If the banks had a way to extract more money from us, wouldn't they already be doing it? Why would they wait until they were hacked and lost money to raise prices, if they thought it would increase their income?

Re:Smart Criminals (0)

Anonymous Coward | about a year ago | (#44629827)

^^ this. All of you foolish morons who think that everytime someone does something like this they're "sticking it to the man" take note. You, your parents, your friends, your neighbors, and every other common man is getting stuck with the bill. Do you think the CEO is going to take a cut in pay over this? He'll probably get a bonus because he had to manage a crisis. Meenwhile a meeting will be held, fees will be raised, they'll come up with new and interesting ways to screw the average public like processing your deposited paycheck that arrived at 4PM after processing your mortgage payment that didn't show up until 9AM (had to wait for it to clear dontchaknow). There is no sticking it to the man. Not really. The people who are in power are there because they make the rules, and they're played out. If you find a way to make their life hard they just find a way to make it illegal and make your life VERY hard.

Re:Smart Criminals (2)

jovius (974690) | about a year ago | (#44627747)

True, it makes a great read - when nobody is cleverly and ingeniously maimed or killed.

Re:Smart Criminals (1)

Anonymous Coward | about a year ago | (#44627795)

They stole from american banks did they really do a bad thing? SO 'criminals' took a few million from the banks.. how much did these same banks probably take from all the people they've fucked over in the past

good for them, and kudos for doing it so well

Re:Smart Criminals (0)

Anonymous Coward | about a year ago | (#44628215)

They are just as smart as pickpockets who divert your attention away from your pocket by some sort of "attack" while stealing your money. It's the exact same strategy.

Re:Smart Criminals (2)

InterGuru (50986) | about a year ago | (#44628473)

Another example of the increasing skill requirements for today's work force. 50 years ago the only skills required to rob a bank was the ability to hold a gun and drive a getaway car. Now - sheesh - you have to know how to break into a high security switch.

The average guy has no chance to make it nowadays.

Re:Smart Criminals (0)

Anonymous Coward | about a year ago | (#44628697)

I like stories like this. If something is done really well and in a clever way (whether it was really being naughty or not) the effort, cleverness and ingenuity should indeed have its merits praised. Slashdot should have more stories like this: Hey, they did a bad thing, but look at just how WELL they did it.

Isn't that the mantra of every mad scientist?

Re:Smart Criminals (1)

coofercat (719737) | about a year ago | (#44628701)

If you're going to go down for something, make sure it's big. In the case of theft, make sure you're stealing several wasted lifetimes worth of money so that you can afford the legal defence, and eventual breaking out of jail. And you can afford to do the same for everyone involved.

There's no point getting banged up and a criminal record for petty theft.

I'm with you on this - it might be criminal, and it might be taking money from the banks customers, but it sure is a slick manoeuvre.

Re:Smart Criminals (0)

Anonymous Coward | about a year ago | (#44629377)

I agree completely. I seem to sound really bad when I say that I enjoy reading about a good heist. I don't like that it happened but I enjoy the cleverness that went on behind it. Like, it's not every day that a heist happens, at least not anymore. I've done security work on networks and websites before and I have to admit there's an attraction to seeing the code being cleverly broken.

Re:Smart Criminals (1)

gweihir (88907) | about a year ago | (#44629603)

Indeed. And they even were smart enough to not get greedy, the typical downfall of otherwise smart criminals and criminal hackers.

stealthy? (4, Informative)

phantomfive (622387) | about a year ago | (#44627473)

slow and stealthy denial of service attacks

I don't think a DOS can be stealthy......if it's denying service, are people going to notice?

Re:stealthy? (2, Funny)

Anonymous Coward | about a year ago | (#44627499)

If nobody's around when the DOS is being executed, did it really happen?

Re:stealthy? (5, Interesting)

morcego (260031) | about a year ago | (#44627519)

slow and stealthy denial of service attacks

I don't think a DOS can be stealthy......if it's denying service, are people going to notice?

A stealthy DOS is when the attack looks like a normal occurrence, and not an attack. It is not the DOS that is stealthy, it is the attack or, rather, the reason for the lack of service.

It is a very neat thing, actually. Say you have a very long, segmented fence. There are 1000000 segments, and every day 1 of those will break and stay broken for 10 seconds. You can't explore that, because it is random, and you can't try all 1000000 segments in 10 seconds. However, if you can force the dice and make a specific segment tail, you can be there and exploit it, because you know which one and when. To the external observer, however, it was just a normal, run of the mill segment fail.

It is the same concept. The failure is there, they notice it, but it is done in such a way they don't notice it is an attack.

Re:stealthy? (1)

phantomfive (622387) | about a year ago | (#44627531)

They don't notice the increase (or sharp decrease) in traffic?

Re:stealthy? (2)

cheater512 (783349) | about a year ago | (#44627589)

Woosh.

No they don't notice that the real attack is different from the previous 'fake' attacks.

Re:stealthy? (1)

higuita (129722) | about a year ago | (#44628771)

what if they are requesting heavy pages? what if they slowly increase the load for several hours/days? you can see a increase, but don't care much, it looks like normal users , a natural increase of traffic ... only after it keep increasing or is sustain for a long period you start to be alert. And even that you may point finger to a deploy made a few minutes/hours/days ago that might have change the site load distribution ( you may test for errors before deploying, but load factor is harder to test, specially on complex sites)

Re:stealthy? (1)

Anonymous Coward | about a year ago | (#44627615)

Old magician and pickpocket trick, first get their attention focused in a given direction, then do whatever you please right under their nose. Thousands of variations but essentially the same thing and variant skills. Easiest people to con are greedy thieves.

Re:stealthy? (1)

Anonymous Coward | about a year ago | (#44627637)

unless it was an inside job.,,

Knowing that the current banking environment is more like Vegas and the people involved have less ethics than a toad, then it likely was an inside job.

Re:stealthy? (1)

Jesrad (716567) | about a year ago | (#44628041)

Stop giving toads such a bad reputation, thanks.

Re:stealthy? (2)

bactus (101056) | about a year ago | (#44627687)

A DoS should be stealthy if the purpose is to e.g temporarily get a part of the system to accumulate transactions.
The resulting queue can then be manipulated before stopping the DoS

Re:stealthy? (1)

Anonymous Coward | about a year ago | (#44628261)

DOS can be very stealthy if you don't have drivers for your sound card. Well, except for the noise of your floppy drive, of course. ;-)

I approve. (0)

Anonymous Coward | about a year ago | (#44627477)

No guns, no foul.

Something (4, Interesting)

Impy the Impiuos Imp (442658) | about a year ago | (#44627509)

I must be missing something -- did these people transfer it to an account then go withdraw millions in cash quickly? Or did it take months for it to be discovered?

I can't conceive of any other way that would insulate against a reversal, no matter how many accounts and banks around the world they forwarded it to. Even Swiss banks go along with obvious criminality investigations nowadays.

Re:Something (2)

cheater512 (783349) | about a year ago | (#44627605)

You assume that banks have full referential integrity. I.e. Every transaction must have a source and destination account, and both accounts can be verified from their server.
If they don't then you just say it got sent to another bank where they can't verify the destination, then send another transaction to a different bank for the same value.

Or if you really want to cause hell, just change numbers. Make money appear from nowhere or make it vanish.
You can't stop the world's banking networks and replay each transaction to verify them,

Re:Something (2, Interesting)

jxander (2605655) | about a year ago | (#44627767)

You assume the banks actually WANT to catch the criminals. They'll just use this as an excuse to fleece their customers. "We're now adding a $1/month anti-wire-payment-switching fee to all accounts." Add a little spin, and the cost is there to protect YOU, Mr or Mrs Customer ... and there you have it. The millions stolen will be reimbursed in short order. After that, it's pure profit.

Re:Something (1)

Somebody Is Using My (985418) | about a year ago | (#44629853)

They'll just use this as an excuse to fleece their customers. "We're now adding a $1/month anti-wire-payment-switching fee to all accounts."

But first, they need to collect from the insurance companies.
And then they need a government subsidy to help protect their infrastructure in the future
Next, they'll re-negotiate costs with their partners who failed to protect them ("Why are we paying you so much? If you want to keep us as your customers then we need to talk price. Oh, no need to actually fix anything; we'll keep the current service... we'll just pay less")
THEN they can add a fee to squeeze more from the customers.

That's why banks are the true visionaries of capitalism.

And now to our resident expert: (1)

Anonymous Coward | about a year ago | (#44627513)

Ok, where's the dude who's done decades of banking work who will tell us all why this was inevitable?

Re:And now to our resident expert: (5, Funny)

muphin (842524) | about a year ago | (#44627535)

He's currently in jail for speaking up against the banks, ya know.. letting those terrorists know about the loopholes so they can exploit it

Re:And now to our resident expert: (-1)

Anonymous Coward | about a year ago | (#44627659)

He's currently in jail for speaking up against the banks, ya know.. letting those terrorists know about the loopholes so they can exploit it

mobile power bank and cool gadgets best buy from ebayso.http://www.ebayso.com

Re:And now to our resident expert: (2)

91degrees (207121) | about a year ago | (#44627717)

As a dude who's done decades of banking work, this was inevitable, because uhm... something to do with 1970's infrastructure or something.

This is spectacular (0)

Anonymous Coward | about a year ago | (#44627533)

I hope to see much more of this.

Re: This is spectacular (1)

Anonymous Coward | about a year ago | (#44627629)

No problem.... Just send me your bank details.

Re:This is spectacular (1)

maliqua (1316471) | about a year ago | (#44628121)

Yeah a few thousand more of these and the banks can finally receive an adequate fine for the crimes they committed a few years ago since the government doesn't have the balls to do it.

In real life (1)

Anonymous Coward | about a year ago | (#44627569)

In reality, criminals and spies don't use high-tech equipment to break-in to facilities. They use inside knowledge, which this sounds like. Although it required a highly educated criminal to use it. I think this is the price of a well-trained work-force that is slowly down-sized. Hasn't a lot of the previous 12 months been about the lack of built-in security in networked devices? Both deliberate omission and that driven by penny-pinching.

Banks... (2)

Dj Stingray (178766) | about a year ago | (#44627647)

..will just use this as an excuse to hold your money even longer. Thanks Obama.

Unsigned transactions? (3, Interesting)

dutchwhizzman (817898) | about a year ago | (#44627649)

You can put authorization codes in transactions, but if they aren't digitally signed, you can alter them in transit. Maybe banks should start exchanging signing keys and not transfer authorization codes?

A little too easy - sadly (4, Interesting)

PerformanceDude (1798324) | about a year ago | (#44627671)

These attacks are actually a little too easy to effectuate. The drive to outsource to third world countries and lack of training for local staff means that they are all a prime target for a social engineering attacks. It does not take a lot of organised resources to then create the requisite diversion for the often overwhelmed security staff and you have a big win in the pipeline. Of course it requires some skill, but nothing more than a course or two at Blackhat USA will give you. If you also have the benefits of the funds of a large Russian crime syndicate and the personal "motivation" that flows from that, along with an almost zero risk of prosecution due to jurisdictions - hell - why wouldn't you go for it?

The bottom line is that we need to harden up our defences more and more. We may even have to disconnect essential financial infrastructure from the internet and bring it back onto a completely private network that it costs a substantial amount of money to join and be authenticated to. It should come with the proviso that any device connecting to it, could also not be connected to the internet or an unknown intranet device at the same time. This would not be bulletproof, but it would substantially reduce the risk.

Re:A little too easy - sadly (1)

b4upoo (166390) | about a year ago | (#44628685)

Perhaps a 24 hour hold on all transfers would take care of much of the problem. By having a built in delay any institution could judge normal traffic by running software designed to notice unusual transfers. It is rather like a credit card situation. Many card holders are very consistent if shopping close to home exclusively. So why not have software that red flags when a person suddenly seems to be hundreds of miles away and have stores carefully check IDs or get a phone conversation with the card company. After all, they do have purchase histories that should indicate habits of spending.

Re:A little too easy - sadly (1)

clickclickdrone (964164) | about a year ago | (#44629659)

Did you really just use the word effectuate?

Halarity ensues... (5, Funny)

MobSwatter (2884921) | about a year ago | (#44627703)

Crooks robbing crooks...

You be amazed (5, Interesting)

LordWabbit2 (2440804) | about a year ago | (#44627705)

You would be amazed - or maybe shocked - to see some of the banking systems out there. I have worked for several financial institutions and their systems are usually very very old legacy crap stuck together with bubble gum and faith. One place was dealing with 70% of the countries financial messaging and they were not using transactions, if there was a problem (and there often was) messages were lost. Asked if I could change it to use transactions, couple lines here, couple lines there.
NO.
Why?
Cost to test would involve the entire country and would cost millions.
OK.
So they are still losing messages.

Re:You be amazed (2)

game kid (805301) | about a year ago | (#44629341)

Too big to fai^Wrepair.

Think outside the box! (0)

Anonymous Coward | about a year ago | (#44627777)

I do not think these banking attacks are significant from a global economic-financial point of view. Else the NSA, GCHQ and Unit 8200 would be hunting down the perpetrators and either turning them or hanging them in Haifa.

Even if the perps are russians, the USAF/CIA could just as easily execute missile strikes with drones to take them out. The russian air defence is like cheese, full of holes, especially in the Far East. Hacker havens like the Baltics or Moldavia (part of ex-USSR) effectively have no air defence or even radar coverage. The chinese hackers should also be culled to teach PRC a lesson about who is boss.

I am pretty convinced the entire cybercrime and malware phenomenon could be ended in under 24 hours by extrajudically exterminating less than 1000 VXer people in drone strikes. One must wonder why this isn't done? But of course antivirus companies would also cease to exist without a protection market.

Re:Think outside the box! (1)

gagol (583737) | about a year ago | (#44627881)

Tired of malware? Start WWIII, pissing off the rest of the planet will sure resolve all your problems.

Re:Think outside the box! (1)

Anonymous Coward | about a year ago | (#44627913)

I do not think

you should have stopped there

Re:Think outside the box! (0)

Anonymous Coward | about a year ago | (#44627999)

I am pretty convinced the entire cybercrime and malware phenomenon could be ended in under 24 hours by extrajudically exterminating less than 1000 VXer people in drone strikes. One must wonder why this isn't done?

So you're perfectly comfortable having 1000 people killed by US drone strikes without due process? I suggest you read this:
http://en.wikipedia.org/wiki/United_States_Bill_of_Rights [wikipedia.org]

See the fifth amendment: "No person shall...be deprived of life, liberty, or property, without due process of law."

Not that the US government really cares...but should we really complain when once in a while they actually follow the constitution?

uhh....what banks!!??!! (2)

spinninnzen (956529) | about a year ago | (#44627801)

Why has there not been any information as to which banks were involved. That's kind of important. regardless if this directly impacts a customer or not I would like to know if it was my bank...

Great. Just great (2)

WindBourne (631190) | about a year ago | (#44627817)

These banks run the crappiest OS and security systems. Then when they are cracked, they do not want it known who they are, BUT, we taxpayers will be on the hook for these idiots that refused to run secured systems.

You would think that at this time, that they would be smart enough to limit the internet's transactions, to being slower than what it takes to process the security issues.

You know I really love (-1, Flamebait)

Anonymous Coward | about a year ago | (#44627891)

the way not a single fucking one of you read the article. All that happened here was a DDoS on some switch, and the bank, as corps usually do, are pulling monstorous figures of millions in "damage" due to temporary loss of service.

No accounts were "hacked"
No servers were breached.
No accounts were changed.
No money was transfered.
NOTHING was stolen.

Of course, all you idiots buying into the hype and hyping this article even MORE actually helps the banks get away with their "evil hackers" scare hysteria. Dumb fucks!!!

Re:You know I really love (4, Informative)

pslytely psycho (1699190) | about a year ago | (#44628043)

From the article....
"The researchers said fraudsters were using Dirt Jumper, a $200 crimeware kit that launches DDoS attacks, to draw bank employees' attention away from fraudulent wire and ACH transactions ranging from $180,000 to $2.1 million in attempted transfers."

Sounds like theft to me. Now granted it says "attempted transfers," but, I think someone made themselves very rich while only giving the banking system a minor scratch. A few million is pocket change in the land of banking.

Re:You know I really love (0)

Anonymous Coward | about a year ago | (#44628065)

Reading comprehension: Fail.

Let me emphasize the relevant part from the article:

"Gartner vice president Avivah Litan said at least three banks were struck in the past few months using "low-powered" distributed denial-of-service (DDoS) attacks meant to divert the attention and resources of banks away from fraudulent wire transfers simultaneously occurring."

Unless the man's a complete idiot (0)

Anonymous Coward | about a year ago | (#44628071)

He won't slip up at all. He'll just go on quietly taking the bread from our mouths. unless he's a total ignoramus, he'll keep a low profile and won't do a thing to call attention to himself.

Unless he is an utter moron...

Re:Unless the man's a complete idiot (1)

Captain Hook (923766) | about a year ago | (#44628213)

It's not superman without Lex Luther.

too much money (1)

zaax (637433) | about a year ago | (#44628127)

If this was a normal hold-up and they stole millions the police etc would be all over the place, but not so with this heistb and the owners of the bank wwould be on the phone to the local polcie cheif every 10 minutes, therefore it sounds like the bank can afford to loose this amount of money.

The not so smart (0)

Anonymous Coward | about a year ago | (#44628169)

So first of, the "systems are not easily compromised [and require] high-privilege level in a more advanced persistent threat style case" is bullshit. Every coded program of any sort as bugs which lead to vulns which in turn become zero-days for those ballzy enough to use them. Alas, these people just used them while they flooded the servers from a different aspect. Not really surprising. The only surprising thing is that it hasn't been reported more. Also banks don't die in the US. The money doesn't come out of the end customers pocket either. If a bank gets fucked then its just a excuse to fuck their customers.

Brecht anybody? (0)

Anonymous Coward | about a year ago | (#44628185)

"What's the crime of robbing a bank against that of founding one?" Apologies for quoting a communist, but then everybody's favorite "ist" bogeyman nowadays is the "terror-ist".

Bait and ... (1)

giorgist (1208992) | about a year ago | (#44628247)

Bait and ... hit the switch ... lights out

Can someone explain... (0)

Anonymous Coward | about a year ago | (#44628253)

In the real world.. stealing something involves taking and possessing something physical. Electronic money transfers are just that - electronic.. Just a set of records in a database.

In terms of electronic transfer of money - a transfer goes from one bank account to another. If they worked out the transfer was fraudulent and they can see where it has gone from and to, then can it just not be reversed?

Am i missing something here?

Re:Can someone explain... (1)

ixuzus (2418046) | about a year ago | (#44628963)

If the money is still in the account, no. But if the bank that received the transfer has transferred that money out of the jurisdiction or exchanged that record in a database for a briefcase full of large denomination notes they're not going to be particularly keen on rolling the original transaction back.

desperate (0)

Anonymous Coward | about a year ago | (#44628443)

RSA keen to prove that Advanced Persistent Threat is really a thing and that they're not the only ones to fall victim.

No senior exec is going to be held accountable (3)

140Mandak262Jamuna (970587) | about a year ago | (#44628605)

No matter what happens, some one else faces the consequences, when it comes to these banks. There is bad security, bad implementation, total lack of understanding of how their systems could be breached. They will fire a few techies, for poor security. But the bigwigs drawing big salary, even their bonus would not be touched. May be they will get more bonus for taking a firm stand and firing these techies who show up to work in jeans and ear rings.

Even when they lie through their teeth to sell junk as gold to others they don't end up in jail. We all will pay, through more bank fees, more insurance costs, more taxes to bail them out. And they will dance all the way to their own private bank.

Oh no! (0)

Anonymous Coward | about a year ago | (#44628657)

Millions of dollars? That's like... 38 minutes of what banks scrape off the top.

Which banks? (1)

realsilly (186931) | about a year ago | (#44628917)

I hate when an article eludes to a point but never actually provides the full disclosure details.

Which three US banks?

Re:Which banks? (0)

Anonymous Coward | about a year ago | (#44629553)

Just so we're clear, are you alluding to the fact that the article eluded which banks were involved?

Just a test of viability? (1)

Elisanre (1108341) | about a year ago | (#44629155)

Are there any indications pointing to that this was just a trial run for something bigger or just prudent crooks that took what they could get away with?

Convenient Scheme (1)

Kanopy (3026223) | about a year ago | (#44629533)

Banks have been looking for ways to make money since there was such a thing as a bank. Who's to say that the banks didn't engineer this little event so that they could keep the money they stole from themselves (clients) and get reimbursed by the insurance companies to fill the coffers back up again?
If the switches are that difficult to hack, then just maybe it was an inside job.

Ancient Everything (3)

bill_mcgonigle (4333) | about a year ago | (#44629761)

I happened to be at a bank yesterday, inquiring about a bank transfer. Turns out it was cheaper for me to get a bank check and overnight it than it would be to do a bank transfer, and the bank transfer wasn't even guaranteed to be complete within 24 hours.

The young teller thought the system was as odd as I did ("hey, I just work here") and was more interested in asking me about nuclear transmutation in star formation than banking (my strange little world...) but I have to assume that when the banks are 20 years behind Western Union and Walmart that their systems are too. I wouldn't expect 20 year old systems to be robust against attack and it would surprise me if they put much effort into otherwise defending them.

Prime Risk (1)

clickclickdrone (964164) | about a year ago | (#44629771)

Sounds like some crooks watched the old 80's movie Prime Risk. Except they probably didn't use an Atari 800/810 combo for hacking.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...