Feeds

back to article Automated bank scam 'Operation High Roller' stole from the rich

Security researchers have uncovered a sophisticated, multi-tiered financial fraud ring that may have defrauded businesses, wealthy individuals and banks of tens of millions of dollars. Operation High Roller bypasses multi-factor authentication technology employed by banks to attempt fraudulent transactions of &euro,60 million ($ …

COMMENTS

This topic is closed for new posts.
Silver badge

All very sophisticated

...but when "money" is just a line in a database how likely is it that there is also a lot of fraud where money is just created in a database and then transferred elsewhere to other systems before the additional line / line changes are detected?

After all, it's effectively how the banks operated to bring about the most recent recession.

2
5
Silver badge

Re: All very sophisticated

You'd need to change quite a few records in different system and even different companies to sustain this scheme for any length of time. Changing a line in a database is not how banks create money.

4
2
Silver badge
Meh

Stinks of insiders

I presume that a fair amount of knowledge concerning the banking industry is required in order to pull of stunts like this. And I don't mean the kind of knowledge that you can be easily found in the Interwebby Google Thing..

1
0
Anonymous Coward

Re: Stinks of insiders

Nah, sounds like a fairly standard man in the middle attack to me.

1
2
Black Helicopters

Now they might do something.

Since the rich were targeted, something might get done to prevent it from happening again.(unlike your common or garden stealing joe blows card number)

1
0
Silver badge
Joke

Re: Now they might do something.

"Since the rich were targeted..."

Wouldn't be a very successful robber if he targeted the poor, now would he?

2
0
Silver badge
Joke

Re: Now they might do something.

"Wouldn't be a very successful robber if he targeted the poor, now would he?"

Careful there, don't step in the banker's turf!

3
0
Bronze badge

Re: Careful there, don't step in the banker's turf!

Actually, I had a different word in mind.

It too, has 4 letters, and comes before `turf`.

In fact, dogs often leave theirs on the turf!

1
0
Facepalm

But I wanted to do that..........

dammit, I NEED Bill Gate's money to upgrade (downgrade?) to Windows 8.

1
2
Silver badge
Holmes

This reminds me of the RBN guys

They must have some very good heads working for them. Each attack is more sophisticated and more profitable than the former one. This sounds totally like them.

0
0
Anonymous Coward

The hidden cost of laying off experienced staff?

I suppose if you ruin someone's career in the quest for savings some folks might be tempted to use their knowledge for nefarious purposes.

On such a scale it smacks of revenge rather than simple greed.

0
0
Anonymous Coward

Re: The hidden cost of laying off experienced staff?

I seriously doubt it. I used to work for "major UK/Global bank" and the IT security there is shit hot. No one person has a root for anything. Passwords are stored in a system which means that two people have to sign in, in order to send a person who temporarily need upgraded access an appropriate logon, the password is delivered in two fragments in two different delivery methods. The work you do is audited, as are all the IDs on all the systems to make sure that nothing is changed, without permission.

But, what convinces me the most is that when we were made redundant we all got very generous redundancy packages and everyone was very professional about it. Also, when you are caught for something like this (and it is when, not if) you will never work in financial services IT ever again. You'll probably be lucky to work in IT again.

1
0
Anonymous Coward

Re: The hidden cost of laying off experienced staff?

And when the shit hot IT security guys are laid off, the ones who designed and operated it?

Have the guys behind this scam been caught?

1
0
Anonymous Coward

Re: The hidden cost of laying off experienced staff?

I doubt the IT security guys would have been laid off, but also, if the system is designed properly in the first place, it doesn't matter, they would have to collude in order to get root level access and it's people who got the passwords out and the logs are tamper proof.

0
0
Anonymous Coward

A web page that starts a malicious sequence

"The email contains a disguised link. When the victim clicks the link, they visit a web page that starts a malicious sequence:" on what unmentionable are we talking about here :)

0
0
Anonymous Coward

Probably an intelligence operation

After all, the difference between gathering intelligence and committing fraud is simply USING the information. Still want to support any all-out surveillance?

0
0
This topic is closed for new posts.