'World's BIGGEST online fraud': Suspect's phone had 'location' switched on Two Russians arrested over their suspected involvement in the largest online fraud in US history were tracked down by analysing photos they posted to social media sites and tracking the location of one suspect's mobile phone, Reuters reports. Four Russians and a Ukrainian national were named as suspects in a credit card …
As it's impossible to commit the perfect crime, you'll have to accept some compromises to ensure it's worth-while.
I'd suggest a full-bodied assistant, who in the name of avoiding any potential snags or skin scrapings (honest), should be clad in some very tight latex.
She needs to be full bodied in order to.... just because OK?
@AC 12:59: Any big-mouthed hacker brave enough to explain how he SQL injects prepared statements?
The kind of data access code that falls for SQL injection is usually a horrible mess of concatenated strings and escaped quotation marks. Trying to decipher it hurts your eyes and your brain. But converting it to something much more secure* isn't a particularly challenging task.
*I accept that nothing is 100% secure, but I've created plenty of sites that pass professional penetration testing. I don't suppose the sites that these hackers broke could claim that.
>I wonder how much it would have cost those 'organisations' to properly sanitise/parameterise (whatever) their websites against the SQL injection attack techniques.
Actual procedure? Relatively little. As stated, a few thousand.
But first you have to get rid of the morons running things.
Now were' talking millions.
And long may the continue to do this. To be truly successful a criminal and his family must be invisible to society, luckily that's very difficult, as your family are just as likely to give you away accidentally as you are yourself. Just think of all the technological toys we now have that have GSM and GPS chips in them.
The breaking news from the US indicating that over 160million credit and debit card numbers have been stolen, whilst not unpredictable, is still quite staggering. Early estimates suggest around $300 million dollars has been stolen, but this figure looks likely to increase dramatically.
It appears that a group of criminals utilising malware to infiltrate large US companies and over time steal payment related data, which then was passed onto a second group who inserted this data on to magnetic stripes to clone bank cards, and completed the fraudulent transactions by either withdrawing cash from ATMs or making purchases.
Securing data is now at the forefront of many financial institutions minds, and as the methods by which hackers compromise our personal information becomes more sophisticated, so must our approach to security.
Every time that a fraud hits the headlines there is naturally a huge focus on how the crooks got hold of all those personal banking details. But there is often less attention given to how they were then able to use the customer details to extract money from customer’s bank accounts.
Unfortunately fraudsters will always find methods to compromise our personal data. While that in itself is a major concern the solution lies in ensuring the abuse of such data can be detected and prevented. The key lies in real-time detection, prevention and immediate resolution enabled by the empowered customer. Technology is available today to absolutely achieve this, in real-time, totally privacy sensitive, highly secure and yet totally intuitive from a customer standpoint. In fact, in many cases the customer is not even aware that security is being applied as many of the techniques used are completely invisible. The answer is robust customer authentication and transaction verification, relative to the bank’s perceived risk of the transaction. It must have speed (real-time), strong security, efficiency, good customer service and ease of use, while shutting down the scope for fraudsters to benefit from their crime. Similar stories (while on a smaller scale) have been publicised for over a decade, and invariably the issues remain the same, surely it is now time for financial institutions to step up and utilise effective security systems that can protect against such massive theft of payment credentials and the inevitable fraud fall-out that has already occurred and will continue for some time to come.
This post has been deleted by its author
“This type of crime is the cutting edge .. Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security", US Attorney Paul Fishman
This is BS and SQL injection is hardly `cutting edge', see 'The vulnerability .. is .. known as .. SQL injection`, July 2005
"Here's the world's biggest hacker .. we got lucky"
A carding operation, hardly the worlds biggest hack, more like catching the low hanging fruit. Once they started selling cards online it was inevitable they would be caught. Also, don't use IRC to discuss ripping off credit card companies ..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
