back to article Bank man: System's down, let's have coffee. Oh SNAP, where's all the CASH?

Cybercrooks are running distributed denial of service attacks as a smokescreen to distract bank security staff while they plunder online banking systems, according to a researcher. Avivah Litan, vice president at Gartner Research, reports that cyber criminals looking to attack financial institutions are getting more ambitious …

COMMENTS

This topic is closed for new posts.
  1. Khaptain Silver badge

    Some questions

    Can't the banks implement some kind of token/key/passphrase system which would prohibit movement without the "owner" first supplying his consent......

    Is it really possible for someone, other than an exisitng bank employee, to have the know-how to actually perform these kind of transactions.

    How is it possible to hide bank transactions when most banks have signed treaties against money laundering, theft, mafia etc which allows things to be traced, relatively simply.... ( The Swiss and various other minority thief countries are excused).....

    If the banks are not secure what alternatives do we really have : Bitcoins ?

    1. Daniel B.

      tokens!

      I am really surprised that US banks haven't wised up and implemented two-factor auth already. All of my banks have done so, even if Mexican accounts are probably poorer on that account...

  2. Ted Treen
    Flame

    Banks???

    Banks are now beginning to tell depositors that in the event of banks getting into trouble (i.e. found out), you have little claim on the money you thought was securely yours:- we've now changed the rules and you lent the money to us so you're just another unsecured creditor...

    Management bonuses & pensions are no doubt, sacrosanct.

    If fraudulent criminals are being attracted to the banks, is it not just a case of "Birds of a feather..."?

    1. SD24576

      Re: Banks???

      Any link to this please?

      1. M Gale

        Re: Banks???

        Any link to this please?

        It's pretty well known that if there's a run on the bank, it won't be able to pay everyone. I guess the same applies if the bank goes bust for some other reason: You can't make up money where there is none, at least not without inflation.

      2. Anonymous Coward
        Anonymous Coward

        Re: Banks???

        http://en.wikipedia.org/wiki/Deposit_account

        read the bit in Legal Framework (it is the same in the UK)

    2. MonkeyCee

      Re: Banks???

      Oh goodness, you are going to _flip_ when you find out a bit more about how finance/money works. That's not intended in any way as an insult, it means that you are possessed of common sense and honesty.

      The laws of financial theft, the grand ponzi scheme that we are all born into, are like the laws of entropy. Can't win, can't break even, can't get out of the game. Your money is not yours. You are renting it, in a variety of ways, from the banks. You will be charged for it to be made, charged to use it, and charged to keep it. And it will be stolen or seized from you through totally legitimate means if needed.

      A deposit with a bank is a debt of the bank to you. You are now a liability for the bank (they owe you money) and what you think of as your money is now their asset. They can then lend this asset out, charge interest, and then give you some of it. This is *normal* banking, something like a credit union does, or a high street bank. This should hopefully make sense, since it's still pretty honest and sensible. The main trick is lending to the right people, which is why the CUs often want you to be a regular saver before giving you a loan, why banks only want to lend money to people who already can get the money etc.

      However when the bank runs out of money, through bad loans or other causes, then the bank will have more liabilities than assets, then the priority of those assets goes to those with the greater claim. This is when you get cheated, as you find out that your deposit, what you (rationally and sensibly) think of as your money, is not always going to be what is paid back first.

      This is horrific enough, but when your bank gets bought by another bank, even though nothing changes from your perspective, your deposits are now owned by someone else, with a different chain of creditors attached to it.

      I'm a bit of a precious metals bug. Coin collector as a kid, gold panned for holiday money, and used as a savings tool when a bit older. Not into any crazy "hide in the wilderness" stuff, just that precious metals have been and are used as money still. Plus you can still have a bank look after them for you, like a deposit account, only that you, not the bank, are the actual owner of the physical goods.

      My crackpot theory is that if aliens turn up, then hopefully whatever stuff is rare cosmically will still be rare enough to have some value. Since they would be here for some sort of enslavement/strip mining/conquest deal anyway, better be bribing my way into space hoboville.

  3. Steve Todd

    Unless these banks were complete idiots

    The wire transfer system should have been on a completely different, private interbank network (SWIFTNET) and managed by different teams. Also interbank funds transfer messages don't TAKE any money from client accounts, they get messages from other systems instructing transfer messages to be sent, and pass inbound messages to the appropriate system (SWIFTNET handles everything from advice messages to file transfers these days)

    1. Anonymous Coward
      Anonymous Coward

      Re: Unless these banks were complete idiots

      SWIFT aka So What If it Fails Tomorrow, or Some Wanker's Idea For Telex - only handles international traffic. The CHAPS (or CHIPS depending on your country of residence) system handles domestic interbank payments.

      1. Steve Todd

        Re: Unless these banks were complete idiots

        No, SWIFTNET is intra-national as well as international. As banks get charged per message they try to route as much as possible through their internal and local banking networks, but all of these are very private, going nowhere near the public Internet.

  4. Anonymous Coward
    Anonymous Coward

    Banks don't care: they just pass on costs to their customers

    If banks issued something like PINsentry to all customers, so that they could digitally sign transactions (at least to new payees), independently of the internet, such heists would not be possible.

    Why is it that financial services are almost the only businesses that do not legally own a duty of care to the customers?

  5. Banksy

    They already do that...

    I bank with HSBC and if I want to send money from my online account to a new payee I have to use the token I have to log in with to generate a PIN. It'll probably happen with other banks if it doesn't already.

  6. Banksy

    Steve Todd: Yes, as you describe this type of situation would only work at badly organised institutions. In most places payments are set up by the customer or the customer service team taking a phone call/responding to a written instruction via the customer database/mainframe/whatever. The actual batch of payments would be relayed to and sent separately via a different application (Faster Payments, BACS or Chaps) by a different team with their own passwords for that application.

    It would be extremely unlikely that from the transmission mechanism ('wire transfer application' as the article terms it) would be integrated with the customer database/mainframe in such a way that you could choose individual customer accounts and the amount of money you want to steal.

    You could perhaps steal money from the bank's own accounts. Even that seems unlikely.

  7. Pascal Monett Silver badge
    Flame

    How can this be continuing ?

    "The stolen cash is then passed around between mules until it ends up in the accounts of the cyber criminals."

    And how is the money passed around between mules ? With orders given by . . . email. You know, that thing the NSA is supposed to be watching like a hawk, so much so that Groklaw shut down because of it.

    So, does this mean that money mules are now out and wire fraud is in ? Nah, the money mules are still very much at work because the NSA doesn't give a damn about financial fraud. The real threat are the people who know something about how crooked our governments really are.

    Now, correct me if I'm wrong, but isn't the sole goal of government to ensure that the life of the people it is responsible for is as well-managed as possible ? Is not the government responsible for the people's safety, which is why we have an army and a police in the first place ? As well as government employees who clean the streets and take care of communal grounds (well, before outsourcing that, that is) ?

    I have a message for our governments : I care a lot more about the safety of my bank account than I do about the risk of being killed by a terrorist. Please review your priorities accordingly, else I and a few hundred thousand others might one day review them for you . . . with right bloody prejudice.

This topic is closed for new posts.

Other stories you might like