Cyber-gangs are raiding U.S. companies' bank accounts

Source: Los Angeles Times

Scammers from Eastern Europe typically install malware and pull money out in increments, a financial industry group says. One Texas firm lost $1.2 million, and a school district had $700,000 stolen.

August 27, 2009


Washington - Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States, setting off a multimillion-dollar online crime wave that has begun to worry the nation's largest financial institutions.

A task force representing the financial industry sent out an alert last week outlining the problem and urging its members to implement many of the precautions now used to detect consumer bank and credit card fraud.

"In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium-sized businesses," the confidential alert says.

The alert was sent to members of the Financial Services Information Sharing and Analysis Center, an industry group created to share data about threats to the financial sector. The group is operated and funded by such financial heavyweights as American Express Co., Bank of America Corp., Citigroup Inc., Fannie Mae and Morgan Stanley.


Read more: http://www.latimes.com/business/la-fi-cybergangs27-2009aug27,0,4727823.story

Glad I switched to a Mac. Not foolproof but more secure than PCs.

Real internet security is expensive and labor intensive. The vanilla internet is both unreliable and insecure. If the big money boys want to play safely on the internet, they need to get a lot more serious about encryption as applied to authentication and authorization, keyrings and digests and all that good stuff.

I do infosec for a living, and for many years worked for one of the largest and oldest vendors of information security products. I used to do a talk that talked about the human factor: basically, that people are the weakest link in the chain, not technology. When I talked to corporate IT people, here was the line in my talk that used to hit home the hardest:

"I'd like you to think about the stupidest user you support - and you know you have one. I'm talking about the person who calls you, and when you see their extension show up on your caller ID, you feel your blood run cold, knowing full well that this call is going to consume an inordinate amount of your day. Every organization has one of these people, and I'm sure this company's no different. Now, what you need to realize, is that that user, the most computer-illiterate person in your company, is the only thing standing between your network, and the bad guys. If that doesn't scare you, you're in the wrong business."

Network technology is not the weak link. It's people - because you can't patch stupid.

Especially if you are going to play with large amounts of money on the internet. But as I said, it is expensive and labor intensive.

Please accept my sympathies, I do know what you are talking about.

Thanks for putting it so succinctly.

Corporate cybersecurity isn't the NSA's mandate. They do set cybersecurity standards that are used throughout the government and by some (but not all) large corporations, but there is no government agency charged with this stuff. Companies (and individuals) are responsible for their own self-defense on the Internet.

even before 9/11?