Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keylogging Used To Catch Bank Crackers

Posted by Zonk on from the valuable-bits dept.

An anonymous reader writes "BBC News is reporting that the British police National High Tech Crime Unit has foiled an attempted fraud by hackers using keylogging software. The London branch of the Sumitomo Mitsui bank of Japan was the target, and a person has been arrested in Israel after being identified as the recipient of an attempted electronic transfer of UKP13.9m."

13 of 190 comments (clear)

  1. Even the submitter didn't read the article!! by REBloomfield · · Score: 5, Insightful

    The crooks were the ones using the keyloggers, not the people who caught them!!!!!!

    1. Re:Even the submitter didn't read the article!! by lucabrasi999 · · Score: 4, Insightful

      The editor didn't read it, either.

    2. Re:Even the submitter didn't read the article!! by akintayo · · Score: 4, Insightful

      This seems to a case of a badly constructed sentence, rather than the submitter not understanding the article.

      --
      Woe be on to them, all who rise against poor people, shall perish in a the end. Buju Banton
  2. Too much by turtled · · Score: 2, Insightful

    Man, trying to get into bank records? You know everything is logged somehow. It scares me to think about 2 things... 1, life in prison, and, 2, with that much money, it draws suspicion, so, you really can't spend it.

    --
    "I cannot think of any need in childhood as strong as the need for a father's protection." -- Sigmund Freud
  3. How would they do this? by gstoddart · · Score: 4, Insightful

    How do you manage to get key-logging software onto a bank system without physical access?

    Is this more examples of social engineering, or would this have required physical access to the computers? [ I'm assuming here that the general bank computers aren't all on the interweb ]

    Scary as hell that someone (almost) managed to do this.

    --
    Lost at C:>. Found at C.
    1. Re:How would they do this? by Silver+Sloth · · Score: 2, Insightful
      The usual methods
      • Overworked techie department employs consultants without sufficient vetting
      • Disgruntled and overworked techie is approached by bad guys
      • Overworked techies release system into 'live' without sufficient testing/hardening due to presure to complete by deadline
      Do you see the common thread?
      --
      init 11 - for when you need that edge.
  4. Blinks behind the mask by Doc+Ruby · · Score: 5, Insightful

    The ambiguous story description could be interpreted to mean either that the crackers installed the keylogger, or that they were caught by keyloggers. Any sensible reader would know that the crackers probably weren't caught by keyloggers, because they'd already have too much access by that point. But even just reading the story shows that their attack was by keylogger, not their capture.

    Now it's obvious: Slashdot submission approvers (staff "authors" who vet the submission queue, to approve stories for publication) just read the text, and decide whether the story is interesting. They don't click the links, they don't think about whether anything makes sense. It really looks like Slashdot's submitters are higher quality than the editors who decide what to publish. And even worse, the editors seem to have the quality of a lower tier of Slashdot readers: grab the most inflammatory interpretation of a post, and run with it - without regard to the facts, or even just the story itself.

    For all Slashdot's championing of the "open" community, we know very little of how the editorial process works. How many editors? Do they know each other? See each other, or work remotely? Is there an editorial policy, written or by "rolling consensus"? Are their criteria? What's the process like? With the published Slashcode so old, there's no way to know details about the queue process even by looking at "the" software. So what goes on there behind the curtain?

    --

    --
    make install -not war

  5. I fail to understand by hsoft · · Score: 3, Insightful

    I fail to understand how such thing is possible, and I would appreciate explanations.

    For example, if someone gets my bank account user/pass and logs into my bank account, transferring all my money into his account. When I see this, I will sure call my bank saying that this was an unauthorized transaction, and this transaction should be void, no? Besides, the thief reveal himself by specifying the destination account, no?

    --
    perception is reality
    1. Re:I fail to understand by Tenebrious1 · · Score: 2, Insightful

      When I see this, I will sure call my bank saying that this was an unauthorized transaction, and this transaction should be void, no?

      Where's the proof that it was unauthorized? Only you had access to your account, and only you had rights to transfer the money. So, unless you can prove the account had be compromised, no, there's no recourse. And even if there's proof, the money is gone, there's no "voiding" the transaction. The only thing you might be able to do is sue the bank to try to recover the money.

      Besides, the thief reveal himself by specifying the destination account, no?

      Not really; the money usually gets transferred from a respectable bank to a smaller bank so it doesn't look too shady, then from the smaller bank overseas; once the money goes overseas to the shady bank it's gone.

      --
      -- If god wanted me to have a sig, he'd have given me a sense of humor.
  6. Re:Abbreviation correction by justanyone · · Score: 2, Insightful

    Yuck! Slashdot's machinery cut up those links. Here they are again:

    The official 4217 list of currency codes is at here

    The official ISO 3166 Country codes list is at:
    here.

    --
    Unitarian Church: Freethinkers Congregate!
  7. NO, THE ARTICLE IS INCORRECT... by BarryNorton · · Score: 3, Insightful

    The article includes its own title. Unless this is changed to 'Keylogging Used By Caught Bank Crackers' it remains incorrect.

  8. Keylogging Used To Catch Bank Crackers = WRONG by KingFatty · · Score: 2, Insightful

    Creative parsing on your part cannot save you.

    The title "Keylogging Used To Catch Bank Crackers" is indisputably wrong, no matter how you parse it.

    Furthermore, you have introduced your own parsing bias in the first non-comma sentence. The fact is the non-comma sentence does not have one difinitive meaning, and you are just telling us what it means through your assumed meaning.

    The fact is you cannot indisputably say that the word "using" applies to the hackers and not the Crime Unit - the only thing supporting that interpretation is the adjacency between hackers and using, and as you illustrate with commas, the sentence can be parsed without commas such that the using applies to the Crime Unit.

    It's like saying "Criminal killed her using steak knife". In that sentence you cannot know whether I meant the criminal used the steak knife, or the woman was cutting her steak using her steak knife when she was killed with, say, a bullet from the criminal's gun.

    So, if you take this ambiguous sentence, and combine that with the indisputably wrong title of "Keylogging Used To Catch Bank Crackers", then you cannot come to your conclusion that the editor of the article is correct.

  9. Re:Question about Key Logging software by merreborn · · Score: 2, Insightful

    If your password is in a text file, there are a lot simpler ways for attackers to get at it then via keyloggers.