City Almost Loses 450K to Keylogger

SierraPete writes "The city of Carson, California (a suburb of Los Angeles) was the target of a 6-digit theft of cash. The LA Times reports that information taken from a keylogger was used to attempt to steal $450K from the city's treasury. Quick work by the city froze most of the funds, but it drives home the importance of keeping good anti-spyware and anti-virus software updated on both corporate systems as well as systems being used from home."

Physical Keylogger

[wdr1]

Ummmm... how exactly would having anti-virus or anti-spyware stop things, if it's a physical keylogger?

Do you know how these things work?

Re:Physical Keylogger

[ajanp]

There's no mention of the method used to install the keylogger onto the treasurer's computer. They mention it was a laptop, but its a pretty far leap to assume that the hacker used a physical keylogger when the entire thing is just as likely, if not more so, to have been done remotely.

It's also probably worth mentioning that the keylogger was likely active for atleast a minimum of a day or two, likely much longer, considering it's mentioned that the keylogger tracked the treasurer's keystrokes until the hacker discovered the appropriate passwords AND the hacker stole the money over a couple days. With this longer exposure, especially if the keystrokes were being monitored remotely, there's a good chance that an anti-virus program with heuristics scanning running in the background (or atleast a decent software firewall) could have flagged the suspicious behavior and perhaps identified the keylogger program being used.

At the least, I think the poster is trying to convey that proper computer security could have helped to secure the computer and identify the problem earlier (the larger amount of 358,000 was stolen on the second day) or helped stop it outright.

Re:Physical Keylogger

[pionzypher]

As the other replies have stated, I don't remember them mentioning a physical keylogger. They do exist though. They sit in between the keyboards ps/2 plug and the systems ps/2 slot (USB varieties work the same). It looks like they just intercept and log the keystrokes, no software to detect on the host pc and no login needed.

Re:Physical Keylogger

[jimicus]

You know what I reckon?

Keylogger was probably installed through some kind of widespread trojan - be it email or compromised website. My favourite is website, because that requires slightly more sophisticated monitoring to do the job properly than an email system, particularly if you give people laptops and let them take the laptop home and connect to their employer through a VPN.

One of two things is possible from this point:

1. Hacker was specifically targeting the treasurer's department. Regardless of the methodology you can use, there's only so much you can do against a really determined hacker, and they'll probably never catch the perpetrator unless they made a really basic error.
2. Keylogger is/was very widespread, and phones home with details of what it's logged on a regular basis. Tie that up with a bit of judicious grepping back home, and you've got a very effective mechanism for finding all sorts of interesting information. The person/team behind this keylogger saw details coming in from a computer owned by a city in California and thought all their Christmases had come at once - access to a public purse which they didn't expect to be very well protected.

My money's on 2.

Re:Physical Keylogger

[gilgongo]

how exactly would having anti-virus or anti-spyware stop things

Well said! The notion that desktop computing in the Internet age would be problem-free if only everyone installed anti-malware software is completely bogus and doesn't even stand up to the slightest scrutiny. Everyone and is dog runs anti-malware (you can't buy a new PC without the stupid stuff literally flying out of the screen at you the minute you boot it up), and everyone and his dog is hideously infested with malware. Talk about brain-dead commentary!

Damned politicians

[nurb432]

"The treasurer said she is now determined to try to write legislation that could prevent this kind of computer piracy. "

Theft is already illegal, why do we need yet another law? Just enforce the ones we have now!

Re:Damned politicians

[dreamchaser]

Because if they run out of redundant laws to pass they will be out of work.

Re:Damned politicians

[C0R1D4N]

That would be a good law/policy/ordinance, no?

Yes it is, which is exactly why it'll never happen

Re:Damned politicians

[asninn]

And also because she wants to get reelected, and for that, she needs to show the Joe Sixpacks who're infuriated now that OMGhackers stole their hard-earned tax dollars that she's doing something.

Think of it as political security theatre and/or CYA security - it doesn't actually do anything, but it mollifies the mob, and it allows her to point at the newly-passed laws and say "but I did something, you can't blame me!" when the same thing happens again later on.

Fscking dumb

[kosmosik]

> but it drives home the importance of keeping good anti-spyware and anti-virus software updated
> on both corporate systems as well as systems being used from home.

No. It drives the importance on controlling the flow of public money. If one person be it a president of California or what you call him, can make significant money transfers that are not audited and open that is something wrong with your system. Yes you fscking can make that bank *calls* you to approve any transfer above some ammount. Yes you can make that public transfers are open and visible.

So it is nothing to blame about the software since it is obvious that Windows in hands of non-technical people is insecure. The person making transfers should use different laptop perhaps? The one that IT department cares of not the one that he browses pron from?

It is just an example how retarded and uneucated people who have power to spend public money are.

Re:Fscking dumb

[_Sharp'r_]

In the nonprofit school that I'm on the board of, our policy is that anything over a certain amount must be approved and signed by multiple officers, up to all four main officers for really large amounts.

What kind of idiot sets up a financial system for a city (that deals with a lot more money that we ever will) in which one user can on their own authority transfer over a quarter of a million dollars to a random bank account? Whoever the controller for the city is should probably be fired at this point.

Even if you have an electronic system, it's WAY more secure to require multiple approvals. For a really large amount, why not pay someone a wage for the five minutes it takes to verify it with authorized individuals?

Think about it. If the guy who installed the keylogger can do this, what would stop the treasurer themselves from doing it at any time, since they apparently have the ability to transfer all the money they want to whomever they want? Or an IT person with even easier access to their computer?

There is no way to protect yourself

[QuantumG]

it drives home the importance of keeping good anti-spyware and anti-virus software updated on both corporate systems as well as systems being used from home. Uhh, no. If the keylogging software is some off the shelf crap, sure, that might work, but if it is something the attacker has written specifically for this attack, forget it. We don't live in a world where software is assured. You can't ever say "my keystrokes are on a secure path". Although, two factor security things like RSA's Secureid can help.

Because laws sure do _prevent_ things...

[Darlantan]

The treasurer said she is now determined to try to write legislation that could prevent this kind of computer piracy.

Yeah, because laws sure do stop those criminals from, you know, breaking the law.

When are politicians going to wise up and realize that laws don't stop criminals from doing anything, they just offer a means of punishing them _if_ they get caught after the fact? Completely different methods are required to prevent these kind of things -- like proper security procedures, in this case.

Well, well...

[GFree]

If only the treasury had been using Vista, at least someone would have been to blame for clicking "Accept". In this case no-one could admit ignorance by saying the keylogger just slipped through the net; SOMEONE would have had to click that damn button.

God I'm going to hell for writing that, and I'm a Linux user.

Of course we need more legislation - that'll work.

[Boricle]

From the article:

The treasurer said she is now determined to try to write legislation that could prevent this kind of computer piracy.

* sigh *

Because people who would try and steal some $450,000 are going to be stopped by legislation making it even more illegal.

Maybe something like two factor authentication would be better? That way different numbers are needed every time. And better security on the laptop perhaps? Non administrator priviliges. Not allowing people to install software? All quite doable.

Sure, blame the criminals, but maybe the doors should be bolted too?

Re:My god, the simplest things...

[unick]

You forgot: 8. Do not re-use passwords. Of the gazzilion profiles I needed to create on the web there are not 2 with the same password. Use a "system" that will help remember the password, e.g.: fixed password + website acronym + another fixed password. I.e. 'foohmbar' as a password for hotmail, 'foogmbar' for gmail, etc. Or any other system that suits you.

Re:ha ha.

twitter, please read this carefully. Following this advice will make Slashdot a better place for everyone, including yourself.

• As a representative of the Linux community, participate in mailing list and newsgroup discussions in a professional manner. Refrain from name-calling and use of vulgar language. Consider yourself a member of a virtual corporation with Mr. Torvalds as your Chief Executive Officer. Your words will either enhance or degrade the image the reader has of the Linux community.
• Avoid hyperbole and unsubstantiated claims at all costs. It's unprofessional and will result in unproductive discussions.
• A thoughtful, well-reasoned response to a posting will not only provide insight for your readers, but will also increase their respect for your knowledge and abilities.
• Always remember that if you insult or are disrespectful to someone, their negative experience may be shared with many others. If you do offend someone, please try to make amends.
• Focus on what Linux has to offer. There is no need to bash the competition. Linux is a good, solid product that stands on its own.
• Respect the use of other operating systems. While Linux is a wonderful platform, it does not meet everyone's needs.
• Refer to another product by its proper name. There's nothing to be gained by attempting to ridicule a company or its products by using "creative spelling". If we expect respect for Linux, we must respect other products.
• Give credit where credit is due. Linux is just the kernel. Without the efforts of people involved with the GNU project , MIT, Berkeley and others too numerous to mention, the Linux kernel would not be very useful to most people.
• Don't insist that Linux is the only answer for a particular application. Just as the Linux community cherishes the freedom that Linux provides them, Linux only solutions would deprive others of their freedom.
• There will be cases where Linux is not the answer. Be the first to recognize this and offer another solution.

From http://www.ibiblio.org/pub/linux/docs/HOWTO/Advoca cy