Slashdot Mirror
City Almost Loses 450K to Keylogger
SierraPete writes "The city of Carson, California (a suburb of Los Angeles) was the target of a 6-digit theft of cash. The LA Times reports that information taken from a keylogger was used to attempt to steal $450K from the city's treasury. Quick work by the city froze most of the funds, but it drives home the importance of keeping good anti-spyware and anti-virus software updated on both corporate systems as well as systems being used from home."
"The treasurer said she is now determined to try to write legislation that could prevent this kind of computer piracy. "
Theft is already illegal, why do we need yet another law? Just enforce the ones we have now!
---- Booth was a patriot ----
Well, you've heard of a "five finger discount", right? Maybe this guy had a birth defect.
...the future crusty old bastards are already drinking the Kool-Aid.
> but it drives home the importance of keeping good anti-spyware and anti-virus software updated
> on both corporate systems as well as systems being used from home.
No. It drives the importance on controlling the flow of public money. If one person be it a president of California or what you call him, can make significant money transfers that are not audited and open that is something wrong with your system. Yes you fscking can make that bank *calls* you to approve any transfer above some ammount. Yes you can make that public transfers are open and visible.
So it is nothing to blame about the software since it is obvious that Windows in hands of non-technical people is insecure. The person making transfers should use different laptop perhaps? The one that IT department cares of not the one that he browses pron from?
It is just an example how retarded and uneucated people who have power to spend public money are.
"You have six fingers on your right hand. Someone is looking for you."
It is easier to build strong children than to repair broken men. -Frederick Douglass
If only the treasury had been using Vista, at least someone would have been to blame for clicking "Accept". In this case no-one could admit ignorance by saying the keylogger just slipped through the net; SOMEONE would have had to click that damn button.
God I'm going to hell for writing that, and I'm a Linux user.
It's also probably worth mentioning that the keylogger was likely active for atleast a minimum of a day or two, likely much longer, considering it's mentioned that the keylogger tracked the treasurer's keystrokes until the hacker discovered the appropriate passwords AND the hacker stole the money over a couple days. With this longer exposure, especially if the keystrokes were being monitored remotely, there's a good chance that an anti-virus program with heuristics scanning running in the background (or atleast a decent software firewall) could have flagged the suspicious behavior and perhaps identified the keylogger program being used.
At the least, I think the poster is trying to convey that proper computer security could have helped to secure the computer and identify the problem earlier (the larger amount of 358,000 was stolen on the second day) or helped stop it outright.
File Deletion is Murder.
Before I 'retired' to fix home PCs, I was the alpha geek on a Help Desk.
A guy called, infested with spyware... I started poking around, and found a text file. Before I continued, I called the Help Desk manager over, and put the client on speaker:
"Um, sir, do you bank at Bank of America?"
"Yeah, why?"
"Is your password 'Snoopy67'?"
Since then, I've found a few dozen files with clear-text keylogger yields... and thousands of log files filled with coded stuff that could be anything.
450K should be enough for anyone!
*''I can't believe it's not a hyperlink.''