Slashdot Mirror

← Back to Stories (view on slashdot.org)

Citibank Denies Reported Breach Linked To Russian Gang

Posted by kdawson on from the no-russians-in-here-no-siree dept.

alphadogg writes "US authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by criminals using Russian software tailored for the attack, according to the Wall Street Journal (subscription required to access that link — CNET's coverage here). The security breach at the major US bank was detected mid-year based on traffic from Internet addresses formerly used by the Russian Business Network gang, the WSJ reported today, citing unnamed government sources. The Russian Business Network is a well-known group linked to malicious software, hacking, child pornography, and spam. The FBI is probing the case, the report said. It was not known whether the money had been recovered and a Citibank representative said the company denied any system breach or losses, according to the report."

22 of 53 comments (clear)

  1. Paywalls suck by TSHTF · · Score: 5, Informative

    Article is behind a paywall. Search for it with Google News, and the WSJ will let you read it all.

    1. Re:Paywalls suck by DarkTempes · · Score: 2, Informative

      Looks like it checks for a Referer: with http:// and google anywhere in the domain name as long as it's before another forward slash. Referer: http://notgoogle.com and http://not.comgoogle works but http://not.com/google doesn't.

      Anyway, for those of us who disable referers from headers the google news method won't work either ;)

  2. WSJ article was misleading by plover · · Score: 5, Insightful

    The reporter was trying to link a bunch of separate things together.

    1. Black Energy conducted a DDoS against Citibank, but did not steal tens of millions of dollars from them.

    2. Last year, Citi lost tens of millions of dollars from skimmers attached to ATMs.

    3. The hacker Cr4sh is the author of Black Energy, but there is no evidence he was involved in the attack on Citi.

    There is nothing relating these three incidents other than the wishes of an aggressive reporter wanting to build some kind of story against City; *perhaps* he's trying to pump up a case to make it appear they are risking bailout money. But at least when I type this kind of crap I'm labeling it for what it is: PURE SPECULATION.

    --
    John
    1. Re:WSJ article was misleading by Anonymous Coward · · Score: 5, Insightful

      The thing the banks really don't talk about is that losses from in-house embezzlers far exceed losses form outside agents. And of course we won't speak of the enormous losses caused by management greed and stupidity.

    2. Re:WSJ article was misleading by Alwin+Henseler · · Score: 4, Insightful

      2. Last year, Citi lost tens of millions of dollars from skimmers attached to ATMs.

      2. Last year, Citi customers lost tens of millions of dollars from skimmers attached to ATMs.

      (emphasis mine)
      Not individually, but as a group customers always pay the bill for incompetent management / inadequate security.

    3. Re:WSJ article was misleading by Pinky's+Brain · · Score: 2, Insightful

      How exactly would it recoup it's losses from customers? By lowering it's interest rates? If it could increase profits by doing that they would already have done so.

      Directly only the investors lose out.

    4. Re:WSJ article was misleading by plover · · Score: 2, Insightful

      The thing the banks really don't talk about is that losses from in-house embezzlers far exceed losses form outside agents.

      Really? Have you recent facts to back that claim up? It may have been true in the 1950s, but is it still true in today's world, where a hacker can gain essentially "insider" authority?

      And of course we won't speak of the enormous losses caused by management greed and stupidity.

      There's an assertion I don't have to ask you to back up, as it's been pretty well covered in the press. But there's a lot of greed and stupidity going around, and some of it comes from the shareholders, Congress, lawyers, etc. It's not just limited to management.

      --
      John
    5. Re:WSJ article was misleading by FooAtWFU · · Score: 2, Insightful
      For the bigwigs: Why embezzle when you can go legit and get the board to pay you snazzy seven-figure bonuses for your continued, valuable contributions to the company's bottom line? I don't think taking that sort of a gamble is consistent with your probable risk profile. Maybe if you're Bernie Maddoff and your firm has lost a ton of money and are too attached to your career and terrified of professional embarrassment or something, but even that's more outright fraud than embezzlement.

      For the medium-wigs: Just how much do you think you could get away with embezzling? You probably don't have *that* great of access to funds. And do you really think the bigwigs don't have people watching you pretty carefully when you're trying to make off with company money?

      For the not-so-big-wigs: Do you even have access to embezzling money?

      --
      The World Wide Web is dying. Soon, we shall have only the Internet.
  3. In other news... by tyroneking · · Score: 4, Interesting

    ... the US and UK public are asking for an investigation into the apparent transfer of billions of dollars of public money to major banks. No-one is probing the case and yet the govt and banks are not denying any breach of the political and economic systems.

  4. Citibank != Russian Gang ? by PolygamousRanchKid+ · · Score: 4, Interesting

    I honestly thought they were one and the same.

    Maybe someone can enumerate for me, the differences between Citibank and a Russian Gang . . .

    Rips off governments for millions . . . check

    Rips off people for millions . . . check

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    1. Re:Citibank != Russian Gang ? by _merlin · · Score: 2, Insightful

      Speak with awesome hardarse Russian gangster accents ... fail

  5. Use the chinese software instead by MichaelSmith · · Score: 2, Informative

    The Kuang Grade Mark Eleven Penetration Program is the way to go. But you need a live person at the controls. Not a flatline, because Neuromancer knows his every move in advance.

    --
    http://michaelsmith.id.au
    1. Re:Use the chinese software instead by Gilmoure · · Score: 2, Informative

      Yeah, but not if you're running it on a Ono-Sendai 6 with just tactile feed back. You need full emersion to do it right.

      --
      I drank what? -- Socrates
  6. Cash loss is better than trust lost by assemblerex · · Score: 5, Insightful

    Cash is replenishable, trust is not as it has to be earned.

  7. Denial seems to be in this year by HangingChad · · Score: 2, Insightful

    Citibank representative said the company denied any system breach or losses, according to the report.

    My web host provider *cough*inmotion*cough* got hacked a couple months ago and they denied it across the board, tried to turn it back on the users by claiming all the accesses were routine FTP connections.

    Makes me wonder if denial is the new trend?

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
  8. Great points, plover! by sgt_doom · · Score: 4, Informative

    And speaking of PURE SPECULATION, which is what Citi does through it's energy/oil speculating subsidiary, Phibro, everyone knows Citi pissed away all their money by their purchase of all those credit default swaps and other categories of credit derivatives; thereby giving those enormous fortunes to the Robert Rubin family (and the others who are now members of the George W. Obama Administration.....)

  9. Wall Street Journal - lousy reporting at its best by securaty · · Score: 3, Informative

    I read WSJ article and I had to chuckle. What a poor excuse for a story. It doesn't sound like anyone targeted Citibank. They are one of dozens of other banks who were victimized by a gang of Ukrainian (NOT Russian) criminals. As far as I know, hundreds of small and medium business have been vandalized by the same gang on individuals targeting individual systems with malware. Brian Krebs from Washington Post covered this months ago. WSJ story is a bad knock off without facts and originality.

  10. Re:Wall Street Journal - lousy reporting at its be by Jeremy+Erwin · · Score: 2, Informative

    Brian Krebs from Washington Post covered this months ago
    On slashdot, it's considered polite to use the anchor tag.

  11. Can the FBI/CIA actually do anything about it? by HockeyPuck · · Score: 3, Interesting

    Let's say it actually was a "Russian Gang" operating out of say, Russia. What can US Gov't agencies do against this? Can they do anything within the law besides call up Russia and tell them to 'take care of it.' It's not like we can drop commandos into Russia and go after them, nor can we launch electronic attacks on this gang (act of futility).

    According to the US Constitution, Section 8, Congress has the power to provide for the common Defense and general Welfare of the United States.

    I see this type of activity as an attack, just because it's two private entities, this IMHO is no different than if SAP tried to hack into Oracle.

    Hey Fed, I'm sick of US companies wasting time, money and effort to deal with these people bent on conducting electronic warfare.

    As a side note, I wonder how much $$ is wasted in terms of extra capacity (servers, network, CPU, power) is needed by US companies to deal with all this BS (spam, people hacking in etc..) floating around the internet.

    I once heard a presentation by a guy at Yahoo who managed a few of their datacenters. When asked about how they deal with DOS attacks his response was that they had more computing capacity then the internet could deliver to them, so they just absorb whatever attacks are sent their way.

    1. Re:Can the FBI/CIA actually do anything about it? by witherstaff · · Score: 2, Insightful

      Since when has congress cared about that old thing called the constitution? It sure hasn't stopped them with health care "reform".

  12. How do these attacks work? by beachdog · · Score: 2, Interesting

    So what is the attack system used to get "tens of millions of dollars"?

    Do they collect 10,000 user names and passwords from personal computer users?

    Do they somehow take over a merchant deposit account and transfer funds out of it?

    Do they emulate a bank-to-bank transaction and modify the bank-to-bank back end transaction?

  13. Gotta love the doublespeak by Weaselmancer · · Score: 3, Funny

    The FBI is probing the case, the report said. It was not known whether the money had been recovered and a Citibank representative said the company denied any system breach or losses, according to the report.

    There was no system breach! And the money was probably recovered anyways!

    --
    Weaselmancer
    rediculous.