Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Steal $6.7M In Bank Cyber Heist

Posted by Soulskill on from the not-nearly-as-dramatic-as-a-regular-heist dept.

Orome1 writes "A perfectly planned and coordinated bank robbery was executed during the first three days of the new year in Johannesburg, and left the targeted South African Postbank — part of the nation's Post Office service — with a loss of some $6.7 million. The cyber gang behind the heist was obviously very well informed about the post office's IT systems, and began preparing the ground for the heist a few months before, by opening accounts in post offices across the country and compromising an employee computer in the Rustenburg Post Office."

17 of 91 comments (clear)

  1. "compromising an employee computer" by omganton · · Score: 4, Funny

    "Hey, can I check my Facebook real quick?"

  2. Re:Organized trolling campaign on Slashdot by alphatel · · Score: 3, Interesting

    He only expects further trolling, which has been granted.

    --
    When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
  3. Surprised it took so long for somebody to do this by gweihir · · Score: 4, Interesting

    I was part of a small team that described a pretty similar attack scenario to a customer almost 10 years back. It is no surprise at all that this worked and it would work in a lot of other places as well. The only really tricky part is coordinating the mules (and keeping them quiet) as you do not know how much money is available at each specific ATM. But you can guess by observing usage patterns (counting customers) and how often they are re-stocked.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  4. Summary is wrong by Smallpond · · Score: 4, Informative

    42m Rand is not 6.7m USD, it is more like 5.2m.

    1. Re:Summary is wrong by Anonymous Coward · · Score: 3, Funny

      Now just 4.3m, ... 5 minutes later
      2.1m, ...
      0.1m ...
      now you are better off burning it for heat than trying to pay your bills with it ;)

    2. Re:Summary is wrong by Formalin · · Score: 4, Informative

      That's Zimbabwe. SA, while experiencing considerable inflation in the 90's, is reasonably stable now, and no where near the level of inflation in zimbabwe.

      1 rand used to be worth around 1 USD, IIRC (apartheid era). inflation went up with political change, and by around 2000? it was 10 or so to a dollar, and is something like 6-7 these days. So 50-100% some years, less overall, which is bad... but not hyperinflation, where prices double in days or hours, instead of years (like in zimbabwe).

    3. Re:Summary is wrong by gstoddart · · Score: 3, Informative

      Seriously though, for currency, other than USD?
          Not if they want people to know what the hell they're talking about.

      Have you ever been outside of the US? Or are you just talking out of your ass?

      In Canada we have a dollar ... the symbol is the standard '$' used by most places that have currency they call dollars. There is no other symbol on the keyboard, the way you differentiate is something like "$100 CDN" -- and within Canada, we don't even do that.

      If it wasn't SOPA protest blackout day, you could read a list of places, but this will pretty much show you what is used. Almost 30 countries besides the US express their currency with the $ sign.

      I'm afraid if you're claiming that only the US dollar is described using the $ sign you're completely mistaken ... because it's a pretty widespread symbol.

      --
      Lost at C:>. Found at C.
  5. That's nothing by midtowng · · Score: 5, Insightful

    Wall Street CEO's have been stealing much larger amounts from their own banks for years.

  6. Re:Surprised it took so long for somebody to do th by NeutronCowboy · · Score: 3, Informative

    I'm much more surprised by the fact that they managed to take about 1% of the entire assets of the wanna-be bank. That's pretty disturbing - because that means that nothing was working right. Not their security, not their required privileges, not their fraud detection, nothing. Note to self: don't do business in SA.

    --
    Those who can, do. Those who can't, sue.
  7. FTFY by drainbramage · · Score: 3, Interesting

    Politicians have been stealing much larger amounts for years.

    --
    No brain, no pain.
  8. Re:How possible is it that it was an inside job? by nothajan · · Score: 4, Insightful

    How could an investigation rule out a possible inside job?

    In Soviet Russia, inside job rules out possible investigation.

  9. Dear Mr. South African Postbank Postmaster General by slas6654 · · Score: 5, Funny

    My very wealthy American uncle, who was the American consulate attache to Guyana, recently passed away. While we are very sad for his passing, he has left a great fortune in the Bank of Amerika that, unfortunately, cannot be transferred back to Guyana without completing the probate process. Since my wealthy American Uncle (Sam was his name) was too big to fail (er I mean die), I stand to inherit a great deal of wealth. I will gladly share with you this windfall at the Bank of Guyana if you will help me complete the probate. If you will kindly Paypal 52m Rand to help defray the cost of the probate, I will in turn send you 52billion US dollars. Please respond in confidence to my email address: Angelo.Mozilo@Countrywide.com.

  10. Re:And terrorists thank you for running windows by WindBourne · · Score: 3, Informative
    http://toolbar.netcraft.com/site_report?url=http://www.postbank.co.za
    And to back it up

    ....$telnet www.postbank.co.za 80
    Trying 165.8.13.24...
    Connected to www.postbank.co.za.
    Escape character is '^]'.
    GET / HTTP/1.0

    HTTP/1.1 404 Not Found
    Content-Length: 1635
    Content-Type: text/html
    Server: Microsoft-IIS/6.0
    X-Powered-By: ASP.NET
    Date: Wed, 18 Jan 2012 03:35:38 GMT
    Connection: close


    The page cannot be found
    ....

    Anybody running windows on their website is highly likely running it inside.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  11. Re:Organized trolling campaign on Slashdot by Samantha+Wright · · Score: 3, Funny

    Didn't you hear? Everyone else on the internet is just one big fat guy.

    --
    Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
  12. honestly, this has probably happened in the USA by decora · · Score: 4, Interesting

    im guessing that the main reason it seems like an 'unusual south africa thing' is because US banks never, ever talk about this kind of thing.

    partly out of embarassment, partly because the entire system is based on 'security through obscurity'.

    ----

    of course, oblig. comment about how thousands of US banks failed in 2008/9/10 due to the CDO fraud system - which directly involved and benefited the ratings agencies. but its almost like nobody cares about that. they care about 5 million stolen from ATMs, but not about 2 trillion stolen from the taxpayers.

  13. ...sigh... and they worked SO hard on the book. by Shadowruni · · Score: 4, Interesting
    Read "Stealing the Network: How to own a Continent"

    The whole book is this heist.

    Literally.

    Just check out the summary.

    The thing that makes this book series special is that they don't say, "I ran nmap and knew from the output they were running a webserver."

    They say "I ran nmap with 'sudo nmap -P0 -T3 -p 80 127.0.0.1 -oA localscan'

    And got:

    Starting Nmap 5.21 ( http://nmap.org/ ) at 2012-01-17 20:55 PST Nmap scan report for localhost (127.0.0.1) Host is up (0.000083s latency). PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds And could see from the line "80/tcp open http"

    http://www.amazon.com/Stealing-Network-How-Own-Continent/dp/1931836051

    //Has the whole series and still remembers the props I got from Blue bore.

    ///Yes I know the example is a bit contrived but that is exactly how they present information in the series and I learned a lot from it.

    --
    "Chinese Amazons, power armor, laser swords.... things just meant to be." - Shampoo, A Very Scary Bet
  14. Re:Surprised it took so long for somebody to do th by b0bby · · Score: 3, Informative

    It didn't:
    http://inaudit.com/audit/it-audit/online-theft-that-sucked-13m-from-financial-firm-in-florida-unmasked-9888/
    This was in Florida last year.