Slashdot Mirror

← Back to Stories (view on slashdot.org)

Three Banks Lose Millions After Wire Transfer Switches Hacked

Posted by Soulskill on from the we're-all-choked-up,-really dept.

mask.of.sanity writes "Criminals have stolen millions from three unnamed U.S. banks by launching slow and stealthy denial of service attacks as a distraction before attacking wire payment switches. The switches manage and execute wire transfers and could have coughed up much more cash should the attackers have pressed on. RSA researcher Limor Kessem said, 'The service portal is down, the bank is losing money and reliability, and the security team is juggling the priorities of what to fix first. That's when the switch attack – which is very rare because those systems are not easily compromised [and require] high-privilege level in a more advanced persistent threat style case – takes place.'"

8 of 179 comments (clear)

  1. Smart Criminals by Fluffeh · · Score: 5, Insightful

    I like stories like this. If something is done really well and in a clever way (whether it was really being naughty or not) the effort, cleverness and ingenuity should indeed have its merits praised. Slashdot should have more stories like this: Hey, they did a bad thing, but look at just how WELL they did it.

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
    1. Re:Smart Criminals by Anonymous Coward · · Score: 5, Funny

      I once stalked a woman for fifty years before making my move. It was a beautifully coordinated attack that required no less than sixty seven coincidences to occur at once. Once I have her isolated, I realized that she was like ninety, so I gave up and left. Kind of a let down. Just one of the downsides of being a vampire I guess.

    2. Re:Smart Criminals by ls671 · · Score: 5, Insightful

      Where do you think those US banks are going to take the money to make it up? In their customer pockets maybe? It's like insurance fraud, shoplifting etc. The end consumer ends up paying for that. We might think; well they already make enough money so, good for them but don't let that fool you. They are going to make up for that to keep investors happy and their stock healthy.

      Worse, they may have insurance coverage and insurance companies may raise premium for all banks making sure everybody pays for it.

      Sure, it looks nice as a hacker movie scenario although...

      --
      Everything I write is lies, read between the lines.
    3. Re:Smart Criminals by tuo42 · · Score: 5, Funny

      *clear throat

      *taptap...onetwo...thisthingon?...taptap...onetwothree...good

      *clear throat again

      Ladies and Gentlemen, I present to you: the car analogy for our topic tonight

      It's like...with the police behind following you in your car...

      blinking left, but taking a right turn!

      *badabumm

      Thank you, thank you, I'm here all night.

  2. Re:stealthy? by morcego · · Score: 5, Interesting

    slow and stealthy denial of service attacks

    I don't think a DOS can be stealthy......if it's denying service, are people going to notice?

    A stealthy DOS is when the attack looks like a normal occurrence, and not an attack. It is not the DOS that is stealthy, it is the attack or, rather, the reason for the lack of service.

    It is a very neat thing, actually. Say you have a very long, segmented fence. There are 1000000 segments, and every day 1 of those will break and stay broken for 10 seconds. You can't explore that, because it is random, and you can't try all 1000000 segments in 10 seconds. However, if you can force the dice and make a specific segment tail, you can be there and exploit it, because you know which one and when. To the external observer, however, it was just a normal, run of the mill segment fail.

    It is the same concept. The failure is there, they notice it, but it is done in such a way they don't notice it is an attack.

    --
    morcego
  3. Re:And now to our resident expert: by muphin · · Score: 5, Funny

    He's currently in jail for speaking up against the banks, ya know.. letting those terrorists know about the loopholes so they can exploit it

    --
    It's not a typo if you understood the meaning!
  4. Halarity ensues... by MobSwatter · · Score: 5, Funny

    Crooks robbing crooks...

  5. You be amazed by LordWabbit2 · · Score: 5, Interesting

    You would be amazed - or maybe shocked - to see some of the banking systems out there. I have worked for several financial institutions and their systems are usually very very old legacy crap stuck together with bubble gum and faith. One place was dealing with 70% of the countries financial messaging and they were not using transactions, if there was a problem (and there often was) messages were lost. Asked if I could change it to use transactions, couple lines here, couple lines there.
    NO.
    Why?
    Cost to test would involve the entire country and would cost millions.
    OK.
    So they are still losing messages.

    --
    There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.