Slashdot Mirror
Bank Hackers Steal Millions Via Malware
An anonymous reader writes: When cybersecurity firm Kaspersky Lab was called in to investigate ATMs that had begun dispensing cash without input from users, they expected to find a simple problem. Instead, they found the ATMs were just the tip of the iceberg. The bank's internal computer systems were completely compromised, and in addition to the slow but steady siphoning of funds through physical machines, a criminal group was quietly transferring millions of dollars into foreign bank accounts. A report set to be published on Monday shows the attack extended to over 100 banks in 30 nations.
"Kaspersky Lab says it has seen evidence of $300 million in theft from clients, and believes the total could be triple that. But that projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms." Kaspersky Lab is unable to name the banks involved because of non-disclosure agreements, and no banks have come forward to acknowledge the breach. "The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing."
"Kaspersky Lab says it has seen evidence of $300 million in theft from clients, and believes the total could be triple that. But that projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms." Kaspersky Lab is unable to name the banks involved because of non-disclosure agreements, and no banks have come forward to acknowledge the breach. "The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing."
William K. Black
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
The theory behind "not naming banks" is that if named, people would leave the bank and go to another one.
Why are banks allowed to do this? This completely negates the "vote with your wallet" power that the public should have.
Right, because no one has ever stolen bitcoin by hacking into a computer and emptying accounts... oh wait...
..... Wait, what?
Oh. Nevermind then.
Printing money like crazy is just a different kind of robbing. But the Fed actually was more clever than that. They printed $2 Trillion while incenting banks to deposit $2 Trillion in reserves with the Fed, thus enabling the government's spending addiction without expanding the money supply. That part was clever. What happens once banks decide to start investing that money they have parked with the Fed is anyone's guess.
Did the Fed invent a new way to support deficit spending in a downturn, or a new way to destroy a currency through hyperinflation? Only time will tell, but kudos for at least trying something new.
(BTW, the Fed didn't buy so much in the way of direct mortgage debt as it did complicated mortgage-backed securities of dubious value. The Fed shouldn't have bailed out anyone. Every single bank involved in those securities should have been allowed to collapse (nothing of value would have been lost), and everyone who signed for a mortgage they couldn't possibly pay deserves bankruptcy. It's not like we have debtors prison: you're clear of bankruptcy after a few years, and maybe learn a thing or two about living within your means in the widow when you can't borrow money.
Socialism: a lie told by totalitarians and believed by fools.
The internet was designed to be amazingly robust, able to successfully get a message through a nuked-out infrastructure -- point A to point Z via any number of non-predetermined intermediate points. It was not designed to be secure because such security wasn't deemed necessary to the completion of the mission of getting a message to point Z from point A regardless the damage inbetween the two points.
What security it does have has been bolted on after-the-fact much like bolting a wind spoiler onto a Volkswagen Beetle. and with pretty much the same comical effect. "Secure" internet will require some serious redesign at the various hardware and sofware levels before it can be secure.
An interesting question is whether or not it can be both very robust and very secure at the same time?
My point being that the warnings about the above were made loud and clear in the mid-1990s when the internet was "discovered" by the citizenry and the commercial interests and yet everyone yelled "Full speed ahead!" and so here we are.
Everything in the Universe sucks: It's the law!
The money for quantitative easing was created, not taxpayer-funded.
How'd that work out for the Wiemar Republic?
Do note that I'm a knee-jerk anti-Fed zealot, I think most of those people are hopelessly naive at best. It just remains to be seen whether or not QE is a long term success or simply masked fundamental structural problems that will re-emerge at a later date. It's worth noting that our cheap money policy has virtually destroyed every form of investing other than stocks; I can't find any "safe" investments that can keep pace with inflation right now, can you? Wall Street sure is profiting from QE, I'm not so certain about Main Street. This is a very disturbing trend that few people are talking about, one that we're not likely to reverse so long as there's no incentive (near 0% interest rates) to save money and every policymakers response to a recession is "consume, consume, consume!"
Mark your calendar and we'll come back to this discussion in 10 or 15 years to find out what happened.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.