60 banks hacked, millions stolen! | Bitcointalksearch.org

bitdragon

hero member

Activity: 609

Merit: 501

peace

Quote

The details of the global fraud come just a day after the MI5 boss warned of the new cyber security threat to UK business.

Oh those coincidences remind me of Peter Power and his simulation on the same day it really happened.

http://www.youtube.com/watch?v=KJUVqcNDZlk

Realpra

hero member

Activity: 815

Merit: 1000

Proportionally they have not lost that much compared to the BTC hacks.

I don't think security is Bitcoin's strong point, in fact it may be the only point where the regular system wins.

Yes you can use BTC safely if you are just a little savvy, but most people are idiots with computers.

We should "sell" BTC on other points and perhaps recommend online wallet services to the noobs.

opticbit

hero member

Activity: 695

Merit: 502

PGP: 6EBEBCE1E0507C38

I saw something about 80 banks having a vulnerability. Someone tried to warn them. Maybe 20 listend, or 20 are yet to be attacked?

only 1.25M / bank? - under achiever.

ArticMine

legendary

Activity: 2282

Merit: 1050

Monero Core Team

Not much impact on Bitcoin. The banks themselves were not hacked. What was hacked were end user computers running Microsoft Windows and a similar kind of attack can be launched to steal Bitcoins. I myself have removed Bitcoin stealing and mining malware form Microsoft Windows computer. The solution here is to deal with the attack vector namely: Microsoft Windows. I have refused to do any online banking or any other financial transaction from a Microsoft Windows machine for over 6 years. I use GNU/Linux for this purpose and that includes Bitcoin transactions. When it comes to Bitcoin this includes refusing to host on a Microsoft Windows machine a Bitcoin wallet that has any of my personal private keys. As for backing up an encrypted, with Truecrypt, wallet.dat on a Microsoft Windows computer that is of course fine.

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Quote from: Stephen Gornick on June 27, 2012, 06:26:47 PM

Ok, things aren't adding up here.

Quote

To further hide the criminal activity, the hackers alter bank statements, leaving the victims clueless to the transactions.

- http://www.scmagazine.com.au/News/306602,ongoing-racket-drains-high-roller-bank-accounts.aspx

So whose multifactor authentication was compromised? The customer cannot alter their own bank statement.

If it was the customer's chip and pin system (or whatever they use) to blame, then the problem wouldn't be hacked bank statements.

So, my bet is that this is a compromise of the banks internal systems and not just compromises on the customer side.

From what I read, Zeus and Spyeye use a kind of MTIM attack that waits for the users to make a transfer of their own, but modifying the recipient and the ammount. After, the clueless user inserts the TAN and aproves the transfer Cheesy

Banks like that way of exploiting because they can blame the users and leave them empty handed Wink

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Ok, things aren't adding up here.

Quote

To further hide the criminal activity, the hackers alter bank statements, leaving the victims clueless to the transactions.

- http://www.scmagazine.com.au/News/306602,ongoing-racket-drains-high-roller-bank-accounts.aspx

So whose multifactor authentication was compromised? The customer cannot alter their own bank statement.

If it was the customer's chip and pin system (or whatever they use) to blame, then the problem wouldn't be hacked bank statements.

So, my bet is that this is a compromise of the banks internal systems and not just compromises on the customer side.

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

What are the chances that the RBS / Nat West / Ulster Bank problems last week were truly because of "problems with an upgrade"?

I can't see how those two tools Zeus and SpyEye would have control of enough systems where multifactor authentication is used to be successful at draining $75 million worth of funds. I'ld suspect most of the exploited systems were not using multifactor (e.g., time based PIN on a smartcard or like what Yubikey offers) or with method they had there was some vulnerability (e.g., account recovery process) that provided some way to bypass multifactor.

Either way, I wonder which is a worse fate ... that the banks are insolvent or that they are incompetent?

Be prepared!

Time To Perform Your Own Bank Stress Test
- http://www.bitcoinmoney.com/post/26014446677

carafleur

member

Activity: 113

Merit: 10

[email protected]

For what it's worth, there's a link to the original McAfee Report :

https://www.mcafee.com/us/resources/reports/rp-operation-high-roller.pdf

just reading

dirtycat

sr. member

Activity: 456

Merit: 250