Author

Topic: 60 banks hacked, millions stolen! (Read 2364 times)

hero member
Activity: 609
Merit: 501
peace
June 28, 2012, 10:00:02 AM
#12
Quote
The details of the global fraud come just a day after the MI5 boss warned of the new cyber security threat to UK business.
Oh those coincidences remind me of Peter Power and his simulation on the same day it really happened.

http://www.youtube.com/watch?v=KJUVqcNDZlk
hero member
Activity: 815
Merit: 1000
June 28, 2012, 09:43:06 AM
#11
Proportionally they have not lost that much compared to the BTC hacks.

I don't think security is Bitcoin's strong point, in fact it may be the only point where the regular system wins.

Yes you can use BTC safely if you are just a little savvy, but most people are idiots with computers.


We should "sell" BTC on other points and perhaps recommend online wallet services to the noobs.
hero member
Activity: 695
Merit: 502
PGP: 6EBEBCE1E0507C38
June 27, 2012, 06:17:03 PM
#10
I saw something about 80 banks having a vulnerability.  Someone tried to warn them.  Maybe 20 listend, or 20 are yet to be attacked?

only 1.25M / bank? - under achiever.
legendary
Activity: 2282
Merit: 1050
Monero Core Team
June 27, 2012, 06:03:08 PM
#9
Not much impact on Bitcoin. The banks themselves were not hacked. What was hacked were end user computers running Microsoft Windows and a similar kind of attack can be launched to steal Bitcoins. I myself have removed Bitcoin stealing and mining malware form Microsoft Windows computer. The solution here is to deal with the attack vector namely: Microsoft Windows. I have refused to do any online banking or any other financial transaction from a Microsoft Windows machine for over 6 years. I use GNU/Linux for this purpose and that includes Bitcoin transactions. When it comes to Bitcoin this includes refusing to host on a Microsoft Windows machine a Bitcoin wallet that has any of my personal private keys. As for backing up an encrypted, with Truecrypt, wallet.dat on a Microsoft Windows computer that is of course fine.
legendary
Activity: 1358
Merit: 1002
June 27, 2012, 05:37:34 PM
#8
Ok, things aren't adding up here.

Quote
To further hide the criminal activity, the hackers alter bank statements, leaving the victims clueless to the transactions.
- http://www.scmagazine.com.au/News/306602,ongoing-racket-drains-high-roller-bank-accounts.aspx

So whose multifactor authentication was compromised?  The customer cannot alter their own bank statement. 

If it was the customer's chip and pin system (or whatever they use) to blame, then the problem wouldn't be hacked bank statements.

So, my bet is that this is a compromise of the banks internal systems and not just compromises on the customer side.

From what I read, Zeus and Spyeye use a kind of MTIM attack that waits for the users to make a transfer of their own, but modifying the recipient and the ammount. After, the clueless user inserts the TAN and aproves the transfer Cheesy
Banks like that way of exploiting because they can blame the users and leave them empty handed Wink
legendary
Activity: 2506
Merit: 1010
June 27, 2012, 05:26:47 PM
#7
Ok, things aren't adding up here.

Quote
To further hide the criminal activity, the hackers alter bank statements, leaving the victims clueless to the transactions.
- http://www.scmagazine.com.au/News/306602,ongoing-racket-drains-high-roller-bank-accounts.aspx

So whose multifactor authentication was compromised?  The customer cannot alter their own bank statement.  

If it was the customer's chip and pin system (or whatever they use) to blame, then the problem wouldn't be hacked bank statements.

So, my bet is that this is a compromise of the banks internal systems and not just compromises on the customer side.
legendary
Activity: 2506
Merit: 1010
June 27, 2012, 05:10:05 PM
#6
What are the chances that the RBS / Nat West / Ulster Bank problems last week were truly because of "problems with an upgrade"?

I can't see how those two tools Zeus and SpyEye would have control of enough systems where multifactor authentication is used to be successful at draining $75 million worth of funds.  I'ld suspect most of the exploited systems were not using multifactor (e.g., time based PIN on a smartcard or like what Yubikey offers) or with method they had there was some vulnerability (e.g., account recovery process) that provided some way to bypass multifactor.

Either way, I wonder which is a worse fate ... that the banks are insolvent or that they are incompetent?

Be prepared!

Time To Perform Your Own Bank Stress Test
 - http://www.bitcoinmoney.com/post/26014446677
member
Activity: 113
Merit: 10
June 27, 2012, 03:31:33 PM
#5
For what it's worth, there's a link to the original McAfee Report :

https://www.mcafee.com/us/resources/reports/rp-operation-high-roller.pdf

just reading
sr. member
Activity: 456
Merit: 250
June 27, 2012, 03:01:54 PM
#4


I was reading that this morning.. not much information on how it was done all they keep yappin about is zeus and spyeye "siphoning".. NEED MORE INFO!
full member
Activity: 195
Merit: 100
June 27, 2012, 03:00:39 PM
#3
shhh. I'm still in escrow on my island.
vip
Activity: 571
Merit: 504
I still <3 u Satoshi
June 27, 2012, 02:57:16 PM
#2
are there other sources?
legendary
Activity: 1022
Merit: 1001
I'd fight Gandhi.
June 27, 2012, 12:37:50 PM
#1
Jump to: