Scam of the day – February 17, 2015 – Billion dollar international bank hacking

Russian cybersecurity company, Kasperky Lab issued a report yesterday disclosing what may well be the biggest bank hacking in history.  The hacking of more than 100 banks in the United States, Japan, Switzerland, the Netherlands and primarily Russia was accomplished by a criminal group called the Carbanak cybergang composed of Russians, Chinese and Europeans who through advanced malware installed on the computers of the targeted banks permitted the hackers to infiltrate the computers of the banks’ employees in charge of cash transfer systems and ATMs.  They then installed a remote access tool (RAT) on these employees’ computers that enabled the hackers to see everything done on these employees’ computers with the goal of mimicking the look of legitimate transactions when the hackers activated electronic transactions and programmed ATMs to dispense money at specific times to steal as much as a billion dollars over the last two years.

TIPS

As of today, no bank has admitted that it was one of the affected banks.  This makes fighting similar attacks more difficult, which is one reason President Obama has recently been advocating for a law to mandate public disclosure of such security breaches by financial institutions.  An important aspect to this hacking that has been often overlooked in some early reporting of the story is that although the malware used to perpetrate this crime is amazingly sophisticated, the planting of the sophisticated malware into the computers of the targeted banks was accomplished by old-fashioned phishing emails that lured the bank employees to click on infected link.  Everyone including companies, governments and private individuals have got to do a better job of not clicking on links no matter how legitimate they may appear until you have confirmed that they are indeed legitimate. Remember my motto, “trust me, you can’t trust anyone.”

Scam of the day – June 13, 2014 – ATM hacked by 14 year olds

Recently two 14 year old boys in Canada were able to locate online an operator’s manual for ATMs.  Matthew Hewlett and Caleb Turon then decided to try out the instructions to see if they could get access to an ATM.  They went to an ATM at a local super market and were surprised to find that the operator’s manual gave them all of the information they needed to reprogram the ATM with the exception of the password for the ATM, which they managed to guess on their first try by using 000000 which is a common default setting for many ATMs.  The boys did not exploit the lax security of the Bank of Montreal ATM they hacked, but rather reported it to the bank.  The boys did the hacking on their lunch hour and were late returning to school, however Bank of Montreal officials wrote them a letter on bank stationary requesting that their tardiness returning to school for afternoon classes be excused.  The bank should have paid them a reward for exposing their lax security.

TIPS

Too many companies and people still use the default passwords on many of their devices. This should be a good wake up call to everyone that it is important to have a different, complex password for all of your electronic devices.