Scam of the day – May 6, 2016 – Hacking group Anonymous threatens world banks

The world banking system is an increasing target of hackers and cybercriminals.   The recent cyber bank robbery of the Bangladesh Central Bank in which hackers succeeded in stealing approximately 81 million dollars is just the tip of the iceberg.  I reported to you in February of 2015 about the exploits of the Russian cybergang Carbanak that stole as much as a billion dollars from up to a hundred banks worldwide.  The full extent of the vulnerability of banks to cybercrime is still unknown because it is believed that many banks that have been victimized by cybercriminals don’t report the thefts to regulatory authorities due to vague standards mandating the reporting of such security breaches.

Now the international hacking collective Anonymous has announced on YouTube a new  month-long campaign they are launching against banks around the world. They are referring to this campaign as Operation Icarus.   Already, Anonymous has managed to take down the website of the Bank of Greece for a short period of time.  The Bank of Greece has indicated, however, that no personal information was accessed and no data was lost.  It remains to be seen how serious a threat is posed by the Anonymous’ campaign against the banks, but it will be interesting to see what happens over the next month.

Here is a link to the video announcement of Anonymous of its campaign against the banks of the world.  https://www.youtube.com/watch?v=GpGWaa3uCNo

TIPS

The vulnerabilities in the interconnected world banking system as well as vulnerabilities in the security of individual banks have been and are being exposed by hackers such as those in Carbanak and those responsible for the hacking of the Central Bank of Bangladesh.  Greater attention to cybersecurity by banks around the world is critical.  In addition, regulators both in the United States and around the world need to establish new standards by which all banks must operate to safeguard their accounts.  As for we, the depositors in these institutions, the best we can do is monitor our own accounts regularly for fraudulent activity and make sure that we are not the weakest link when it comes to protecting our user name and password when doing online banking.  We should also use dual factor authentication when doing online banking as an additional security measure.

Scam of the day – March 12, 2016 – Hackers steal 81 million dollars from Bangladesh bank

Early last month cybercriminals hacked into Bangladesh’s central bank and managed to steal approximately 81 million dollars, however, it could have been worse.  If it weren’t for a spelling error, the theft could have approached a billion dollars.   Although the investigation into this crime is still in its early stages, it appears that as with so many types of cybercrimes, this one started with social engineering spear phishing which lured bank employees to unwittingly download the malware used by the hackers to infiltrate the bank’s computers and obtain not just the passwords and cryptographic keys used for electronic fund transfers, but also the emails of bank employees so that they could copy and adapt the emails by which they made their transfers appear legitimate.    Armed with this information, the cybercriminals sent dozens of account transfer requests from the Bangladesh central bank to the Federal Reserve Bank of New York where the Bangladesh central bank has accounts containing billions of dollars.  The account transfer requests processed by the Federal Reserve Bank of New York electronically sent about 81 million dollars to accounts in the Philippines where the funds were transferred multiple times including transfers to Philippine casinos in an effort to launder the money.

Four transfer requests totaling approximately 81 million dollars were processed in this cyber bank heist when the fifth transfer request to a supposed Sri Lankan non-profit organization aroused suspicion with Deutsche Bank, a routing bank in the transaction due to the misspelling of “foundation” as “fandation” prompting  a closer investigation of the transfer request.  At the same time, the Federal Reserve also became suspicious at the large number of transfer requests being made to private entities instead of banks, halted the remaining transfer requests and contacted the Bangladesh central bank.

TIPS

All businesses and governmental agencies have got to do a better job at cybersecurity in general.  In particular, greater attention has to be paid to the dangers of social engineering spear phishing which has been at the root of the almost all of the major data breaches at both companies like Target and governmental agencies, such as the Office of Personnel Management.