Thursday, December 5, 2013

Big Banks Are Being Hit With Cyberattacks “Every Minute Of Every Day”

Cyber Theft - Photo by d70focusWhat would you do if you logged in to your bank account one day and it showed that you had a zero balance and that your bank had absolutely no record that you ever had any money in your account at all?  What would you do if hackers shut down all online banking and all ATM machines for an extended period of time?  What would you do if you requested a credit report and discovered that there were suddenly 50 different versions of "you" all using the same Social Security number?  Don't think that these things can't happen.  According to Symantec, there was a 42 percent increase in cyberattacks against U.S. businesses last year.  And according to a recent report in the Telegraph, big banks are being hit with cyberattacks "every minute of every day".  These attacks are becoming more powerful and more sophisticated with each passing year.  Most of the time the general public never hears much about the cyberattacks that are actually successful because authorities are determined to maintain confidence in the banking system.  But if people actually knew the truth about what was going on, they would not have much confidence at all.
At this point, the attacks have become so frequent that there is literally no break between them.  According to the Telegraph, major financial institutions are continually under assault, and the total number of attacks is constantly increasing...
Every minute, of every hour, of every day, a major financial institution is under attack.
Threats range from teenagers in their bedrooms engaging in adolescent “hacktivism”, to sophisticated criminal gangs and state-sponsored terrorists attempting everything from extortion to industrial espionage. Though the details of these crimes remain scant, cyber security experts are clear that behind-the-scenes online attacks have already had far reaching consequences for banks and the financial markets.
The amount of money that some of these hackers are stealing is absolutely staggering.  For example, during "Operation High Roller" thieves got away with somewhere between 78 million and 2.5 billion dollars...
Dissected last year, Operation High Roller marked one of the biggest online thefts to have been made public. According to details of the investigation, somewhere between $78m (£48m) and $2.5bn was last year stolen from thousands of bank accounts across Europe, the US and Latin America.
Among the customers targeted were rich individuals and high-value commercial accounts, with sophisticated software identifying the victims’ main bank accounts and transferring money to prepaid debit cards which could be cashed anonymously. Once the money had been taken, the hackers were able to hide their thefts by changing the victims’ bank balances so they appeared unaltered.
Do you find it unsettling that the authorities don't even know how much money was actually stolen?
I do.
And earlier this year, another gang of cyberthieves was able to steal 45 million dollars from ATM machines...
A global posse of cyberthieves, armed with laptops in place of guns, hacked into financial institutions and stole $45 million from automated teller machines in a first-of-its-kind heist made for the 21st century, authorities in New York said Thursday.
Over a seven-month period ending last month, the authorities said, hackers broke into computer networks of financial companies in the United States and India and eliminated the withdrawal limits on prepaid debit cards.
Then, people involved in the heist withdrew tens of millions of dollars from ATMs in Manhattan and more than 20 other places around the world. In one case, surveillance cameras picked up a member of the “cashing crew” going from machine to machine, his cash-stuffed bag growing bigger with each hit.
But thefts involving tens of millions of dollars are just the beginning.
In the future, gangs of hackers, terror organizations or even foreign governments could use cyberattacks to bring the entire system down.
John McAfee (formerly of McAfee Associates) recently warned that we are now entering an era of apocalyptic cyberattacks.  He said that in the "next world war … the aggressors will be people sitting at home in armchairs while their software turns … all of our guns, our bombs … against us."
The truth is that it is not just our financial system that is vulnerable.  Literally anything that is connected to the Internet could be attacked.
And that is a lot of stuff.
But for now, the big financial institutions remain the most prominent target.  Just this week, we learned that a successful cyberattack on JPMorgan Chase resulted in the theft of the personal information of close to half a million corporate and government clients...
Personal information of nearly half a million corporate and government clients who hold prepaid cash cards issued by JPMorgan Chase & Co. (NYSE:JPM) may have been compromised in a cyberattack that took place on the bank’s network in July, the bank warned on Wednesday.
Corporations use JPMorgan’s cash card, known as UCard, to pay salaries, while government agencies use it for issuing tax refunds and unemployment benefits. JPMorgan said it discovered in September that web servers supporting its site, www.ucard.chase.com, had been hacked, potentially involving unauthorized access to the personal information of 465,000 cardholders, according to a Reuters report.
The issue was soon fixed and the incident has been brought to the attention of law enforcement authorities, JPMorgan said, adding that the bank has been trying to identify how many accounts were compromised in the attack.
Of course this was not the first major "technical glitch" that JPMorgan Chase has encountered this year.  In fact, earlier this year thousands upon thousands of their customers logged into their bank accounts only to discover that their balances had all been reset to zero.  That problem was fixed shortly thereafter, but I guarantee you that all of the customers that witnessed that "glitch" will remember it for a very long time.
And certainly JPMorgan Chase is far from alone in dealing with these kinds of issues.  In fact, major U.S. bank websites were offline for a combined total of 249 hours during just one six week period earlier this year.
When it comes to the Internet, nobody is ever entirely safe.  Every major website and every major company are being targeted.  According to USA Today, a cyberattack that began on October 21st has resulted in the theft of the login information for about 2 million Internet accounts...
Almost 2 million accounts on Facebook, Google, Twitter, Yahoo and other social media and Internet sites have been breached, according to a Chicago-based cybersecurity firm.
The hackers stole 1.58 million website login credentials and 320,000 e-mail account credentials, among other items, the firm Trustwave reported. Included in the breaches were thefts of 318,121 passwords from Facebook, 59,549 from Yahoo, 54,437 from Google, 21,708 from Twitter and 8,490 from LinkedIn. The list also includes 7,978 from ADP, the payroll service provider. According to a Trustwave blog, "Payroll services accounts could actually have direct financial repercussions."
So be cautious on the Internet.  The bad guys are out there, and they are becoming more sophisticated with each passing day.
And if you think that "the government will protect us", you are just being naive.
In fact, government agencies cannot even protect themselves from these guys.  For example, identity thieves have been making fools of the IRS for years...
The Internal Revenue Service sent 655 tax refunds to a single address in Kaunas, Lithuania -- failing to recognize that the refunds were likely part of an identity theft scheme. Another 343 tax refunds went to a single address in Shanghai, China.
Thousands more potentially fraudulent refunds -- totaling millions of dollars -- went to places in Bulgaria, Ireland and Canada in 2011.
In all, a report from the Treasury Inspector General for Tax Administration today found 1.5 million potentially fraudulent tax returns that went undetected by the IRS, costing taxpayers $3.6 billion.
So if you are waiting for the incompetent U.S. government to fix this problem, you are going to be waiting for a very, very long while.
As a society, we are constantly becoming even more dependent on the Internet.
Meanwhile, the attacks on the Internet are continually becoming even more sophisticated.
At some point those attacks are going to cause some major league problems.
It is just a matter of time.

No comments:

Post a Comment