Hackers Take $1 Billion a Year as Banks Blame Clients for Crime

[Astrohacker]

http://www.bloomberg.com/news/2011-08-04/hackers-take-1-billion-a-year-from-company-accounts-banks-won-t-indemnify.html

Let us all note that the existing banking system is not immune to theft. Bitcoin is no different from dollars in that respect.

[FlipPro]

“critical shortage of investigators with the knowledge and expertise to analyze the ever increasing amounts of potential digital evidence.”

This is the field to specialize in right here guys  . I think there will be a huge spike in digital forensics in the near future.

[indio007]

Thx for the post. I think some people need to have things put in to a more realistic perspective for them.

[Jack of Diamonds]

Stealing from corporate accounts is free money. It's one of the best underground businesses.

If you withdraw sums below ~$100k per company, your risk of getting caught is pretty much zero, because most countries in the world have next to no police officers working in digital forensics. The sum would also be too small for them to consider investing serious resources in finding you.
 
This is called the 'sweet spot', where it doesn't pay off to fund the working hours, expertise and resources needed to catch the offender.
If you stole $20M per company it would be a whole different story. $1B a year is still very low compared to overall credit fraud for example.

Funding digital forensics also carries a much higher risk than financing homicide investigations, traditional wire fraud or stock market scams.

Many types of online data theft can be masked perfectly if done with a program like Zeus by a non-amateur.
Since there is literally no way of ever knowing who ends up with the data, you are forced to either try following the money by mule withdraws in other countries (usually eastern Europe) or just give up.
Even then you only catch mules and not the thief himself.

[indio007]

Just out of curiosity . Would Zeus work if you did the online banking in a secure virtual machine instance while it is on the host PC?

[Jack of Diamonds]

Just out of curiosity . Would Zeus work if you did the online banking in a secure virtual machine instance while it is on the host PC?

Not if you use a guest account or a restricted acc., it relies on administrator access for a XSRF browser attack. It can also target executable desktop banking clients.
The newer versions are much more advanced & sell for up to 200,000 rubles ($8k US dollars), over twice as much as a year ago.

Those can capture the entire desktop feed (like teamviewer etc.) and when you're logged in after using a one-time PIN, it hooks the mouse API making it freeze & gives attacker time to transfer out all the cash.

If the bank uses double confirmation (additional random one-time PIN sheet to confirm payment), the attack can't be executed. Most banks don't use double confirmation. Credit Suisse, Nordea, Banque de France are some banks that use d.c.
Also if the client gets suspicious and reboots the machine, the attack fails.

If the bank requires phone verification for large (or sudden multiple) transfers, the attack also becomes impossible.

[DrKennethNoisewater]

I bank at one of the biggest crony firms, my acct has been jacked 2 times in 6 months and I'm a small fish.

I was talking with my neighbor about going to a smaller credit union down the street and he says he banks there already and has been jack about
2 times in the past 6-8 months as well.

I think the big banks have 0 desire to stop electronic fraud (debit cards, blink chips etc.) because there's to much money being made in the
"prevention" of it. I would also dare venture say the Crony banks own these firms.

It's just like the "War on Drugs" and the "War on Terror."

All a big joke.....................

[Blackout]

I think this is such a line of bullsh&^... the banks freeze accounts when you're trying to buy a fridge that is more expensive than you've bought before, but they can't stop or don't check huge transfers...!? It's a load of malarchy and the banks are probably pocketing the exact amount supposedly or doubling it since it's fake money to begin with created by them, then backed by nothing tangible, then backed against fraud with insurance for THEM - not the client or holder of the account - so they stick it to the company or person.. making double or triple profit.

The time of these banks to end is here.


Honest monetary exchange must return.

Plus - this is reported by Bloomburg and I trust Bloomburg as much I trust a fart is not smelly. A fart IS smelly, and Bloomburg IS a fart, and therefore of the stinketh.