[ISN] Taiwan: Hakcers sneak NT$50M out of Taipei Bank

From: mea culpa (jerichoat_private)
Date: Wed Dec 02 1998 - 17:52:30 PST

  • Next message: mea culpa: "[ISN] New newsletters: Internet Services and Security"

    [Moderator: "changed the firewall password to prevent further.." If a 
     bank is relying on a single firewall as the only means of stopping this
     kind of transaction...]
    From: Nicholas Charles Brawn <ncb05at_private>
    A hacker broke into a Taiwan bank's computer system and successfully
    transferred NT$50 million to a foreign savings account, according to the
    United Evening News, but the bank in question did not report the theft,
    fearing its credit rating would suffer or depositors would panic. 
    The Taipei bank's staff discovered somebody was able to enter the bank's
    Internet computer system and wire the funds to a foreign account. The
    discovery was made a day after the transfer. By this time, the remitted
    funds had already been withdrawn from the foreign bank. 
    At this point, the bank changed the "firewall" password to avoid further
    thefts, the paper said. 
    Police visited the bank upon hearing of the heist, but were told by a bank
    official the bank's board of directors had decided to absorb the loss
    without reporting it because it did not want its clients to panic. The
    official added that the NT$50 million loss would not unduly affect the
    bank's annual profits estimated in the billions of New Taiwan dollars. 
    Police did find out that the hacker was able to gain access to the auditor
    code of a second level supervisor at the bank to access the third level of
    security of the bank's Internet system. 
    Police believe that because the security system was designed to be
    impenetrable to hackers, the theft was committed either by the installers
    of the system or technical staff at the bank. They are continuing with
    their investigation. 
    Staff members at various banks were not surprised by the theft, the paper
    said. In order to protect against hackers, banks install firewalls at each
    level of security. There are firewalls to keep outsiders from breaking
    into the general banking system and there are firewalls to protect against
    infiltration of higher levels of security by low-level employees. 
    Once these barriers are penetrated, bank workers told the paper, there is
    nothing that a thief could not take. 
    Banks are weary of expanding Internet banking transactions because
    computer systems are not yet hacker-proof. To date, clients are limited to
    moving funds between their bank accounts using the Internet. 
    CHINA NEWS 01/12/1998 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:04 PDT