[Moderator: "changed the firewall password to prevent further.." If a bank is relying on a single firewall as the only means of stopping this kind of transaction...] From: Nicholas Charles Brawn <ncb05at_private> 01Dec98 TAIWAN: HACKERS SNEAK NT$50M OUT OF TAIPEI BANK (421). A hacker broke into a Taiwan bank's computer system and successfully transferred NT$50 million to a foreign savings account, according to the United Evening News, but the bank in question did not report the theft, fearing its credit rating would suffer or depositors would panic. The Taipei bank's staff discovered somebody was able to enter the bank's Internet computer system and wire the funds to a foreign account. The discovery was made a day after the transfer. By this time, the remitted funds had already been withdrawn from the foreign bank. At this point, the bank changed the "firewall" password to avoid further thefts, the paper said. Police visited the bank upon hearing of the heist, but were told by a bank official the bank's board of directors had decided to absorb the loss without reporting it because it did not want its clients to panic. The official added that the NT$50 million loss would not unduly affect the bank's annual profits estimated in the billions of New Taiwan dollars. Police did find out that the hacker was able to gain access to the auditor code of a second level supervisor at the bank to access the third level of security of the bank's Internet system. Police believe that because the security system was designed to be impenetrable to hackers, the theft was committed either by the installers of the system or technical staff at the bank. They are continuing with their investigation. Staff members at various banks were not surprised by the theft, the paper said. In order to protect against hackers, banks install firewalls at each level of security. There are firewalls to keep outsiders from breaking into the general banking system and there are firewalls to protect against infiltration of higher levels of security by low-level employees. Once these barriers are penetrated, bank workers told the paper, there is nothing that a thief could not take. Banks are weary of expanding Internet banking transactions because computer systems are not yet hacker-proof. To date, clients are limited to moving funds between their bank accounts using the Internet. CHINA NEWS 01/12/1998 -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:04 PDT