[ISN] Hack Attacks: Texas, Swedish Banks Reveal Breaches

From: InfoSec News (alerts@private)
Date: Thu Jan 31 2008 - 23:16:53 PST


http://www.bankinfosecurity.com/articles.php?art_id=687

By Linda McGlasson
Managing Editor
BankInfoSecurity.com
January 31, 2008

In the wake of news about insider fraud at French bank Societe Generale, 
two different banks in two different countries have acknowledged 
information security breaches that underscore the need for increased 
vigilance - by financial institutions and their customers.

In Forth Worth, Texas, OmniAmerican Bank announced it had stopped 
hackers who had broken into the bank's online banking system and were 
taking monies from customer accounts through ATM withdrawals. 
OmniAmerican has more than $1 billion in assets and 17 branches and is 
one of the largest independent banks in the Forth Worth area.

In Uppland County, Sweden, authorities announced the arrests of seven 
cybercriminals who were stopped seconds before their crew made off with 
millions from an unidentified Swedish bank. The criminals had 
surreptitiously installed equipment on a computer at the bank that would 
allow the hackers to divert online funds to other accounts.


Hackers Halted in Texas

In OmniAmerican Bank's case, the bank's information security team 
detected fraudulent activity on some customer accounts, and the bank 
placed temporary limits on some ATM and debit card transactions. The 
team discovered the activity during the evening of January 18.

At the same time, the bank suspended access to some electronic banking 
services, but access to those services was restored on January 21. 
Because of the breach, the bank says it is issuing new check cards, ATM 
cards and personal identification numbers to customers to guard against 
"future fraudulent activity." Letters alerting bank customers of the 
fraudulent activity were delivered by mail.

In a statement issued by the bank, Tim Carter, president and CEO, says: 
"OmniAmerican has always placed a top priority on protecting our 
customers. Our security team felt these measures were the most prudent 
to protect our customers and the bank. Only electronic services were 
affected, and all other banking services remain unaffected."

"Unfortunately, the threat of cybercrime is a risk faced by all 
financial institutions," Carter adds. "We must remain vigilant in 
attempting to thwart such activity through the updating and continual 
monitoring of technologically advanced security systems, as well as 
through professional diligence."

Carter told a local Fort Worth newspaper that approximately 40,000 cards 
were reissued, and the system break-in was the work of a sophisticated 
international gang of cybercriminals who withdrew funds from ATMs 
located outside of Texas. Losses were minimal, Carter adds, noting that 
no customers would suffer any loss, and that fewer than 100 accounts 
were compromised -- most of them dormant and all restricted to 
withdrawals of $1000 per day.

The bank thwarted the hackers by first stopping all ATM withdrawals 
outside of Texas, and then suspending ATM and debit card services during 
its initial investigation. A note on the online banking website page 
told bank customers, "We apologize for the temporary restriction of our 
ATM and debit card services. You are a valued customer and we realize 
the temporary restrictions placed on our ATM and debit card services 
have created some inconveniences for you. Please be assured the 
restrictions were put in place to protect all of our customers and we 
know now that this action was successful in defeating this targeted 
fraudulent activity. The security of your money and the privacy of your 
identity are our ultimate concern."

On Jan. 30, the bank's spokesperson, Randi Mitchell, said she had no 
further details, and until the ongoing law enforcement investigation was 
completed, the bank would not disclose any additional information.


Plug Pulled in Sweden

According to a statement made by Thomas Balter Nordenman, the prosecutor 
in charge of the Swedish case, the would-be hackers placed advanced 
technical equipment under an employee's desk that allowed them to take 
remote control of the computer. When the employee saw the computer begin 
an operation to transfer millions from the bank into another account, he 
pulled the cable to the discovered device and stopped the transfer at 
the last second.

The prosecutor said the attempted robbery occurred last August at an 
unidentified bank north of Stockholm. Details of the event were released 
only after the seven suspects, all from the Stockholm region, were 
arrested earlier in the week, amidst their preparations for another bank 
robbery. Police noted some of the suspects have previous fraud records.

This investigation continues.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Thu Jan 31 2008 - 23:27:24 PST