Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch » The Technological

The 'Growing' Threat to Business Banking Online

Growing? It's growing?


Get It

Try It

Truth be told, Brian Krebs does an ultimately thankless job. Brian collates Internet security disasters and guess whose platform gets hit time and again?

Nope - wasn't Gentoo. Wasn't Ubuntu either. Or Kubuntu. Or SunOS. Or Slackware or Mandriva or Red Hat or Fedora. Or Mac OS X.

Strange.

Brian's original title for his article - visible in the URL - was 'The Pitfalls of Business Banking Online'. His editor probably changed it. Saying there are 'pitfalls' as in 'pitfalls that have always been there' doesn't sound too good. It sounds scary. Saying 'the growing threat' creates the deliberately false illusion something's happened of late and things haven't always been this bad.

But they have indeed always been this bad - as long as Microsoft Windows is out there and idiots are still using it.

Joe Six Pack might be clinically demented but banks and corporations? What excuses do they have? There are none. But there can be realistic explanations. Of which the following are typical.

  • A senior VP wants to use Excel to plan his holidays and prefers doing it on Windows.

  • A senior VP has never used any mail client other than Outlook. A paragon of corporate management wisdom and skills, the troglodyte lacks the cerebral wherewithal to adjust to a new platform and new software.

  • Network administration is handled by bargain basement Microsoft Certifiable Professionals who've never seen a forward slash in a path, a system without drive letters, and never heard the word 'Unix' and wouldn't know how to spell it, and also lack cerebral wherewithal - in this case to do the research and migrate their company to safety.

Case 1: Bullitt County

A Windows PC belonging to the county administration of Bullitt County Kentucky was hacked, yielding $415,000 after hackers used the zombie box to organise wire transfers to the Ukraine. Yet a few days after Brian initially ran the story, someone in Bullitt County contacted him to tell him that $415,000 was only the 'tip of the iceberg'.

The source - within Bullitt County law enforcement - said several other businesses had been hit and lost money in similar attacks. The source insisted on remaining anonymous. Now gee whiz how could this attack have propagated?

You get one guess.

Case 2: Western Beaver

The same day Bullitt law enforcement contacted Brian the Western Beaver School District of Pittsburgh filed a lawsuit against ESB Bank. They charge that crooks siphoned more than $700,000 from their account in 74 separate transactions in a 48-hour period to 42 different individuals acting as 'money mules' for an overseas gang.

Guess what operating system ESB use?

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 19167
Content-Type: text/html; charset=utf-8
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: CmsParam_mode=Content; path=/
Date: Mon, 27 Jul 2009 18:31:53 GMT
Connection: close

(You can always tell with jokers like this because their web servers are always configured incorrectly.)

Case 3: Gainesville Georgia

Brian then heard from Slack Auto Parts in Gainesville Georgia. They got hit for $75,000. (Chicken feed. Chump change. Zz.)

Henry Slack's got Apache on his server but there's got to be something Microsoft inside those attractive offices. In fact he says outright - quoting Brian Krebs - 'cyber intruders used malware planted on the controller's Windows PC'.

What's a controller doing running Microsoft Windows?

'From there, they were able to break into the company's bank accounts, create new user accounts at the bank, and then wire nine payments to at least six different money mules around the country.'

Now get this:



'A scan by the company's antivirus software and a hired cyber security expert turned up no evidence of malware.'

Things depend on what software you use and who you regard as an expert:

'Another investigator found the company controller's PC had been infected with an extremely stealthy trojan called Clampi aka Ligats aka Rscan.'

'The keystroke logging trojan resided on the company's systems for more than a year before being used by the attackers.'

Who told these morons they could use Windows safely and securely? Who didn't warn them but could have? Why didn't they themselves do the research?

'NFC'

Gartner banking fraud analyst Avivah Litan told Brian many banks use very few fraud detection mechanisms for their clearing systems but instead place anti-fraud stuff on the 'front end'. That obviously doesn't work too well.

Henry Slack is through with banking online. He's switched banks too.

'We've established a new bank account with a bank that has branches in all of our markets. And it's view-only. It can't be used to do any transactions. We just can't afford to let this happen again.'

No of course not. Who could? And Henry could get a clue tomorrow and replace his Windows systems with something safe - after all it's Henry who screwed up, not the bank - but can the bank get a clue too? Can Henry 'bank' on it?

The threat isn't 'growing' - it's always been there. But it's only now people are talking so much about it - talking about how they and their banks get hacked. It's been going on all along. And it's always Microsoft Windows behind the attacks. Always.

What are you running at home? In your office? What do they use at your bank? Have you checked?

Don't you think it's about time you got half a clue like Henry Slack?

See Also
Security Fix: The Growing Threat to Business Banking Online

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.