IT hasn’t had an enormous amount of media attention here in Australia, but last month details emerged of the world’s biggest bank heist.
John Griffiths.
ATMs started spewing wads of cash out on to the street just as members of the gang happened to be walking by.
Random bank accounts were inflated with extra zeroes and the excess money transferred internationally.
It’s believed in the order of a billion dollars was stolen. At least $300 million has been confirmed by the security firm brought in by some of the banks to get to the bottom of it.
And how did they pull this off? Just emailing tempting attachments to people working in banks.
Eventually someone clicks on the attachment and, as far as they know, nothing happens. Quietly in the background lots of things start to happen, but the miserable click-happy user has no idea about it.
Until, that is, very serious people drag them into a room with no windows to have very long and detailed conversations about exactly why they clicked on the dodgy attachment that led to millions of dollars in losses.
Back in the dawn of the internet nihilistic nerds tried to write viruses named after their ex-girlfriends just to wreak maximum destruction on a world they felt had wronged them.
Now a much smarter crew are building on that legacy to get filthy rich at the expense of the banking system.
(A few small donations to charity and they’ll be on the way to folk-hero status.)
Those who follow these things find their minds turning to the Stuxnet virus, a very subtle beast that spread throughout the world in 2010 until it found its target.
The target in that case was Iranian computers operating nuclear enrichment centrifuges. When it found itself on one of those it turned the centrifuge up to full power and kept it spinning until the centrifuge shook itself to pieces.
Fortunately for the millions of computers infected in the hunt for ones running Iranian nuclear weapons programs, the Stuxnet virus was so carefully created it deleted itself, throughout the world, on June 24, 2012.
In the last few weeks there have been still more revelations from the Russian security experts at the Kaspersky Lab (possibly with the help of very annoyed Russian security services) of just how vastly compromised the world’s computers are with the American National Security Agency’s clever worms burrowing into everything and everywhere as part of the Equation Group.
The problem with this vast concentration of hacking know how and its resulting surveillance data is that it has 30-40,000 employees at any given time.
Do you want to trust your financial safety to the hope that not one person in 40,000 will misuse information they have access to?
Just last week the FREAK (Factoring RSA Export Keys) bug was found which used a decades-old ban on strong cryptography exports from the US to dumb supposedly secure connections down to easily hacked ones.
If this all sounds completely terrifying it is. The doings of intelligence agencies shouldn’t be intersecting with criminals and law-abiding citizens. The security agencies, for their own purposes, appear to be pioneering techniques that will later be used by criminals, against us.
The advice that comes from this is a well-worn refrain:
- Always apply security updates as soon as possible.
- Use complex passwords.
- Never ever ever use a public wifi network.
Good luck!
The post Griffiths / Don’t open that attachment! appeared first on Canberra CityNews.