In the past couple of days, front page headlines of major newspapers worldwide have carried the story of how over 80 hackers have been charged in a global crackdown on financial cyberfraud, using computer viruses to steal at least $3 million (£1.9m) from American accounts alone.
The black hats mainly used a Trojan, called Zeus, that attaches to a victim’s computer, often lies patiently in wait, and then latches onto bank account and password information for transferring sums to criminal accounts.
Cyrus Vance, junior, the New York District Attorney, labeled the cyber ring as a “disturbing example of 21st century crime.” But this is not new. Authorities have been monitoring such incidents for several years, although the stories have received little press or attention. Only Brian Krebs, a lone voice, has been reporting a series of such incidents on a regular blog post. (article continues below)
Why the apparent apathy for what is suddenly being heralded as this century’s form of bank robbery? (Note that similar hacking techniques can also apply to terrorism and other malfeasance.)
Writing a Fund Strategy cover story, “Criminal Network” on the subject in July, I quizzed my technical sources on the lack of media exposure. Many responded that banks have tended to hush up past episodes, especially being reluctant to scare their corporate customers away from banking online. As long as the sums have been relatively small, it even behooves the banks simply to pay off the customers. Now those shrinking violets can no longer lie so low.
“Banks have tended to hush up past episodes, especially being reluctant to scare their corporate customers away from banking online”
The distinguished list of American banks targeted in the recent scheme include JP Morgan, Ally Financial, PNC, TD Bank and Bank of America.
Businesses, too, have reputational incentives not to broadcast their woes too loudly. Bill Connors, president of Entrust, who works in partnership with Interpol, told me, “they do not want to report they have had their cash stolen.”
Since this week’s arrests have captured the public’s attention, banks will have to be more upfront about the dangers of online transactions – and will have to provide additional protective software to customers. In other words, it is not only the thieves who have been busted.
Vanessa Drucker is the American Editor of Fund Strategy, based in New York City. She has worked as a financial journalist for 20 years. In the 1980s, she practiced banking and securities law on Wall Street, and is the author of two business novels. Vanessa can be contacted at firstname.lastname@example.org.