Citibank Denies Reported Breach Linked To Russian Gang 53
Posted
by
kdawson
from the no-russians-in-here-no-siree dept.
from the no-russians-in-here-no-siree dept.
alphadogg writes "US authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by criminals using Russian software tailored for the attack, according to the Wall Street Journal (subscription required to access that link — CNET's coverage here). The security breach at the major US bank was detected mid-year based on traffic from Internet addresses formerly used by the Russian Business Network gang, the WSJ reported today, citing unnamed government sources. The Russian Business Network is a well-known group linked to malicious software, hacking, child pornography, and spam. The FBI is probing the case, the report said. It was not known whether the money had been recovered and a Citibank representative said the company denied any system breach or losses, according to the report."
In other news... (Score:5, Interesting)
... the US and UK public are asking for an investigation into the apparent transfer of billions of dollars of public money to major banks. No-one is probing the case and yet the govt and banks are not denying any breach of the political and economic systems.
Citibank != Russian Gang ? (Score:5, Interesting)
I honestly thought they were one and the same.
Maybe someone can enumerate for me, the differences between Citibank and a Russian Gang . . .
Rips off governments for millions . . . check
Rips off people for millions . . . check
No audits, please! (Score:1, Interesting)
Admitting to the theft would probably trigger in-depth audits and increased scrutiny of Citibank operations. THAT might be very, very bad for Citibank.
Let's just handle it on a modified mark-to-market basis. The money used to be here, and if it was still here we wouldn't have lost anything.
If you prefer QM, think of it as Shrodinger's cat - of course, he's still alive - no need to look in that box.
It ain't funny, McGee!
Can the FBI/CIA actually do anything about it? (Score:4, Interesting)
Let's say it actually was a "Russian Gang" operating out of say, Russia. What can US Gov't agencies do against this? Can they do anything within the law besides call up Russia and tell them to 'take care of it.' It's not like we can drop commandos into Russia and go after them, nor can we launch electronic attacks on this gang (act of futility).
According to the US Constitution, Section 8 [usconstitution.net], Congress has the power to provide for the common Defense and general Welfare of the United States.
I see this type of activity as an attack, just because it's two private entities, this IMHO is no different than if SAP tried to hack into Oracle.
Hey Fed, I'm sick of US companies wasting time, money and effort to deal with these people bent on conducting electronic warfare.
As a side note, I wonder how much $$ is wasted in terms of extra capacity (servers, network, CPU, power) is needed by US companies to deal with all this BS (spam, people hacking in etc..) floating around the internet.
I once heard a presentation by a guy at Yahoo who managed a few of their datacenters. When asked about how they deal with DOS attacks his response was that they had more computing capacity then the internet could deliver to them, so they just absorb whatever attacks are sent their way.
How do these attacks work? (Score:2, Interesting)
So what is the attack system used to get "tens of millions of dollars"?
Do they collect 10,000 user names and passwords from personal computer users?
Do they somehow take over a merchant deposit account and transfer funds out of it?
Do they emulate a bank-to-bank transaction and modify the bank-to-bank back end transaction?
Re:WSJ article was misleading (Score:1, Interesting)
Oh really? Then why did Citibank issue me a replacement card with a completely new number in August?
* Posted Anonymously on purpose.