Alleged Ponzi Mastermind Hacked In Antigua

krebsonsecurity writes "Criminal hackers apparently involved in break-ins at several US financial institutions also appear to have dug up dirt on Robert Allen Stanford, a man slated to go on trial this month for his alleged part in an $8 billion Ponzi scheme. Quoting: 'In early 2008, while federal investigators were busy investigating disgraced financier Robert Allen Stanford for his part in an alleged $8 billion fraudulent investment scheme, Eastern European hackers were quietly hoovering up tens of thousands customer financial records from the Bank of Antigua, an institution formerly owned by the Stanford Group.'"

Re:

[Zantac69]

Oh come on...SSA and medicare is not a Ponzi. Instead of the govt lining the pockets with cash defrauded from the tax payers...they are just pissing it away on a good cause. Thats hardly a crime, right?

*twitch twitch twitch*

Re:

[Archangel Michael]

LOL Funny.

Re:

[yacc143]

Ok, social security systems for pensions work like this:

-) they take the money of new members to pay their obligations to older members.

Hmmm, sounds familiar right?

So what would happen if you tried to do such a thing, without a law legalizing your operation?

And before anyone points out that this is much better than anything bound to stocks, consider that it's fragile too:

-) bad economy means less "new members" contributing to the system as there are less employees, and they get potentially a lower pay, henc

Re:

[wprowe]

Are you a US citizen? Are your parents old enough to draw social security, and use the medicare benefits? Do they use them? Have you looked at the cost of your parent's prescriptions? Could they afford them without Medicare and Social Security? I'm generally a fiscal conservative and opposed to raising taxes, more government, etc. I didn't vote for Obama. There are some programs that make sense, and these definitely help out people who need them. My mother-in-law would not have had the care she needed for

Re:

[Entrope]

Ponzi schemes are all "pay as you go" programs. They collapse because they eventually run out of new people and new input.

Also, the AC's numbers are based on long-term (I would guess 50- or 75-year) horizons, not a single year -- budget summaries look at single years. Social Security is fine this year because more money is coming in than going out. Within a decade, it will be the other way, and that's when things get hard: the government has been tapping into the Social Security trust fund for decades, a

Re:

[Entrope]

Also, I overlooked your last paragraph. According to Timothy Geithner and the OMB [ustreas.gov], the US Federal government had Fiscal Year 2009 receipts of $2.105 trillion and outlays of $3.522 trillion. That's a long way from tens of trillions of dollars -- the entire annual US Gross Domestic Product is only about $14 trillion.

Re:

[Phoghat]

"Are you a US citizen? Are your parents old enough to draw social security, and use the medicare benefits? Do they use them? Have you looked at the cost of your parent's prescriptions?" I'm drawing SSDI payments because of adisability which makes me unable to work. I could not afford to pay for my prescriptions and health care without medicaire and medicaid (which I receive after meeting a large spend down each month) I'm not living in luxury, sucking at the nation's teat, but I can get by with a little

huh?

[dropadrop]

How was the Ponzi mastermind hacked? Unless I misunderstood something the bank was hacked. Also I find the fact that the bank was owned by Robert Stanford to be the least interesting part of this story, yet it seems to be the main part of the summary.

Re:

[Anonymous Coward]

No problem. Don't read the article; it may actually answer your questions. We wouldn't want that.

Re:

[dropadrop]

No problem, don't read my comment; you might understand it's wondering why the summary is talking about the least interesting part of the article.

Re:

[cayenne8]

Hmm. Well, with me, anytime I read a headline with 'Ponzi Scheme', I naturally think of the US Social Security system.

My first thoughts were "We've offshored out SS to Antigua!?!??".

Re:

[mforbes]

While I've enjoyed many of your past posts, and I realize this one was supposed to have been funny, I find your signature somewhat ironic today.

Re:

[symes]

Indeed - isn't the institution is now run by the East Carribean Banking Group? Unless there were motivations for the hack other than the obvious...

Re:

[Jeremy Erwin]

Indeed - isn't the institution is now run by the East Carribean Banking Group?
There is no such entity, except in the fevered dreams of a 411 scammer. Perhaps you're thinking of the "Eastern Caribbean Central Bank."

Re:

[davidjgraph]

No, it's clearly that the Mastermind has been attacked with an axe and that some Ukrainian guys have been doing cleaning jobs in the Caribbean, maybe a student exchange programme or something?

Re:

[Talderas]

Ah, I see.

Vikings are responsible for this attack instead of pirates.

Re:

[Rogerborg]

If you haven't figured it out by now "kdawson" is the Slashdot "editors'" troll account. Please don't feed them.

Re:

[Inda]

They gone to one hell of a lot of effort creating an online presence for him. All that effort, all those websites, that CV...

Re:

[Runaway1956]

"How was the Ponzi mastermind hacked?"

When I read the title, I pictured a machete attack. Really. Those South Americans do that kind of thing. Just go south of the border, and let it be known that you're a Satanist, and you need some children for sacrifices. The next child to disappear will cue the townsfolk beating your door down, armed with torches and machetes.

Alright, so maybe I'm not really geeky or techie enough to be posting here. Or, maybe my background interferes with my reading of "hacked".

Bu

The headline is dodgy

[carlhaagen]

Was it an alleged Ponzi mastermind in Antigua that was hacked, or was he hacked (while) in Antigua? Come on... We went through this stuff already in 1st grade with Mrs. Applecheeks.

Very strange article.

[Noryungi]

Am I the only one who finds the entire article strange?

Here is what it says about the hack itself:

Once inside of Stanford’s network, the unidentified hackers appear to have swiped the credentials from an internal network administrator, and soon had downloaded the user names and password hashes for more than 1,000 employees of Stanford Financial, Stanford Group, Stanford Trust, and Stanford International Bank Ltd.

Among the purloined files is a listing of what appear to be ownership and balance information for tens of thousands of customer accounts at Bank of Antigua. Each listing includes the account number, owner’s name, address, balance, and accrued interest.

So far, so good.

But here is where it becomes really strange:

It’s also unclear whether the hackers managed to steal any funds from the accounts listed in the recovered documents, or indeed whether the attackers ever had direct access to Bank of Antigua accounts. Still, a set of documents found with the account information suggest the perpetrators did a fairly thorough job mapping the internal networks connecting Stanford offices in Austin, Baton Rouge, Boca Raton, Boston, Denver, Ft. Lauderdale, Houston, Memphis, Miami, Montreal, New York, San Francisco, Sugarland, and Washington, D.C.

What ??!!?? Or, even more clearly: WTF??

Are you trying to tell me that people sophisticated enough to get the credentials of a system administrators, info on hundreds of accounts, including passwords and so on and so forth have not transferred anything?

It's like, I have total access to hundreds of accounts, after cracking open your system security, but I did not take anything?

This thing stinks to high heaven. Either the Ponzi scheme had no money left in it, or I am willing to bet the hackers, whoever they are, have quietly siphoned a lot of money overseas.

Re:

[Mashiki]

I don't know...I usually fail to RTFA, and just leave the comments to give me a synopsis.

Re:Very strange article.

[Jah-Wren Ryel]

It's like, I have total access to hundreds of accounts, after cracking open your system security, but I did not take anything?

Maybe they had an air-gap firewall, or at least a data diode. [owlcti.com]

If I were running that sort of network, that's what I would use to partition off the real money from the record keeping.

Re:Very strange article.

[Jah-Wren Ryel]

Except that in the majority of these systems, the records ARE the real money.

Ok, let me be more precise - I would partition off the systems connected to the electronic funds transfer network from the rest of the systems. Requests for transfers would come across the data-diode and then require a manual confirmation in order to execute.

Re:

[mcgrew]

Maybe there weren't any hackers. Maybe it was Stanford himslef trying to make an alibi to stay out of prison. "No, it wasn't a Ponzi scheme, we were hacked!"

Re:

[elrous0]

Smart criminals don't rob a place the second they get the key. They plan out how best to use it, the best time to use it, what the most profitable/least noticeable target is, etc. first. These guys just weren't quite smart *enough*.

Re:

[Anonymous Coward]

This thing stinks to high heaven. Either the Ponzi scheme had no money left in it, or I am willing to bet the hackers, whoever they are, have quietly siphoned a lot of money overseas.

Parhaps it was the infamous Eastern European hacker Robertski Allenovitch Stanfordski

Re:

[kriston]

Reading through the documents at http://www.stanfordfinancialreceivership.com/ [stanfordfi...ership.com] the Stanford Financial Group was apparently designed to obfuscate information so that investigators couldn't make heads or tails of it. This is why all the computer equipment in all 30 offices were shipped to a single warehouse in Texas so that investigators could try to piece it back together.

Secondly, the revelation of this information by the hackers indicates it did not have useful value except perhaps by someone who didn't w

Re:

[kriston]

Just to quickly follow up: password hashes aren't passwords. They didn't get the users' passwords--just the means by which they might hack them with a password cracker, but again, there is likely nothing worthwhile to "transfer" even if they could do that.

Re:

[Hoi Polloi]

When schemes like this are based on obfuscation I have to wonder if the people running them know what exactly is going on in their own system. How do they keep track of it? How do they get money out of it? It is like setting up too many fake names and passwords, eventually you forget one yourself.

Re:

[kriston]

That's right. The only place the knowledge exists is inside "Sir" Allen Stanford's brain.
Discovery is going to be an awesome story to read.

Re:

[Gilmoure]

Sure, money has disappeared from the bank run by a ponzi guy and 'hackers' did it. Makes sense.

Maybe it was a real hacker

[witherstaff]

You know the type of person that hacks for the challenge and not for a profit motivator. Back in the 90s I had a talk request from in network, so I knew something odd was up. College kid saw an interesting domain name I hosted, broke in through a pop3 weakness and grabbed a telnet password. He talked to me to let me know what he did. This let to closing telnet to co-hosted machines and also giving him the email address he asked for. I had no real problem with this as no damage was done. It also showed a wea

Re:

[jafac]

Or "Sir" Allen "Stanford" is trying to convince prosecutors that he didn't REALLY run a huge ponzi scheme, and it was all these evul ruzzkie haX0rz who broke into his system, stole his money, and set up his records to make him look like a fraud.

This guy is the accountant for the Texas Mafia.

You know.

The criminal organization that just got through pulling off the biggest crime in human history by planting a patsy in office as US President for the past 8 years, giving them access to the US Treasury, warrantle

Re:

[hesaigo999ca]

More like the banks did not want to admit anything had been taken, so did not disclose that part, so no harm done right.....until the next bailout is needed!!!

Re:

[Runaway1956]

I guess it's possible. I can and have gotten inside of networks. But - I know squat about the banking industry. If I had every detail about your banking, and there were billions at my fingertips, I don't know how to move it around. I mean - should I go see my banker, and explain that I've hacked your system, and that I want him to transfer 8 billion dollars into liquid assets, all in my name? Uh-huh. I've an idea that when the banker has all the necessary details, I will become an unnecessary liabilit

Chain of Custody

[Jeremy Erwin]

Sounds like an illegal search and falsification of evidence.

Get out of jail free card?

[new death barbie]

"Sorry, your honor, but it was those darned hackers! They broke into the bank's computers, took the money, and left a trail of evidence pointing to me! I been framed!"

OT: your sig

[Tim C]

Quanta is already plural (it's the plural of quantum), so "quantas" is not a word.

But I suspect you know that and have simply typoed it...

Lost Money Anyone

[b4upoo]

It sounds to me like a bunch of US tax avoiders may well have lost their financial behinds in that bank. Justice!

Kadima?

[Jeremy Erwin]

So, is Kadima a lowly Panamanian import/export firm? Or is it a front?