It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

FBI Probes Hack at Citibank

page: 1
3

log in

join
share:

posted on Dec, 22 2009 @ 03:28 AM
link   


The Federal Bureau of Investigation is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang, according to government officials.

The attack took aim at Citigroup's Citibank subsidiary, which includes its North American retail bank and other businesses. It couldn't be learned whether the thieves gained access to Citibank's systems directly or through third parties.


This is what everyone feared the most. Amongst all the mayhem and confusion the doors were left wide open for all to have a festive season greeting while the ants shuffled paper's to and from offices.

This may just very well be the scape goat many have been looking for. As for some geeks sitting behind a laptop achieving this level, well i guess we all know were the answer can be found.

online.wsj.com...




posted on Dec, 22 2009 @ 03:33 AM
link   
soon it will be worthless anyways





Joke's on them?

[edit on 12/22/2009 by Lemon.Fresh]



posted on Dec, 22 2009 @ 03:34 AM
link   
Just to help the reading along



U.S. authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by hackers partly using Russian software tailored for the attack, according to a news report.

The security breach at the major U.S. bank was detected mid-year based on traffic from Internet addresses formerly used by the Russian Business Network gang, The Wall Street Journal said Tuesday, citing unnamed government sources. The Russian Business Network is a well-known group linked to malicious software, hacking, child pornography and spam. The Federal Bureau of Investigation is probing the case, the report said.

It was not known whether the money had been recovered and a Citibank representative said the company had not had any system breach or losses, according to the report.

The report left unclear who the money was stolen from but said a program called Black Energy, designed by a Russian hacker, was one tool used in the attack. The tool can be used to command a botnet, or a large group of computers infected by malware and controlled by an attacker, in assaults meant to take down target Web sites. This year a modified version of the software appeared online that could steal banking information, and in the Citi attack a version tailored to target the bank was used, the Journal said.

The attackers also targeted a U.S. government agency and one other unnamed entity, the report said, adding that it was unknown if the attackers accessed Citibank systems directly or through other parties.


www.thestandard.com... ustryStandardNewsAndPredictions+(Industry+Standard+News+and+Predictions+(all))



posted on Dec, 22 2009 @ 03:47 AM
link   
I pretty sure that hack was stagged. Any 'cyber hacking gang' that was able to get past a banks online security would know how to just hack in money from nowhere, not from others. Lets say your in an online poker tournament, would you rather generate 10,000 chips from nowhere, or steal 10,000 chips from the people at your table?



posted on Dec, 22 2009 @ 04:15 AM
link   
reply to post by paranoiaFTW
 


Many many years ago i used to tweak video slot machines. The initial win loss ratio i would set it up on was 35 for the house and 65 for the players. Easiest way to spot a tweaked video poker machine is to notice at which times the winners can be seen. This usually takes place just before the house if full of players, say about 1 to 2 hours before the house if full, that way the news remains fresh that there are players who just won about an hour ago. :-). Also if my memory serves me correct, its also on a rotational 36 hr spree. Meaning, every 36hrs (depending on tweak) there will be a flurry of winners across multiple machines. Keep in mind, all these video machines are connected to a central pc.

So as far as the online poker is concerned its simply allowing someone else to put his hand in your pocket with your consent.

Back on topic.

Lets face it, there a million dollar hacks going on everyday, only a handful are ever reported so as not to alarm the investors. Many are also not traced and are written off as loss of some sort.

In short, yes there are many successful intrusions into bank systems and they are never caught let alone identified.



posted on Dec, 22 2009 @ 04:42 AM
link   
Look at the cases that the Secret Service investigated into the "Shadowcrew" and "Carderplanet" forums. Most of those "carders" targeted Citibank, one of the more vulnerable banks as they did not always follow proper ANSI procedures for using a "pin-offset" on their Visa issued credit and debit cards.

The name of the Russian gang is the "Hang Up" gang, a part of the RBN or Russian Business Network. One of it's founders was a Russian named Dmitry Golobuv, who is now in politics over there, having ran for the presidency of the Ukraine. I kid you not. Only in Russia!



posted on Dec, 22 2009 @ 04:47 AM
link   
reply to post by Blackmarketeer
 


That is true, and since the Ukraine openly opposed any Russian involvement during the Georgian/Nato backed attack then the puzzle does seem to be fitting.

Does it not ?



posted on Dec, 22 2009 @ 04:54 AM
link   
Those cases happened back in 2004, but I recall reading that Citibank had to shut down their entire ATM network in Eastern Europe because of the Russian hacks. Then the hacks started showing up in western Europe and again Citibanks response was to shut down their ATM networks.

A similar set of cases to look at are the TJX hack, the DSW warehouse hack, perpetrated by "Albert Gonzalez", who's due to go before the judge for sentencing. He committed his crime in 2003, was caught by the Secret Service, and was working as an undercover informant when he perpetrated those crimes, which cost TJX or it's parent company millions in penalties with the loss of millions of credit card numbers. Those hacks involved planting a "sniffer" trojan on the stores wireless POS network.



posted on Dec, 22 2009 @ 05:29 AM
link   
reply to post by Blackmarketeer
 



Ah yes, i remember that. I did enjoy the way his mind worked and the methods he used to intrude into systems. But one thing we should not forget about is that even today, there are hundreds of stores who have their networks transmitting with an encryption dating back to the stone age and yet customers go in and out shopping providing their credit cards in order to purchase and all the time unknowingly not aware of how vulnerable the system is. I guess its something that unless it happens to you or who ever then they or you are not aware of just how vulnerable your own personal data is.

In a sad but kinda twisted way, a small smile did come across my face when i just remembered phreaking some decades ago. Wasn't that a balst



posted on Dec, 22 2009 @ 10:49 AM
link   
This draws similarity to the Citibank hacks involving russian hackers and Gonzalez. I was always under the impression that CitiBank/Group are two separate corporations. Either way Gonzalez was knee deep in this and may have used insider info because, as others have pointed out, he was an informant.

The CitiBank hacks involved re-programmed white cards, magtripe encoders and targeted 7-11 ATM's associated with CitiBank. Apparently the breach was via a public facing portion of 7-11 that eventually, once hacked, led to ATM control to some degree. It shows the old saying that no matter how much your defensively situated its always your weakest link that causes you grief.

For the POS, I've read some interesting papers lately that deal with a somewhat older hack called ram scraping. Basically on a compromised POS terminal there are point where the data flow is not encrypted and stored in memory. Programs are able to glean that valuable data which includes user ID, pin info, etc.

details

I don't believe for a second these are fabricated hacks as others have alluded to, they are very real, very prosperous and very much being kept under the media radar.

brill

[edit on 22-12-2009 by brill]



posted on Dec, 23 2009 @ 08:35 PM
link   
Absolutely they're kept off the radar, I recall during the height of the ATM "pin cashing" that was going on (2004-ish) that Citibank was unleashing a barrage of advertisements describing how safe their bank was and how they protect your identity - all this while the bank was being taken to task by these "carding" groups. It's better for these banks and retailers to accept the loss caused by the fraud rather than have the public lose confidence in their security.



posted on Dec, 28 2009 @ 10:57 AM
link   
reply to post by tristar
 

RE: SKIMMING
And closer to home - found this in the local news. Techniques that allow almost any thieves to steal your bank card numbers, and withdraw money...already happening in Martin County.
www.tcpalm.com... Thieves are installing micro-chip cameras and other devices to steal bank numbers, and make new cards. Suggestions on how to avoid being a victim..

Copied entirely unchanged from link shown above...

[" MARTIN COUNTY — Dozens of Bank of America customers in Martin County this week became victims of an automatic teller machine scam which allows the thieves to swipe card information and steal money, the Martin County Sheriff’s Office said.

At least $50,000 from customer accounts was stolen this week through the scam, which law enforcement officials called “skimming.”

The thieves place a wireless skimmer and micro-camera on the ATM to capture personal information from unsuspecting card holders, the Sheriff’s Office said. The thieves retrieve the devices and make duplicate cards using the PIN numbers captured on the cameras, authorities said.

Customers who used ATMs at Bank of America locations in Stuart and Palm City Sunday said they noticed the card reader on the machine appeared different and the numerals on the keypad were raised, according to an incident report. Those customers notified the bank when they noticed withdrawals being made from their accounts of $400 or more at ATMs in other parts of the country, the Sheriff’s Office said. The bank issued several new ATM cards to customers affected by the crime.

What is skimming?

Thieves have devised a way to attach devices to ATMs to steal card information from banking customers. But there are ways to protect yourself. Card holders should:

• Use the same ATM as much as possible to familiarize themselves with the machine and be able to spot anything out of the ordinary, such as suspicious attachments or an altered keypad.

• Look for hiding places for a micro camera, such as oddly placed brochure holders or mirrors positioned over the keypad.

• Cover their hand when typing in their PIN to obstruct the view of a hidden camera.

• Monitor account activity routinely and contact the bank about any suspicious activity.

Source: Martin County Sheriff’s Office"]




[edit on 28-12-2009 by rusethorcain]



posted on May, 28 2012 @ 04:54 PM
link   

Originally posted by brill
This draws similarity to the Citibank hacks involving russian hackers and Gonzalez. I was always under the impression that CitiBank/Group are two separate corporations. Either way Gonzalez was knee deep in this and may have used insider info because, as others have pointed out, he was an informant.

The CitiBank hacks involved re-programmed white cards, magtripe encoders and targeted 7-11 ATM's associated with CitiBank. Apparently the breach was via a public facing portion of 7-11 that eventually, once hacked, led to ATM control to some degree. It shows the old saying that no matter how much your defensively situated its always your weakest link that causes you grief.

For the POS, I've read some interesting papers lately that deal with a somewhat older hack called ram scraping. Basically on a compromised POS terminal there are point where the data flow is not encrypted and stored in memory. Programs are able to glean that valuable data which includes user ID, pin info, etc.

details

I don't believe for a second these are fabricated hacks as others have alluded to, they are very real, very prosperous and very much being kept under the media radar.

brill

[edit on 22-12-2009 by brill]
You are wrong about the "re-programmed white cards" thing there is no such thing. there are no special encoders all is need is a card reader writer and blank PVC to encode and Debit card w/ pin, encode the plastic & this will work at almost any ATM it was around early 2005 that Union Bank & USA Bank ATM's would take blank PVC, it would only worked you one was to use a real printed card.



posted on May, 28 2012 @ 05:00 PM
link   
I seen that movie.
But really think about it. Just how many movies have you seen that are starting to play out in the real world?
Talk about life imitating art.



new topics

top topics



 
3

log in

join