Following our report on the lawsuit filed against Bank of America (BoA) in last month’s issue (‘Lawsuit raises online fraud issue for banks’), the risk of key logging has been elevated from that of securing privately owned computers to the level of corporate security.
Israeli police have arrested a man in connection with an attempt to steal £220m from Sumitomo Bank. The fraud, discovered last October, was perpetrated by a criminal gang that tried to transfer the money to 10 bank accounts around the globe. They had installed key-logging software in IT systems at Sumitomo’s City of London offices. The software is used to capture information, such as passwords, that in turn can be used to obtain confidential data and access to otherwise secure systems. As the investigation is ongoing, it is not yet clear whether the group had gained physical access to the systems or had hacked into the systems to install software. The bank said that it had not lost money in the attempted theft.
Phishy fraud
Numerous warnings have been issued to the public against ‘phishing’ scams. In these, fraudsters try to convince people to input sensitive financial information on an e-mail or a mock-up of a bank’s website. The risk of e-mails that contain viruses, specifically ‘Trojans’, which can open up back doors into a computer and register keystrokes, has been widely reported. Banks should warn customers of these risks but must also be aware of the risks themselves.
The police wrote to City firms last year, warning of such dangers, following a Financial Services Authority conference on fraud in which an attack on an anonymous bank was mentioned. But are banks implementing the right procedures? When discussing security, the issue of privacy is often brought up with references to the ‘Big Brother’ model of George Orwell’s 1984.
However, ‘Little Brothers’ can often be a greater problem. The risk of internal fraud and infiltration by organised criminal gangs is a major concern for financial services houses. Whether theft and fraud originate from employees or through voyeuristic ‘spyware’, security relies on regular internal health checks, not simply a good bolt on the door, as fraudsters are always searching for the weakest link. You have been warned – Little Brother is watching you.
