Hackers fleece a city account as cyberattacks focus on banks
- By Kevin McCaney
- Oct 16, 2012
The pace of cyberattacks targeting banks has accelerated in recent months, both internationally and in the United States.
The Secret Service has been called in to help investigate the most recent attack, in which more than $400,000 was stolen from an account belonging to the city of Burlington, Wash. City employees and residents who use an automatic payment system have been advised to change or flag their accounts, the security company Sophos reported on its Naked Security website.
The attack came on the heels of a recent warning by RSA Security that cybercriminals appeared to be planning large-scale attacks on banks, Computerworld noted. In an Oct. 5 post, RSA said criminals apparently were planning to use a Trojan called Gozi Prinimalka to carry out fraudulent wire transfers at about 30 U.S. banks, the Computerworld story said.
Researchers at TrendMicro, following up on RSA’s warning, said they identified 26 banks that are at risk from Gozi-Prinimalka variants.
Police and federal investigators have not described the malware used in the Burlington hack — Computerworld reported that they were still trying to determine how the hackers got in — although that money was stolen via illegal wire transfers conducted over a two-day period, according to a report in Goskagit. And the funds were in an account with Bank of America, which, for what it’s worth, was on TrendMicro’s list.
The attack affected employees enrolled in the city’s direct-deposit payroll program as well as residents who used an autopay program to pay sewer and drain charges, Sophos said. The city told autopay customers to assume that their names, ban account numbers and bank routing numbers had been taken.
Meanwhile, Iran has been accused of a series of attacks on U.S. banks, along with attacks on energy companies in the Middle East. Senate Homeland Security committee chairman Joe Lieberman (I-Conn.) and other members of Congress have claimed that Iran has targeted websites of a number of U.S. banks in attacks possibly carried out by that country secretive military Quds Force, the Los Angels Times and others have reported.
A senior defense official told the Times Iran has “been going after everyone— financial services, Wall Street. Is there a cyberwar going on? It depends on how you define 'war.'"
Kevin McCaney is a former editor of Defense Systems and GCN.