Hackers Steal 63, 000 Dollars from Kansas Car Dealership

[Jeffrey Walton <noloader () gmail com>]

http://artilib.org/20084415-hackers-steal-63000-dollars-from-kansas-car-dealership.html

An online bank robbery in which computer crooks stole $63,000 from a
Kansas car dealership illustrates the deftness with which cyber
thieves are flouting the meager security measures protecting
commercial accounts at many banks.

On November 1, 2010, the controller for Abilene, Kan.-based Green Ford
Sales, Inc. submitted $51,970 in payroll checks to First Bank Kansas
through the bank’s online banking website. The bank’s authentication
program sent the company's controller an e-mail to confirm and approve
the transaction details, which he did. Unbeknownst to the controller,
however, cybercriminals had infected his Windows PC with the infamous
Zeus Trojan, a piece of malware engineered to aid cybercriminals in
hijacking online banking information.

"Less than an hour after the bookkeeper approved the payroll batch,
bank records show, the thieves logged in to Green Ford’s account from
the same Internet address normally used by the dealership, using the
controller’s correct user name and password," according to the blog
Krebs on Security.

"The attackers cased the joint a bit by checking the transaction
history, account summary and balance before they logged out of the
system. They waited until the next day to begin creating their own
$63,000 payroll batch, by adding nine new 'employees' to the company’s
books," Krebs added.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/