BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Classical Bank Robbery With A Cyber Twist

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 14 Nov 2013 00:17:29 -0700
http://www.forbes.com/sites/riskmap/2013/11/08/classical-bank-robbery-with-a-cyber-twist/

Once upon a time, bank robbery was a swashbuckling trade—thieves would
either hold up tellers at gunpoint or concoct elaborate break-in
schemes—requiring the sort of derring-do that inspired a whole genre of
Hollywood fantasy. But the game has changed considerably. Modern-day
bandits in developed countries are far likelier to use keyboards than tommy
guns, remotely siphoning millions from the comfort and safety of another
country. It’s big business, but not a very compelling screenplay.

Screenwriters might be heartened, then, by a pair of attempted heists
earlier this year that married old-fashioned con artistry with newfangled
technology. In each case, thieves entered London-based bank branches posing
as IT technicians and attempted to install a wireless-equipped keyboard
video mouse (KVM) switch onto bank computers. A KVM switch is a piece of
hardware that enables third-party control of a computer; when coupled with
a wireless modem a KVM switch allows control of the computer from a remote
location. Attaching such an apparatus to a banking terminal can facilitate
the remote transfer of funds from a bank’s own computers. The bandits who
tried this scheme at a Barclays branch made off with $2.1 million—though 11
of them were eventually tracked down and arrested. The thieves who carried
out a similar plot at a Santander branch were sniffed out and arrested
before they could access any funds.

These cases could be a harbinger of a rise in cyber-enabled operations with
a physical dimension. UK police indicated the Santander case was the first
in which they had seen a KVM switch used by an organized criminal group,
and noted the devices are readily and cheaply available. But it is not the
first case in which gangs have added a cyber dimension to their crimes: in
2011, drugsmugglers hired hackers to track the movements of shipping
containers with illicit cargoes though the port of Antwerp. The marriage of
traditional crime with cyber tactics might be heartening news for
Hollywood, but it’s a real challenge for security directors.

As organizations become increasingly aware of the need to safeguard their
networks from external attackers, the fundamentals of physical site
security continue to be the bedrock of any plan to protect vital
information. Increasingly, criminals who gain access to commercial premises
are after the company’s informational assets, not its material ones.
Physical access provides criminals and insiders a range of options. They
can plug laptops into open ports or use a company’s unprotected wifi to
access corporate networks directly; they can access unlocked computers and
download data to removable drives; or, as in the banking cases, they can
install hardware or software that grants them remote access. Many companies
already conduct regular network penetration tests; the risks posed by
physical access suggest that these tests should be complemented by physical
equivalents.

Data is only as secure as the weakest link within an organization and, as
with other security threats, employees are a major source of vulnerability.
Many cases of data loss can be traced back to employees’ negligence or lack
of security awareness; and the most costly incidents of IP theft are
believed to involve corporate insiders. Indeed, in a joint study of data
breaches the Ponemon Institute and Symantec found that 35% of cases could
be attributed to the ‘human factor’ – employee or contractor fallibility.

So what is a company to do? Information security training for employees is
a good start. As for insider threats, the Carnegie Mellon University
Insider Threat Center outlines a set of best practices. Of course, these
measures should be complemented by a strong regimen of defense measures
against cyber attacks—including encryption of hardware and software—and
robust set of building access controls.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: