Interesting People mailing list archives
16M Yen stolen from sniffed bank passwords at Internet Cafe
From: Dave Farber <dave () farber net>
Date: Thu, 06 Mar 2003 15:19:44 -0500
Date: Fri, 07 Mar 2003 00:40:28 +0900 From: Chiaki Ishikawa <ishikawa () yk rim or jp> Subject: 16M Yen stolen from sniffed bank passwords at Internet Cafe On March 6th, two men have been arrested for illegally transferring 16 million YEN from someone's CityBank online banking service account to a third party account and then take the money from it, Tokyo police announced.
From the descriptions of newspaper articles, it seems that one of the
culprits has installed keyboard sniffer programs on about hundred PCs at a dozen or so Internet Cafes in Tokyo and Kanagawa prefecture (south of Tokyo). He has regularly visited the cafes and brought back the recorded data with him, and searched for ID/password, and other identification information. At the charged man's home, the police has found ID/password for 719 accounts, and about a couple of hundred user profiles meant for dating services. One such ID/password for a man's City Bank online banking service was used to transfer 16 million Yen to a different account at another bank from which the money was withdrawn. This is the first time that a keyboard sniffer is implicated in a large scale ID theft in Japan, from what I know. It beats me, though, why anyone wants to use a PC at Internet cafe for one's banking service. (We should assume doing something on it, like writing a memo, for example, is akin to writing on a memo pad on a desk at a public library under which a carbon paper may be secretly placed to record information and we never know. For that matter, even without the carbon paper, we often can see the telephone number, etc. left by the previous user by looking at the indented marks on the next paper sheet, don't we? ) I think the general public should be taught more about the security implications of various Internet services, which may look useful and handy on the surface, but may not be so attractive if the security implications are taken into account. I think it should be the responsibility for the service provider to tell such risks, but I am not sure how to go about writing a law because "risk" is a relative thing. This has been a busy week for computer security professionals in Japan. First the computer system for handling nations's flight plans collapsed on the morning March 1st. Then a large credit card company, Oriental Corp., announced the leak of 15,000 user profiles to a member of an underground gang group who blackmailed the company and was arrested. Then this incident. I hope the general public will start to pay more attention to the computer security issues thanks to these high-profile incident. (The ID theft using keyboard sniffer was the front page head line article in the evening edition of *Asahi Shimbun*. It occupies about 1/5 of the paper and is very conspicuous.) ------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- 16M Yen stolen from sniffed bank passwords at Internet Cafe Dave Farber (Mar 06)