Two days ago, the Federal Bureau of Investigation, the Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center jointly issued a Fraud Alert to financial institutions warning them of alarming trends in unauthorized wire transfers overseas in amounts ranging from $400,000 to $900,000. The Fraud Alert explains that after targeting financial institution employees with spam and phishing e-mails, the cyber criminals installed keystroke loggers and Remote Access Trojans to be able to completely access internal networks and logins to third party systems. In other cases, the cyber criminals stole employee and administrative credentials allowing them to avoid verification methods used by the financial institutions to prevent fraudulent activity.
This enabled them to peruse through multiple accounts, selecting those accounts with the highest balances to conduct wire transfers from. According to the Fraud Alert, the cyber criminals were able to "handle all aspects of a wire transaction, including the approval... obtain account transaction histories, modify or learn institution specific wire transfer settings, and read manuals providing information and training on the use of US payment systems." The Fraud Alert theorized that the cyber criminals used distributed denial of service (DDOS) attacks against the financial institutions' public websites as a distraction to keep them occupied and distracted while fraudulent wire transfers were being conducted.
Yesterday, the Financial Services Information Sharing and Analysis Center raised their Current Financial Services Sector Cyber Threat Advisory from "elevated" to "high," leaving the Physical Threat Advisory at "elevated." Soon after, Reuters reported, "the consumer banking website of JPMorgan Chase & Co was intermittently unavailable to some customers. The problems followed issues with the website of Bank of America Corp on Tuesday amid threats on the Internet that a group was planning to launch cyber attacks on a U.S. bank."
This incident occurs amid the heated debate in Washington over how to bolster the cybersecurity in the United States and reminds us just how important cybersecurity is in this new digital age. We must consider as a nation, the impact cyber attacks from criminals, terrorists, or other countries can have on us as a whole. Imagine what could happen next time financial institutions were attacked if the main goal was not to steal millions of dollars but to take the whole banking system down? In order to improve, there has to be change on a national level. The challenge now facing us is how best to balance the competing interests of privacy protection, avoiding over-regulation, and providing room for effective individual cybersecurity protocols.
Senator McCain's SECURE IT Act has yet to reach the Senate floor, but will likely face intense scrutiny over the potential lack of government regulation and concern over privacy protections. Even modest improvements to our national security picture will require that we put aside the contentiousness and work together in earnest. Unfortunately, it seems that Congress may not be up to that task and President Obama might have to resort to issuing an Executive Order. This action, by its nature, will create more strife and disagreement in an already gridlocked Congress.
"Banks Warned of Heightened Cyber Threat by FBI" was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.