- Technology - https://technology.blogs.ie.edu -

No more guns to rob a bank

Fernando Aparicio. Information Systems Professor.
Confirming the worst omens about malicious use of the Internet, several recent news have stressed this worrisome trend: hackers have been breaking into customer accounts at large online brokerages in the United States and making unauthorized trades worth millions of dollars. Based on phishing [1] or pharming [2]disguise, social engineers [3] cash in on the usual unawareness of the average internet user. All these fast-growing forms of online fraud have been used against online brokers such as E-Trade and TD Ameritrade, US’ fourth and third-largest online broker, respectively.
Stealing information from a user is not much more complicated, for instance, than placing keystroke-monitoring software [4] on any public computer (library, hotel business centers, airports, cybercafes). All hackers have to do is wait until anyone types in the Web address of E-Trade or any other online broker, and then watch the next several dozen keystrokes, which are likely to include someone’s password and login name. The user has then been stolen its digital identity and…a lot of money?
In this particular case, both E-Trade and TD Ameritrade have guaranteed that they will cover their clients’ losses, even though they are not required to do so by law. What would be the reaction of the Spanish banks? Most probably blaming it on the customer, who is responsible for keeping its login and password safe.
The most worrying matter of this situation is that the problem is growing faster than its public awareness. If we merge the ever-growing use of Internet for both corporate and personal finance and the “snooping software-for-dummies” availability the odds for this problem to skyrocket are pretty high.
E-Trade stated that “concerted rings” in Eastern Europe and Thailand caused their customers $18 million in losses in the third quarter alone. The distributed denial-of-service attacks [5] are among the most recent, fashionable and easy-to-use attack schemes used widely for organized crime to harm private web servers and taking them down during days. What is the financial impact of this time of non-delivery service to my customers? Ask your CEO, please, he should have an answer for its investors and stockholders, shouldn’t he?
In fact, online scams have been growing so serious in the States that the Federal Financial Institutions Examination Council, a government entity that establishes standards for banks, has given U.S. financial institutions until Dec. 31 to tighten security measures for accessing online accounts. Offering user awareness programas and free anti-spyware software are among the countermeasures recomnended.
It is still to soon to get really concerned in Spain? Just two flashes to deny a positive answer: DDOS [5] against IRC Hispano and the detention of a Spanish trojan [6] creator. We’d better get ready, the dark side is already here.
Click here [7]for the whole article