Cybercrooks Surpassed Old School Bankrobbers In '09

krebsonsecurity writes "Organized cyber-criminal gangs stole $25 million in the 3rd quarter alone last year, by pilfering the online bank accounts of small to midsized businesses, the FDIC reported last week. In contrast, traditional bank robbers hauled just $9.4 million in 1,184 bank robberies during that same period, according to an analysis of FBI bank crime statistics by krebsonsecurity.com. From that story: 'The federal government sure publishes a lot more information about physical bank robberies than it makes available about online stick-ups. Indeed, the FBI's bank crime stats are extraordinarily detailed. For example, they can tell you that in the 3rd quarter of last year, bank robbers were more likely to hold up their local branch between the hours of 9 a.m. and 11 a.m. on a Wednesday than at any other time or day of the week; they can tell you the number of tear gas and dye packs taken with the loot, the number of security cameras activated, the number of food stamps taken, even what percentage of suspected perpetrators had illegal drug habits at the time of the robberies. About the only thing the stats don't tell you is what brand of jeans the perpetrators were wearing and whether the getaway car had cool vanity plates. What do we get about e-crime statistics from the federal government? One guy from the FDIC giving a speech at the RSA conference."

Saw the ethief coming...

[aleqi_njbp]

Since only 3% of all dollars exist as paper money you knew this one was coming. If thieves only robbed the paper money they would be limiting their money pool they steal from.

why do people hack bank accounts?

[conspirator57]

because that's where the money is.

Re:why do people hack bank accounts?

[TheLink]

> why do people hack bank accounts?

Because they're too stupid to be investment bankers, or their conscience would bother them...

Re:

[conspirator57]

i don't disagree with you, i was just revamping the old canard about robbing banks.

http://www.fbi.gov/libref/historic/famcases/sutton/sutton.htm [fbi.gov]

Re:

[Anonymous Coward]

As a former teller, I can tell the /. crowd that robbing a bank physically is one of the stupidest things you can do. Unless you do a military style takedown (which takes substantially longer and is much more dangerous than handing a note to a teller) you get away with 10k at the very best. The "vault" in many cases doesn't hold more than a couple hundred thousand... and that's a large branch during Christmas. The thing idiot bank robbers don't realize is that the more money a bank has sitting in the bra

Re:

[Beardo the Bearded]

Good point. From what I understand, that's why there was a rash of grocery store robberies about 10 years ago. The banks had more money, but the stores had a few thousand on hand, plus no security systems to speak of.

If you want to steal, white-collar crime is the way to go. Higher ROI, lower penalties, and your time is usually served in low-security facilities or under house arrest.

Re:

[Locklin]

I am a customer of two banks. One has a *maximum* password length of 8 characters for online services (actually trunks the password at 8 if you enter a longer one and gives no warning). The other bank regularily calls customers and asks for sensitive information (the same information that can be used to reset the online password). They call from, and request call-backs to phone numbers that are *not* the number on the bank card.

I have a feeling Canadian Banks have so much insurance that they disregard IT se

Re:

[rcamans]

All businesses (except banks) will tell you that they lose more thru employee theft than outsider theft. But banks do not want you to know how bad it is, so they keep it quiet. I dated a girl who was a bank teller. She told me that she felt she deserved nice clothes, so she would keep some of the deposits. After $2,000 or so, the bank would catch her and let her go (not get their money back). No report to the police, nothing. Since her only job skill was bank teller, she would just get a job at a different

Re:

[Shakrai]

After $2,000 or so, the bank would catch her and let her go (not get their money back). No report to the police, nothing. Since her only job skill was bank teller, she would just get a job at a different bank...

I call bullshit. Even if they didn't report her crime to the police (which any bank I've ever worked with would have done but for the sake of the argument....) they still would have reported the loss to their insurance companies. Bank tellers have to be bonded and insurance companies keep records of losses. Your girl would not have been able to get bonded after pulling this stunt and would not have been able to obtain employment after pulling it.

How long until...

[sophomoric]

How long until Comp Sci majors are considered more at-risk to be future criminals than the football team?

Re:How long until...

[Nadaka]

Already there. I don't tell people about what I do for two reasons:

1: they want me to fix their computer.
2: they ask me if I can hack into government computers to prove UFO's exist.

Re:

[AndrewNeo]

I feel sorry for you. I usually just get stuck with the first one.

Re:

[dubbreak]

Well it's easy enough to fix if it does slip out.

If you get asks to fix a computer just say, "Sorry I'm too busy hacking government computers to prove UFOs exist."

And when they ask about the proof simply say, "I'm gonna blow this thing wide open. At this point I can risk information in others hands. It puts us both at risk.. I've already said too much. I gotta run."

Re:

[Voyager529]

Already there. I don't tell people about what I do for two reasons:

1: they want me to fix their computer.

This is why every IT/Comp Sci major needs to take a marketing class. By time you're done, you'll know that the correct answer will sound like this: "It'll cost you $500" (slightly smaller amounts are acceptable if it is an extremely attractive classmate). This way, you'll have either one of two possible outcomes: Either they'll never ask again, or you'll have robbed them legitimately, right through the front door!

Re:

[Beardo the Bearded]

I provide free support to my immediate family. For example, I recovered the data from my Dad's fux0r3d computer and put it on his new Mac. (You've got to love Linux's mounting capabilities, don't you?) I've been fixing, troubleshooting, and programming computers since I was eight. (My daughter's started at 6)

Would I charge him? WTF? This is the guy who's given me more time, energy, and free help than anyone else on the planet. Hell, he even got me my first computer! I've gone to his house to install insulat

Re:

[DMUTPeregrine]

1) I get this. I give them my hourly rates. If they pay, I have a customer. If not, oh well. 2) "You mean the same government that can't implement a proper here is capable of concealing a vast conspiracy of alien visitations!?" or "No, the CIA didn't kill Kenendy, that's obvious: he's actually dead."

Re:

[B3ryllium]

or *IS* he?

Hostages..

[QuantumRiff]

I wonder how many hostages have been injured/shot in a cyber stickup gone bad?

Perhaps that might explain their focusing more on physical bank robberies? I mean cmon.. the banks have insurance to cover the actual money lost, don't they?

Re:Hostages..

[rhsanborn]

I suspect the banks do have insurance that covers the loss during a robbery. I also suspect that the small to mid-size businesses don't have insurance that covers someone logging in and emptying their bank accounts, which can sink a small company.

Re:

[Jer]

I believe that the point the the OP is making is that more people die in physical bank robberies than in online robberies. Hence the extra focus of the FBI on stopping physical robberies over online robberies.

Re:

[sopssa]

That's how it should be too. When you're dead you're dead and theres no going back. I dislike how lightly people sometimes take someone else dying, especially by some idiot who felt like robbing a store or bank and just had to shoot someone.

Re:

[HungryHobo]

and if you outlawed password crackers and port scanners online robberies wouldn't happen.

Re:

[Anonymous Coward]

Outlaw guns and this will happen more often. Arm every citizen and I doubt anyone will be dumb enough to use one in anger.

You seriously underestimate the how angry, greedy, desperate, etc... an otherwise fairly intelligent human being can get! And by "you" I mean both the person I'm replying to and the one that modded them "Informative". It isn't exactly unheard of for people to be violent without thinking of the consequences at all, especially when experiencing strong emotions like anger.

Regardless of if everyone packing heat actually reduces the threat of gun violence compared to our current situation, it can never totally

Re:

[Foobar of Borg]

Outlaw guns and this will happen more often. Arm every citizen and I doubt anyone will be dumb enough to use one in anger.

Why is it that everyone who says something like this to me just *has* to have a conceal-carry permit and prays for the day he can whip out his gun and blow someone away?

Re:Hostages..

[jafiwam]

The affected parties are different between the two types of crimes;

Robbing a bank is the equivalent of stealing from the FDIC.

Looting an account is the equivalent of emptying a cash register or wallet.

The "little guy" takes the hit in the latter case, whereas in the former, the direct hit gets absorbed by a larger entity.

Just try to get your money back from PayPal, or a phishing attack, or cloned debit card once to find out how "stuck" you are as the little guy.

Re:

[ls671]

> The "little guy" takes the hit in the latter case,

Not necessarily, banks often reimburse customers because they don't want people to loose confidence in e-banking since they save a lot of money that way.

It costs them less to reimburse defrauded customers than it would cost them if everybody went physically to the bank.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Minwee]

If he wasn't robbing banks, perhaps "Slippery Jim" deGriz could have gone around breaking windows [freedomkeys.com] with the same justification.

Re:

[QuantumRiff]

No, my point was that the FBI gets involved because people get killed in bank robberies.. Stealing from a small business, over the internet, doesn't involve hostage negotiators, swat teams, high speed chases, etc.

I don't think the FBI cares as much about the financial part of it, as they are the collateral damage.

Re:

[Red Flayer]

No, my point was that the FBI gets involved because people get killed in bank robberies.. Stealing from a small business, over the internet, doesn't involve hostage negotiators, swat teams, high speed chases, etc.

I don't think the FBI cares as much about the financial part of it, as they are the collateral damage.

Hahahah, that was very funny. The FBI wants to catch killers because it's good for press, which is good for the budget. But the financial crimes aspect is what they're really after... that's

Re:

[228e2]

That makes zero sense.

Influence the power brokers? Why? For funding? (rofl) A pat on the back? (eh, push at best) Turf war? No, theres plenty of 'turf' for the FBI/NSA/whatever other org you're thinking of to go around.

Re:

[Red Flayer]

Hah. Go ahead and read any of Hoover's biographies, if it makes no sense to you. Times aren't that different now. There are still turf wars going on.

The creation of the DHS was supposed to smooth those out, but has been very ineffective in doing so.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[OldSoldier]

The summary indicates a possible key difference here... do the "bank robberies" include ATM hacking? The summary indicates the physical bank robberies were against "the bank" while the cyber bank robberies were against (poorly secured) accounts. Is this an apples to oranges comparison? The point being that banks can protect themselves, but what can they do to protect their customers if those customers choose bad passwords?

Re:

[Nathrael]

The point being that banks can protect themselves, but what can they do to protect their customers if those customers choose bad passwords?

They could enforce proper passwords ("must contain at least 3 numbers, 2 special signs, 2 uppercase characters, must be at least 8 characters long...), for example, like quite a few banks I know do.

Re:

[bigdavex]

I mean cmon.. the banks have insurance to cover the actual money lost, don't they?

You do understand that insurance isn't a magical wealth creation machine, right? The banks' insurance premiums have to cover these losses plus the overhead of the insurance company itself.

Huh

[macemoneta]

When I looked at the numbers, all I could think of was "that wouldn't even come up to a good bonus at Goldman Sachs".

Which ones are the bank robbers again?

Re:

[TheLink]

The stupid ones?

The smart ones _legally_ transfer money from the stupid to the smart (e.g. themselves).

In case people haven't noticed, inflation/printing/creating money is also another way of transferring money. Value is being transferred from the holders of the money, to the entities printing/creating the money. It's like a tax.

Re:

[natehoy]

Good point.

If you took that $25 million and added it to TARP, it wouldn't even show up as a percentage of the $514 billion disbursed so far. "Illegal" cybertheft would account for 0.005% of overall cybertheft.

How is it a big deal that cybercrime netted $25 million nationwide?

Tell General Motors to send back some pocket change from the $50 billion they are currently holding. At 9% APR, the interest on the money for about two days would cover it.

Heck, if we charged GM's "0.9% APR" on the TARP money for just

Re:

[Shakrai]

Which ones are the bank robbers again?

The politicians who raided the public treasury to bail these assholes out instead of letting them fail? The morons in the electorate that sent said politicians to Washington and elected one of them POTUS?

Re:

[Martin Blank]

"Just let them fail" is what the US did in the 1930s. Most economists since then have agreed that it was a Very Bad Idea. It would have been an even worse idea now, as the banking system is even more tied together. Insurance plans are underwritten by companies that have investments in funds that invest in companies that hold stock in weak banks.

The first phase of operations was the correct one: support the financial system long enough to get past the major crisis. The second phase that is needed is unli

Re:

[TheLink]

Yeah, why are we worrying so much about bank robbers. They're small potatoes. As long as they don't kill or hurt anyone how much $$$ can they take? Laughable amounts for the jail time and risk.

In contrast:

http://www.nytimes.com/2009/07/24/business/24trading.html [nytimes.com]

Quotes:

Multiply such trades across thousands of stocks a day, and the profits are substantial. High-frequency traders generated about $21 billion in profits last year, the Tabb Group, a research firm, estimates.

"But we're moving toward a two-tiered m

Re:Huh

[savanik]

This was actually predicted some time ago, in a Cyberpunk 2020 supplement. I forget which one exactly, I think it was 'Listen Up, You Primitive Screwheads!'

"Back in the late twentieth century, the average short term loan's length was 30 days. In 2060, the average term is 30 seconds. What can you do in 30 seconds? If you hop on a fast bike, you might make it part of the way down the street. But I can take that thirty-second loan and make enough money to buy a South Sea island, complete with mansion and Playboy bunnies to serve my every whim through a little miracle called currency arbitrage."

Quote is approximate.

Re:

[Martin Blank]

LUYPS was one of the best books ever written for the GM/DM/referee. It helped me dramatically improve my games.

It's been years since I ran a game. Now I want to play Cyberpunk. :\

Re:

[Monkeedude1212]

OK it's comedy, but so is the real world situation in a way (except more tragic).

I guess it depends on whether you found Macbeth hilarious or not.

Re:

[Syberz]

When I looked at the numbers, all I could think of was "that wouldn't even come up to a good bonus at Goldman Sachs".

Which ones are the bank robbers again?

Goldman Sachs aren't robbing banks, they're using banks to rob us.

Re:

[ixidor]

in soviet-amerika, Goldman Sachs robs you ?

Re:

[dkleinsc]

Woodie Guthrie said it best:

"Yes, as through this world I've wandered
  I've seen lots of funny men;
  Some will rob you with a six-gun,
  And some with a fountain pen."

Re:

[fm6]

The way our top tier of executives is overcompensated is obscene, unfair, and discourages real capitalism. However, it's not theft. It's the result of some fundamental flaws in the way the system operates. If you really give a shit about it, stop attacking the people who benefit from the system and start working to change it.

Re:

[account_deleted]

Comment removed based on user account deletion

FBI underestimates white-collar crime

[Animats]

My guess is that the government doesn't publish the statistics because

No, it's an institutional bias at the FBI that dates back to J. Edgar Hoover. The FBI's Uniform Crime Reports [fbi.gov] hugely underestimate white collar crime. Violent crime is tallied based on police reports, regardless of whether anyone is arrested. White collar crime is tallied based on arrests. Scams with large numbers of victims who didn't lose much each don't get tallied at all.

In dollar volume, white collar fraud dwarfs all other categories. Losses from the Madoff scam, or the Enron scam, were each greater than an entire century or so of physical bank robberies.

Robbery is a dying industry, anyway. Breaking into houses is almost obsolete. What's worth stealing? Nobody has silver any more. Used consumer electronics has zero to negative value. Any TV worth stealing is too big to lift. Used furniture is nearly worthless. Few people keep much cash around. Auto theft is at a 20-year low - between OnStar and LoJack, stealing cars as a career doesn't work for long.

Seems low, doesn't it?

[beakerMeep]

Compared to the GDP of the US in 2009 ($14.26T) that's what, like 0.0007% ? *


*Disclamer: that's internet math, some of the logic could have been stolen/pilfered.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Of Course

[carp3_noct3m]

"Cyber-Crime" has the majority of the benefits of a traditional robbery without many of the downfalls. For those of you who don't know, ATM skimming in the US is even more prevalent and more harmful, and the majority of e-crime originates in OCONUS. The thing is, it is easy to get bank and CC info in the dark underbellies of the internet, the hard part is turning that info into money you can use. That's why large bot-net operators skim large amounts of data, and organize by "value" for example a black card will sell for 150+ $. Usually they try to sell in bulk, to someone else, who then hires a cashier, or someone who can basically "launder" the money back (with various methods, E-gold, offshore gambling, etc), often these cashiers charge over 50 points or more, because that is where the real danger is. The point is, even if you start somehow nabbing or stopping the cashiers, you still have the botnet ops and the real person making the money in the background. Again, most of this being from countries like Russia (stereotypes do exist for a reason sometimes). Want to stop cybercrime? Start making financial institutions at least attempt at having security protocols in place that can stop this sort of thing, and do something to educate and simplify secure computing for the consumer.

Re:

[Anonymous Coward]

"...downfalls..."

I don't know what it is, but lots of people are misusing the hell out of this word lately. I believe you were looking for "downsides" instead. Downfalls are events, whereas downsides are negative properties. Think of Icarus: His downfall was when he fell down due to the downside of his wings being vulnerable to the heat of the sun.

Re:

[carp3_noct3m]

It could feasibly be applicable here. "downfall - a sudden decline in strength or number or importance" or "A sudden loss of wealth, rank, reputation, or happiness" [Freedictionary.com]. So, Cyber-Crime has the majority of the benefits (something that improves or promotes) and lacks many of the events that.....wait a sec. Yep, your right, I'll move along now.... =)

Not even a blip.

[Hatta]

$25 million, roughly 100 million all year. Are you kidding? The financial industry extorted hundreds of billions of dollars from the tax payer in 2009. If this is the cybercrime menace we're supposed to be afraid of, I'm not. I'm much more worried about legalized theft by men in suits.

Re:

[carp3_noct3m]

I agree, I'm actually right now (as in I put it down to type this) reading "The Secret History of the American Empire" by John Perkins. I have yet to read his original, "Confessions of an economic Hit Man". Despite my original skepticism, it really is an eye opener to how we plunder and rape and pillage, but don't break any laws (or just a little bit), where banks and other members of the corporatocracy reap benefits in the billions, this really does pale in comparison.

I thought organized crime...

[ls671]

I thought that organized crime had moved to cyber-robbing a long time ago so is this really news ? I am just wondering...

The 9.4 millions robbed in a conventional way are probably due to poor, "un-organized" people ;-))

When you say cybercrooks, do you include

[aaandre]

When you say cybercrooks, do you include financial institutions that

1. Practice coputer-managed microtrading using the advantage of their high-availability data streams, proprietary software and huge capital (other people's money) to squeeze profit from the market without contributing anything positive to anybody or anything?

2. Create financial instruments and products with the only purpose to use legal loopholes for profit?

3. Use usury to create perpetual profit from everyone who borrows other perople's money from them, practically causing enslavement?

Just wondering.

Re:

[account_deleted]

Comment removed based on user account deletion

Makes sense to me

[kiehlster]

I've heard that bank robbers are typically disgruntled customers (either because of their money situation or their bank relationship), therefore we have a group of traditional robbers stealing from banks that don't have money thanks to the bail-out economy. Remember, when robbers want to case the place they visit days ahead to study the layout and camera locations, and when they do the stealing, sometimes they bring in their legitimate checkbooks as a disguise. Cyber-criminals on the other hand are non-bi

The bankers didn't kill anyone?

[plopez]

There were a couple of posts along the lines of "sure Goldman-Sachs etc. robbed us but at least they didn't kill anyone".Follow this line of reasoning:

The banksters destroyed the global economy.
Millions that were getting by were thrown into poverty.
Millions that were in poverty were thrown into starvation.
Since the unemployment rate in the developed nations increased, gov't and private relief donations dropped.
This reduced the amount of emergency relief available, causing more to die.

Conclusion: the bankste

Small fry

[Wonko the Sane]

The real crooks extorted $24 trillion [washingtontimes.com] from a sovereign nation by threatening elected officials with martial law.

Re:

[Falconhell]

Whoa, this bot has really lost the plot!

Could just be another fine product of the US educationb system though I suppose!