Forgot your password?
typodupeerror
Crime Security The Almighty Buck IT Your Rights Online

Hackers Steal $6.7M In Bank Cyber Heist 91

Posted by Soulskill
from the not-nearly-as-dramatic-as-a-regular-heist dept.
Orome1 writes "A perfectly planned and coordinated bank robbery was executed during the first three days of the new year in Johannesburg, and left the targeted South African Postbank — part of the nation's Post Office service — with a loss of some $6.7 million. The cyber gang behind the heist was obviously very well informed about the post office's IT systems, and began preparing the ground for the heist a few months before, by opening accounts in post offices across the country and compromising an employee computer in the Rustenburg Post Office."
This discussion has been archived. No new comments can be posted.

Hackers Steal $6.7M In Bank Cyber Heist

Comments Filter:
  • by Anonymous Coward

    It's not whether you can get into a bank, or even out of it, it's how long you can keep the money.

    It will teach them to not have so many holidays I hope!

  • by omganton (2554342) on Tuesday January 17, 2012 @08:12PM (#38732300)
    "Hey, can I check my Facebook real quick?"
  • by gweihir (88907) on Tuesday January 17, 2012 @08:17PM (#38732372)

    I was part of a small team that described a pretty similar attack scenario to a customer almost 10 years back. It is no surprise at all that this worked and it would work in a lot of other places as well. The only really tricky part is coordinating the mules (and keeping them quiet) as you do not know how much money is available at each specific ATM. But you can guess by observing usage patterns (counting customers) and how often they are re-stocked.

    • by NeutronCowboy (896098) on Tuesday January 17, 2012 @08:46PM (#38732706)

      I'm much more surprised by the fact that they managed to take about 1% of the entire assets of the wanna-be bank. That's pretty disturbing - because that means that nothing was working right. Not their security, not their required privileges, not their fraud detection, nothing. Note to self: don't do business in SA.

      • by decora (1710862) on Wednesday January 18, 2012 @12:54AM (#38734560) Journal

        im guessing that the main reason it seems like an 'unusual south africa thing' is because US banks never, ever talk about this kind of thing.

        partly out of embarassment, partly because the entire system is based on 'security through obscurity'.

        ----

        of course, oblig. comment about how thousands of US banks failed in 2008/9/10 due to the CDO fraud system - which directly involved and benefited the ratings agencies. but its almost like nobody cares about that. they care about 5 million stolen from ATMs, but not about 2 trillion stolen from the taxpayers.

        • Nearly every attack, most likely including this one, was an inside job.

          Besides, every bank in the world that isn't American invests ridiculous amounts into security (and fails). American banks, well, they also fail. But American banks are pretty unique in that they will only invest a reasonable amount to prevent fraud going out of control. They will actually not go after every single instance of fraud.

          Of course, one of the big screwups exploited this exact "weakness".

      • I'm much more surprised by the fact that they managed to take about 1% of the entire assets of the wanna-be bank.

        At least, that means that their ATMs were well-stocked for the long New Years' break. Around here they'd have run out of money on the second day...

  • Summary is wrong (Score:5, Informative)

    by Smallpond (221300) on Tuesday January 17, 2012 @08:23PM (#38732442) Homepage Journal

    42m Rand is not 6.7m USD, it is more like 5.2m.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      Now just 4.3m, ... 5 minutes later
      2.1m, ...
      0.1m ...
      now you are better off burning it for heat than trying to pay your bills with it ;)

      • by Anonymous Coward

        wrong African country.

      • by PRMan (959735)
        Where's my Mod points? That's seriously funny.
      • Re:Summary is wrong (Score:4, Informative)

        by Formalin (1945560) on Tuesday January 17, 2012 @10:49PM (#38733880)

        That's Zimbabwe. SA, while experiencing considerable inflation in the 90's, is reasonably stable now, and no where near the level of inflation in zimbabwe.

        1 rand used to be worth around 1 USD, IIRC (apartheid era). inflation went up with political change, and by around 2000? it was 10 or so to a dollar, and is something like 6-7 these days. So 50-100% some years, less overall, which is bad... but not hyperinflation, where prices double in days or hours, instead of years (like in zimbabwe).

        • Re: (Score:2, Informative)

          by Anonymous Coward

          and is something like 6-7 these days

          1 U.S. dollar = 8.03322542 South African rands

          42 million South African rands = 5.228286 million U.S. dollars

          Good thing we're not on the internet, or it would look a little stupid to be making up numbers when there are perfectly good sources available.

        • It is my understanding that Zimbabwe's currency has settled down to a value of 0. They use US$ now. Yes, they are printing them too.

    • But it is about 6.7m Brunei dollars, or New Zealand dollars... or Singapore dollars.
    • 42m Rand is not 6.7m USD, it is more like 5.2m.

      And no doubt falling like a stone on this news.

  • That's nothing (Score:5, Insightful)

    by midtowng (2541986) on Tuesday January 17, 2012 @08:29PM (#38732512)
    Wall Street CEO's have been stealing much larger amounts from their own banks for years.
  • How could an investigation rule out a possible inside job? These hackers are pretty good at covering their tracks.

    One of the many clever ways they employed in one heist, was to run malicious code that incapacitated random parts of the system once it detected that it was itself under some kind of detection or surveillance. Clever indeed.

  • I could understand the mass media using the word "hackers" here but /. should know better. These guys are just bank robbers and we dont differentiate between bank robbers who use handguns vs those with knives vs those who claim to have a bomb strapped to them.
    • by Culture20 (968837)

      I could understand the mass media using the word "hackers" here but /. should know better. These guys are just bank robbers and we dont differentiate between bank robbers who use handguns vs those with knives vs those who claim to have a bomb strapped to them.

      Sure we do: "masked gunmen held up", "'pizza bomber' bank robber", "mad bomber bank robbery", and bank robbers who use knives are called stupid unless they have a whole gang.

  • This isn't the first "cyber heist" in South Africa, just the first one to make the news.

    Seriously, though, criminals realised long ago that you can steal more electronically than you can carry in a 'traditional' heist. Just look at the Russian's and their level of organised e-crime!

    • by Magada (741361)

      Stand by for the outlawing of cash. Any fraudulent cash transactions could then be reversed at will. Moving product stolen with funnymoney is much harder

  • by slas6654 (996022) on Tuesday January 17, 2012 @11:01PM (#38733964)
    My very wealthy American uncle, who was the American consulate attache to Guyana, recently passed away. While we are very sad for his passing, he has left a great fortune in the Bank of Amerika that, unfortunately, cannot be transferred back to Guyana without completing the probate process. Since my wealthy American Uncle (Sam was his name) was too big to fail (er I mean die), I stand to inherit a great deal of wealth. I will gladly share with you this windfall at the Bank of Guyana if you will help me complete the probate. If you will kindly Paypal 52m Rand to help defray the cost of the probate, I will in turn send you 52billion US dollars. Please respond in confidence to my email address: Angelo.Mozilo@Countrywide.com.
  • This sounds like more of a case of social engineering rather than hacking.

    I am pretty sure their Systems Analysts and Programmers will cop most of the shit that is coming for what I predict is some stupid emplyees fault. "Yes, what can I do for you Jo?"

    I could be wrong, but that's my take.
  • by Shadowruni (929010) on Wednesday January 18, 2012 @01:12AM (#38734672) Journal
    Read "Stealing the Network: How to own a Continent"

    The whole book is this heist.

    Literally.

    Just check out the summary.

    The thing that makes this book series special is that they don't say, "I ran nmap and knew from the output they were running a webserver."

    They say "I ran nmap with 'sudo nmap -P0 -T3 -p 80 127.0.0.1 -oA localscan'

    And got:

    Starting Nmap 5.21 ( http://nmap.org/ [nmap.org] ) at 2012-01-17 20:55 PST Nmap scan report for localhost (127.0.0.1) Host is up (0.000083s latency). PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds And could see from the line "80/tcp open http"

    http://www.amazon.com/Stealing-Network-How-Own-Continent/dp/1931836051 [amazon.com]

    //Has the whole series and still remembers the props I got from Blue bore.

    ///Yes I know the example is a bit contrived but that is exactly how they present information in the series and I learned a lot from it.

  • by ArsenneLupin (766289) on Wednesday January 18, 2012 @05:31AM (#38735854)
    From the second link:

    Asked if there were concerns about the risk the security breach posed to government departments using the Trust Centre hosted by the post office...

    If that's what I think it is, look forward to another wave of MITM-facilitating rogue certificates, this time from South Africa...

    , Pule said: "The centre has high security parameters to protect all the services delivered through it."

    oh, after that much buzz-word laden alphabet soup, I feel so much better. Hopefully their flux capacitors are fully charged or else there high security parameters might unload.

    • by psydeshow (154300)

      From the second link:

      , Pule said: "The centre has high security parameters to protect all the services delivered through it."

      They were originally considering the low and medium security parameters as well. Unfortunately, the chairman of the board demanded only the highest security, so they only implemented that. Such a shame, because now the low and medium parameters are completely unsecured.

  • by antifoidulus (807088) on Wednesday January 18, 2012 @08:24AM (#38736620) Homepage Journal
    Are they sure it wasn't just a penny rounding scheme gone terribly awry?
  • Since Money is just an abstract representation of value that only works as well as the agreed use by those using it, so to ease trade (vs. barter) and in this case its wasn't even paper or coin, they can type the numbers back into the system, like it was never gone. And this would be far from the first or last time the banksters do this.

    This idea that to much of this abstract tool in circulation leads to inflation is bull shit, just and excuse of the banksters to play their game of manipulating the economie

  • by hesaigo999ca (786966) on Wednesday January 18, 2012 @09:38AM (#38737048) Homepage Journal

    Is this the one where George sets up a house to be tilted, no wait, that was the second?
    Oh yeah, ok, they rent a whole bunch of small mini coopers and.....nope...
    Ok, I got it....she has to go under all the infrareds and slowly stealth her way through to the .....

    Ok, nevermind, I think I am overloaded as it is...movin on....nothin I want to see here.

Happiness is a positive cash flow.

Working...