At the time, the home-based consumer computer (not to mention the telephone system with its BBS’s – Bulletin Boards!) was new and exciting: the (now old and removed POTS (Plain Old Telephone System) was THE game in town, with the intent of gathering information and the joy of learning new routines the primary goal. Various stratagems and means were utilized, inclusive of dumpster-diving (going through the telephone companies trash), ‘social engineering’ (a fancy word for sweet talking somebody into giving you restricted access) along with regular stops to nearest ‘Rat’ (Radio) Shack and ‘trade gatherings’ where others of ‘their’ kind would come together.
This is all mentioned in light of the recent news development regarding a group of hackers involved in a massive worldwide effort regarding banks to the (publicly reported and admitted) amount of $45 million.
As the so-called experts point out:
Hackers got into bank databases, eliminated withdrawal limits on pre-paid debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe — an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes.
A network of operatives than fanned out to rapidly withdraw money in multiple cities, authorities said. The cells would take a cut of the money, then launder it through expensive purchases or ship it wholesale to the global ringleaders. Lynch didn’t say where they were located.
Some things still haven’t changed; nothing new here.
The idea of using a plastic code with a pre-coded magnetic tape is as old as dirt itself: as to how this is done, much of this can be found through various sources.
As to accessing banking records to undertake such things (after all, the only way in which this job could be pulled is by matching the actual account information to the physical magnetic cards used for downloading cash), during the 1990’s Citibank’s interoffice telephone exchange was openly used by “hackers” for free conferencing calls, openly planning their next round of activities, exchanging chit-chat or teaching each other on the latest trends and routines – no different from any other major corporate personnel utilizing a corporate telephone network (its worth noting that, at the time, users had to be mindful of the (slight) distance delays differential owing to the then weird practice of Citibank having all its calls routed through it’s Paris, France office network).
Any system or service is only as secure as it’s people make it to be.
As for accessing bank records, why stop at digging in, when you can have the information come to you? Some years ago, there were a group of hackers who went one step further: actually setting up fake ATM’s in shopping malls and other public areas. The average user would go to withdraw money, only to be told that the machine was out of service; the information the user had entered was then stored and taken to be placed on a magnetic printer strip for later withdrawal (these were among a sub-grouping who, as part of their routine, would withdraw cash from ATM machines while wearing masks of such individuals as Ronald Reagan, zombies, Richard Nixon, or a host of others for the amusing benefit of bank security cameras).
During the 1990’s, banks had a situation wherein “hackers” (ah, that word again) would be accused of replacing security cameras with one of their own, ‘shoulder surfing’ over user’s to capture this account information (an insidious procedure which may sound perfectly suitable for nefarious purposes, but in fact can be a real pain to undertake). The smarter ones, however, would set up capture items in and around the keyboard such that users were not aware that their information was being captured,…
And then there were the legendary moves on the part of certain “hackers’ of the Russian Federation who captured inter-bank transfers, placing ‘blocks’ or ‘capture point / redirects’ on the ports where the data were being swapped (in simplistic terms, placing listening devices to the internet / telephone networks, decrypted the data being sent and then using that data to actually access the raw accounts being managed). The results of this effort? Estimates range widely, with bank losses estimated to reach at high as $50 million in just one such incident alone! Interestingly, the impacted banking houses sought to drop the charges (naturally they settled for financial restitution – but remarkably, settled for an amount far less than what many suspected was actually taken, suggesting that the action was deeply than anyone wished to admit and that the skill set involved insured that the money was untraceable – or, more likely the appropriate officials were sufficiently given ‘inducements’ top avoid any further prosecutorial action) in exchange for the “hackers” to be their security consultants so as to avoid any further public publicity over the matter, for if the public were to truly know the extent of the lack of security, banking confidence would plummet.
And can you blame them? I’d hate to be the one to tell my clients ‘gee, several millions of (insert your currency of choice here) was taken from your account, but you still want to do business with us – right?’
Which brings us to the other side of the coin, so to speak,…
As reported two months ago, HSBC was directly involved in what governmental officials stated was ‘money laundering’ (http://www.bbc.co.uk/news/business-21840052) for major narco-criminal enterprises worldwide (which is interesting how this particularly publicized group of “hackers” targeted money reserves set aside for pre-paid cards, wisely avoiding other accounts,…).
The reality is that the only innocents involved in the entire arena are the average bank account holders (the ‘little people’), for many banks themselves are involved in criminal activities of their own, ranging from money laundering, to passing along sub-prime housing funds, or just simply overcharging people with various account charges just because, well, the banks can do this sort of thing (I deliberately fail to mention the investors as insurance will cover the costs of such losses; as to those who may object I merely point out that it’s all just business and to please check your company pride at the door,…).
Much of what is taking place in recent years regarding banking is increasingly a matter of degree and viewpoint. As banks become larger, they will utilize whatever resources they can to ensure their protection, which may include the hiring of those who penetrated their security, indulging in questionable investment practices and serving ‘interesting’ clientele.
It’s all part of doing “normal” business in the 21st century.
Similarly, as banks handle larger and larger amounts of “money” (and we won’t get into the discussion of ‘Bitcoin’ and the significance of that development as it relates to international banking and financial systems as after all, when you think about, what truly defines the financial value of any given currency?) banks are involved in realms and investment practices which they did not dream of doing but twenty (20) years ago – witness the role of banks in the recent housing bubble and the sub-prime mess along with their various other financial / investment practices (we’re still awaiting the final report on the offshore accounts held in the Bahama involving high-ranking international governmental officials and other ‘outstanding’ members of society – $32 TRILLION and rising,…!).
Realize this: we’ve reached a point in our culture(s) and society(ies) where – like the intrinsic value of money and the actual stability of our financial systems – the very notion of a bank robbery is now relative.
Here’s one brief overview of this incident: http://www2.macleans.ca/2013/05/10/sophisticated-network-of-global-thieves-drain-cash-machines-in-27-countries-of-45m/