Earlier this week reports showed another round of SWIFT-related cyber heists , this time targeting banks in Ecuador. A new report in Reuters sheds light on what actually happened to the high-tech thieves’ $12-million loot. Apparently, they moved $9 million to 23 banks in Hong Kong and $3 million to Dubai and other parts of the world. Wells Fargo transfered sums with the total value of $9 million to the accounts of four companies at HSBC and Hang Seng Bank based on authenticated SWIFT transactions. The hackers then distributed the money to what are believed to be phoney business accounts. Similar to the recent Bangladesh and Vietnam bank attacks, the thieves’ scheme involved the use of the SWIFT messaging platform. Banks use SWIFT’s platform to make financial transfers between each other, and cyber thieves typically send out fraudulent SWIFT messages requesting for funds to be routed to dummy accounts. In Bangladesh Bank’s case, the thieves used the SWIFT credentials of the institution’s employees to request several transfers to accounts overseas. They got off with $80 million, which would have been much larger ($1 freaking billion) if they didn’t misspell the word “foundation.” The hackers could have easily accessed the employees’ credentials, because the bank lacked a proper firewall. It’s not clear if that’s also what happened in Ecuador, but the thieves obviously had the same MO. American banks are now looking more closely into SWIFT’s security after news of these cyber heists surfaced. SWIFT (which stands for Society for Worldwide Interbank Financial Telecommunication) itself is working on a five-point security plan to prevent similar events in the future. Source: Reuters
View the original here:
Hackers steal $12 million from an Ecuadorian bank via SWIFT
“Police nationwide are secretly exploiting intrusive technologies with the feds’ complicity, ” argues a new article on Alternet — calling out Stingray, which mimics a cellphone tower to identify every cellphone nearby. “It gathers information not only about a specific suspect, but any bystanders in the area as well… Some Stingrays are capable of collecting not only cell phone ID numbers but also numbers those phones have dialed and even phone conversations.” The ACLU says requests for more information have been meeting heavy resistance from police departments since 2011, with many departments citing nondisclosure agreements with Stingray’s manufacturer and with the FBI, and “often, the police get a judge’s sign-off for surveillance without even bothering to mention that they will be using a Stingray…claiming that they simply can’t violate those FBI nondisclosure agreements. “More often than not, police use Stingrays without bothering to get a warrant, instead seeking a court order on a more permissive legal standard. This is part of the charm of a new technology for the authorities: nothing is settled on how to use it.” Stingray is more than a 1960s TV series with puppets. Several state judges estimate there have been hundreds of instances where police have used the Stingray tool without a warrant or telling a judge. Slashdot reader Presto Vivace writes: This is why it matters who wins the mayor and city council races. Localities do not have to accept this technology. Read more of this story at Slashdot. 