This page has been archived and commenting is disabled.
“Cyber Security Loophole”- Bank Hackers “Unfettered Access” To Accounts
“Cyber Security Loophole”- Bank Hackers “Unfettered Access” To Accounts
- Bank accounts at majority of banks in Britain and Ireland are vulnerable to hacking, says Financial Times
- Two-step authentication process used by most banks is inadequate
- Vulnerabilities identified similar to those that were used by hackers to steal up to $1 billion across Eastern Europe
- UK regulator says bank customers must be reimbursed, banks are responsible for security
- Highlights risks to deposits and systemic risk should such vulnerabilities be exploited in cyberwarfare or for monetary gain
The vulnerability of banks and the global banking system – reliant as it has become on computer systems, information technology and the internet – was highlighted yet again in an important article in the Financial Times on Tuesday which was largely ignored elsewhere.
The FT reports that it has come into possession of documents and correspondence between the Financial Conduct Authority (FCA) and a cyber security firm, Bronzeye, that identify “serious security issues” at British high street banks.
“Britain’s markets watchdog, the Financial Conduct Authority, was warned last July about a loophole in the cyber security of one of Britain’s biggest banks that could give hackers unfettered access to customer accounts,” reports the FT.
Bronzeye identified a weakness in the two-step authentication process used by most banks and reported it to the FCA in July of last year. It is apparently similar to the flaw that allowed hackers to raid up to $1 billion from around 100 banks, predominantly in Eastern Europe.
Bronzeye identified one “large British bank”, the name of which was redacted in the documents, that had “22 critical vulnerabilities”. One of these flaws could “stop the bank in it’s tracks”, according to the firm.
Oddly, the bank refused to work with Bronzeye to fix the problem.
On the surface it would appear that banks customers need not concern themselves with these developments. The FCA has made it clear that banks must absorb the costs of raids on customers accounts by hackers.
“We are focused on ensuring the right outcomes based on our three operational objectives. We expect firms to provide redress for consumers impacted by cyber crime, consumers should not lose out as a result of cyber crime. Management and oversight of the systemic cyber risks lie with the Bank of England and Prudential Regulation Authority supervision,” they said.
While this is encouraging we believe that this story again exposes systemic risks to the banking system. If the accounts of a number of banks were targeted en masse in a coordinated act of cyber-warfare or cyber-terrorism it could severely impact and even disable individual banks and their deposit accounts and indeed the entire western banking system through contagion.
We have covered previously how governments across the world have been infecting the systems of their rivals with malware. Although generally they have not exploited the breaches to date.
It is likely that groups and governments hostile to the West have also identified such simple vulnerabilities in the western banking system but decided it was not in their interest to exploit them … yet.
Recently we pointed out how an international hacking group stole $300 million from bank accounts and how the global digital banking system is not secure . We also pointed out how cyber war poses risk of bail-ins to banks and deposits.
We are not suggesting that readers should dash out and empty their bank accounts. We are simply identifying risks to the system of which people should be aware and that they take reasonable precautions including diversification of deposits and diversification from deposits.
Having all your eggs in a deposit account is no longer prudent.
Academic and independent research and indeed the modern and historical record shows how physical gold is the safest asset-class in the world. An allocation of some of one’s portfolio to physical gold is insurance against technological and systemic risks posed to all virtual wealth today – whether that be digital bitcoin or electronic currencies in deposit accounts.
These risks have never been seen before and yet are largely unappreciated and ignored by brokers, financial advisors and bankers.
How To Own Gold – 7 Key Must Haves
MARKET UPDATE
Today’s AM fix was USD 1,199.75, EUR 1,086.04 and GBP 786.46 per ounce.
Yesterday’s AM fix was USD 1,204.25, EUR 1,082.67 and GBP 785.19 per ounce.
Gold fell 0.32% percent or $3.80 and closed at $1,199.40 an ounce yesterday, while silver slipped 0.49% or $0.08 to $16.18 an ounce. Gold steadied around $1,200 this morning in trading in the UK and Ireland after a three days of slight losses.
Brent crude was flat on Thursday, managing to hold above $60 a barrel as investors brushed aside bearish U.S. inventories data to focus on the lack of a deal in talks over Iran’s nuclear program and the risk of conflict between Israel and Iran.
Investors await the European Central Bank (ECB) policy meeting outcome at 12:45 GMT today to learn more details of Draghi’s bond buying bonanza equalling 1.1 trillion euros.
The non farm payrolls a key U.S. economic indicator is scheduled for release on Friday. Market participants are hoping for a clue as to when the U.S. Federal Reserve’s interest rate hike may occur.
Not all Fed governors are on plan for a June-September 2015 rate hike. Chicago Federal Reserve Bank President, Charles Evans, told a local Rotary Club, “Given uncomfortably low inflation and an uncertain global environment, there are few benefits and significant risks to increasing interest rates prematurely.”
Evans told reporters after the presentation that, “a rate hike will be not be appropriate until “early 2016” which is gold supportive.
Spot gold was up 0.1 percent to $1,200.65 an ounce in late morning trading in London, after dipping one percent in the previous three sessions on a strong dollar and robust U.S. economic data.
Spot silver slipped 0.1 percent to $16.16 an ounce, while palladium was up 0.1 percent at $828.50 an ounce and platinum was steady at $1,180.45 an ounce.
Updates and Award Winning Research Here
- advertisements -





To banksters it was never YOUR money anyways.........
"Oddly, the bank refused to work with Bronzeye to fix the problem."
Most of them seem to want to shoot the messenger. Was threatened by one bank with a lawsuit for pointing out privacy flaws on their website. With some simple URL manipulation, could look at customer details of anyone who had recently taken out a CD along with the amount and serial number. They were quite defensive when this was brought this to their attention, and treated me like some kind of criminal after I pointed out that the 'fix' they implemented was an easily bypassed indirection. (Obviously this was a long time ago, when the 'net was younger and interest rates were high enough to justify parking cash in CD's.) Another bank was less than thankful when I mentioned to them that their server software was flaunting several known security holes that had patches available (no 'hacking' was required to ascertain this, just perusing the http response headers).
loophole = backdoor?
Setting us up to steal our $$$ and blame it on the hackers > time to regulate the internet.
To any hackers out there who might be getting ready to hit my bank...Don't spend that 48.11 all at once. Put a little aside for a rainy day.
I've tried the Zoro mask and toboggan look while standing over peoples laptops at Starbucks, doesn't work.
.
Maybe they should have watched Citizen Four.....
http://cryptome.org/2015/03/snowden-hk-security-devices.htm
https://www.yubico.com/products/yubikey-hardware/yubikey-2/
Whether it is actually secure is for people to decide. Snowden seemed to think so.
Very simple way to create complex passwords you can easily remember.
Beatles - I Want To Hold Your Hand
IwThYh@fab4!
Take it a step further you saw a local band play a cover of the song so @fab4 changes makes it even harder to guess.
Ahhh, the old password conundrum...
And the answer is:
http://xkcd.com/936/
The graphic should be https://<yourbank> since you can not trust SSL Certs and BIND (DNS) anymore.
https://freakattack.com/
https://www.smacktls.com/
Probably the best option at the moment concerning DNS is to use Dnscrypt then specifically use servers via Dnscrypt that also use Dnschain.
You also have to trust that the servers in Dnscrypt that say they don't keep logs really don't.
https://www.opendns.com/about/innovations/dnscrypt/
http://dnscrypt.org/
https://okturtles.com/
Anybody that trusts online banking is a moron, double goes for you digital wallet types.
My bank hates me because I refuse to allow my accounts online so if my account is hacked they are fully liable.....
I don't even have my trading account online. I pay for a seperate Level 2 feed then conduct all my trades over the phone.
And nobody would be listening in on that......... :-)
Effing NSA is omnipresent. And if they can do it, some hacker likely can too.
On the whole the UK banks are decades ahead of the US on online security.
So I'd be way more worried about your exceptional US accounts.
eh, once again... gotta love the chinese banks.
over here you can log-in using a password and all that, but without a USB token containing the certs, you can't do much of anything else.
Not if but when, for some time now.
If only banks were using Hillary's personal servers, this could all be avoided.