by Conor Anson-Cartwright
Citibank is the third largest banking company in the United States, and can be found in more than 100 countries. Being the third largest bank in the U.S. it would naturally be assumed that its security systems would be adequate enough to block invaders from entering their systems. However, on May 10, 2011, hackers breached the Citi Account Online website. The hackers gained access to information such as names, and account numbers, but did not have access to people’s social security numbers, or security card codes. On June 9, Citibank released a statement saying that the intruders who hacked their systems had affected 200,000 accounts; which is 1% of their 21 million North American customers (The Wall Street Journal). However on June 16, Citibank released that the hackers actually affected more than 360,000 customers. Citibank started to re-issue about 217,000 cards to customers on June 3, each costing under $20. The hackers unofficially stole 2.7 million dollars (LiveEnsure Blog). It is interesting that Citibank released news of this attack to the public a month after it had occurred.
The Hackers retrieved information of accounts by using a technique called ‘parameter tampering’. “[Parameter tampering] involves typing various strings of data into the address bar of the browser to gain access. The attackers used an automated tool to type in repeated account numbers into the address bar, tens of thousands of times, to access the account data” (Wired). It was never released how long the hackers were performing this attack on Citibank, or if Citibank realized the attack was occurring and stopped it. Citibank claims that they have now implemented more ‘enhanced procedures’ but did not elaborate (Wired). Security experts state that banks need to upgrade their authentication procedures. This will improve the confirmation that the proper customer or employees are trying to gain access to the network or accounts; not an intruder. Improvements can and must be made to the system; however hackers are becoming more sophisticated and will continue to evolve with these improvements. When a new software and security system is enabled, it will eventually be cracked by hackers, a new system will not be implemented for quite some time.
The shift to online banking is great for banks because it cuts down costs on physical money handling (guards and armoured trucks); however it creates a new frontier for robbers to steal money and a lot of it at one time. There are plenty of ways that hackers can gain access to online bank accounts such as using online banking apps on phones. Jason Rouse, a security wireless expert with Citigal, states that “an infected application downloaded on a phone can be designed to take over a smartphone. When the user then logs on to his bank account with the phone, the hacker could steal the user’ bank credentials. Many mobile- banking apps don’t account for a phone being compromised” (The Wall Street Journal). Will the shift to online banking eventually lead to more attacks by hackers, and what will it take to finally put an end to it? Time can only tell.
No comments:
Post a Comment