[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Egg hackers were disorganised crime
From:       William Knowles <wk () C4I ! ORG>
Date:       2000-08-25 7:14:18
[Download RAW message or body]

http://www.theregister.co.uk/content/1/12822.html

By: Lucy Sherriff
Posted: 24/08/2000 at 16:49 GMT

More details have emerged about the so-called "Great Internet Robbery"
at online bank Egg.com.

This was not the great Hack that everyone thought it was yesterday,
just a set of fraudulent applications for loans and bank accounts with
free overdrafts.

In fact, the reason these guys got caught is that Egg had software in
place capable of tracing fraudulent account activity by checking up on
multiple applications from a single IP address.

Much of the news coverage of the event has focussed on the lack of
security of banking online, but this is not relevant to this case.
This was an old style fraud committed by people without enough
technical knowledge to mask their identities and hide what they were
doing from the bank's monitoring software.

In the words of one security expert we spoke to: "That doesn't sound
like very organised 'Organised Crime' to me. In fact it seems that
they went out of their way to be traceable. The raids took place in
three locations: Buckinghamshire, Bedfordshire and Northamptonshire,
and it appears they gathered together to make the applications."

Indeed. If these people had thought about what they were doing,
multiple applications would have been made from multiple sources,
untraceable to one person. It is not as though there is any great
shortage of Internet cafes to go to.

If this situation adds to peoples concerns about online banking, it
shouldn't. There was, according to Egg, no security breach and no
customers' money was stolen. This kind of crime was just as easy to
perpetrate in the "real world" until money laundering regulations
tightened up on the amount of identification required to open bank
account.

Robert Schifreen, a director at Information Security Training
commented: "This will not be the last time this happens, and it is not
the big online bank hack everyone has been expecting. That, I fear, is
still to come."

The National Criminal Intelligence Service put out a statement three
weeks ago pinpointing the real issue. It said: "Suspicious
transactions reported by high street banks are frequently generated
through observations of staff who serve the customers. This
opportunity is eliminated through the operation of the Internet and
may therefore result in a decrease in the number of disclosures."

The security of online banking has not, as all the doomsayers
proclaim, been shown up again, although it may yet be


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".

[prev in list] [next in list] [prev in thread] [next in thread]