More

Regulators Warns Banks Of 'Effective And Malicious' Hacker Attacks

Bank Computer Hacking

First Posted: 06/28/11 02:57 PM ET Updated: 08/28/11 06:12 AM ET

Inspiring
 Greedy
 Typical
 Scary
 Outrageous
 Amazing
 Innovative
 Infuriating

WASHINGTON - Bank regulators warned banks to be on guard against increasingly clever computer hacking on Tuesday, indicating heightened alert against security breaches that have plagued government and corporate institutions in recent weeks.

The Federal Financial Institutions Council -- an interagency group that includes the Federal Reserve, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corp -- issued a reminder to banks to use more than one form of authentication for online consumers.

"Fraudsters have continued to develop and deploy more sophisticated, effective and malicious methods to compromise authentication mechanisms and gain unauthorized access to customers' online accounts," the council said.

The warning comes after a series of high-profile security breaches including a threat to the Fed by a hacking group. The threat never materialized.

Last week hackers disabled the Brazilian statistics agency's website for five hours. Citigroup Inc and the U.S. Senate have also been targets of recent cyber attacks.

Regulators are concerned protections put in place in response to recommendations six years ago have become less effective.

Programs that record a computer user's keystrokes have been increasingly effective in stealing identifying information and passwords, regulators said.

"Institutions should no longer rely on one form of customer authentication," they said.

Financial institutions are required to review and update their assessments of computer security risks at least every 12 months.

(Reporting by Mark Felsenthal; Editing by Padraic Cassidy and Leslie Adler)

Copyright 2011 Thomson Reuters. Click for Restrictions.

FOLLOW HUFFPOST BUSINESS
Subscribe to the HuffPost Money newsletter!
WASHINGTON - Bank regulators warned banks to be on guard against increasingly clever computer hacking on Tuesday, indicating heightened alert against security breaches that have plagued government...
WASHINGTON - Bank regulators warned banks to be on guard against increasingly clever computer hacking on Tuesday, indicating heightened alert against security breaches that have plagued government...
Related News On Huffington Post:
 

Read more from Huffington Post bloggers:
Hemanshu Nigam

Hemanshu Nigam: Hackers Unite

Now that the Internet has provided a way to enter the front door through the digital underground, hacking has evolved into a disastrous enterprise.

Filed by Harry Bradford  | 

More in Business...


 
 
  • Comments
  • 12
  • Pending Comments
  • 0
  • View FAQ
Comments are closed for this entry
View All
Favorites
Recency  | 
Popularity
J R M
89 Fans
01:32 PM on 07/14/2011
I am a computer security professional - chief scientist at a computer security company that does security reviews and penetration tests among other things. I have been in the business for ~ 25 years now.

I do my banking by computer. And I trust it - reasonably.

I do my banking from a dedicated computer that is used for nothing else. The computer is behind my desk and is turned on twice a month for an hour or so to contact the bank over an SSL connection. If the attacker owns the bank website that I connect to, it is all over.

e-mail and other activities are done from normal user accounts on other systems. And I do credit card orders from an account on my work notebook that is not used for general browsing.
Permalink  |
photo
Lochness71
Here I am.
332 Fans
02:16 PM on 06/29/2011
They should be asking why the hackers are attacking the banks in the first place.
It is not always to get financial gain.
Permalink  |
photo
HUFFPOST SUPER USER
ADRealist
High expectations are the key to everything.
244 Fans
11:30 PM on 06/28/2011
Most keystroke loggers also taken periodic screen shots, or offer a remote access view of the desktop anyways. Completely recording everything that the end user sees. One form of ID - ten forms, it makes no difference once your computer's security has been compromised, which can be done by clicking on a java game or from a pop up and you would never know.
Permalink  |
Tea for me
Lipton only:>) Proud Lib/Prog Dem
2145 Fans
01:30 AM on 06/29/2011
Thank you..didn't know that about java..I do have pop-ups blocked. My debit card number..lots of charges in 4 hr period..bank/comcast both contacted me right away.....so stopped it much sooner because they both knew something was wrong. Sigh..Working through ..proving fraud charges is not fun.
Permalink  |
jo smith456
237 Fans
10:43 PM on 06/28/2011
WHAT ATTACK????

The most "effective" attackers on the banking system are the bankers themselves, who, with the help of Fed Reserve and bookkeeping trickery, manipulate/create "liquidity" for their OWN proprietary trading accounts.
Permalink  |
Duppy
3253 Fans
09:54 PM on 06/28/2011
BOA and Goldman ................hack away !
Permalink  |
photo
HUFFPOST SUPER USER
itstimetotakeitback
97 Fans
08:04 PM on 06/28/2011
FDIC.. Hack away..
Permalink  |
liltrix
450 Fans
08:00 PM on 06/28/2011
I wouldn't put my money in a bank these days if my life depended on it.
Permalink  |
RecreationalPilot
1153 Fans
05:51 PM on 06/28/2011
It all comes down to weak operating systems running in unprotected mode.

Operating systems that allow software to automagically install themselves and perform hidden gate calls to the operating system as the administrator or superuser. Most of the rogue software is not taking advantage of simple passwords, but holes in the OS - holes that should have been fixed years ago. Poor quality control, lazy developers or poor management decisions that allow the holes because their own products take advantage of them for speed, the inability to close those holes because too many other products rely on them and closing them would cause all kinds of havoc - are all hindering security.

Systems with poor security are designed that way to help speed up the OS, something that was important when running on a 80386 processor - but is inexcusable with today's multi-processors machines. Strong internal OS security is only as good as the OS preventing access to its memory locations or instruction sets.

New PCs should be installed with an encryption co-processor and a security co-processor that cannot be tampered with from the OS. The OS should relinquish security tasks to a separate logic card then just call that card to see if the instructions are approved or not. But, if there are holes in the OS, that wouldn't matter. Once the OS is compromised, all is lost.

It all comes down to weak operating systems running in unprotected mode.
Permalink  |
keepyourheaddown*
223 Fans
05:47 PM on 06/28/2011
LIE CHEAT AND STEAL!

what did you think was going to happen???
Permalink  |
photo
StevieRae
2012 Choice-Oligarchy or a Republic
1104 Fans
04:43 PM on 06/28/2011
If Congress isn't addressing the regulations needed to avoid another "too big to fail" calamity, is this the new world version of citizen-driven change against them?
Permalink  |
Aneesia
419 Fans
04:16 PM on 06/28/2011
I hope the hackers take the corporate money and the funds of the ultra-wealthy and then distribute it to those that are in need(hopefully)....or just take it, since it is not benefiting the people. The US government and Congress have shown they don't give a d**n.
Permalink  |