Sunday, October 07, 2007

Belgian online banking hacking problem is not new.

A lot of media attention came up the last 2 days as it appeared that the on-line banking possibilities of 3 banks (Dexia, KBC and Argenta) were hacked by the Russian maffia.
Well to my opinion this is NOT a new incident. It's just now that one quality newspaper 'De Tijd' came up with this story and most other media followed and created a lot of attention to this story. This is definitely nothing new as I already brought this to the attention of the media during an opinion article for Data News for Infosec this year and also during an interview for the magazine Knack several months ago and even for the magazine 'Koppen' a few weeks ago. But ... nobody seems to be carefully reading or paying attention to what I told at that moment.

So what happened? Well the normal problems came up of course ... pc's with bad protection ... a combination of spyware, backdoors, keyloggers, phishing, no hardware tokens used, key saved on the hard drive, etc and 'tada' your online banking account was cracked. Of course this is not interesting for the bankaccount holder as he saw a few days later that he didn't have any money left on his account. But what again is the basic problem?

Yes, you guessed it ... bad protection on one or both sides and that's of course the 'real' reason why suddenly a lot of banks are improving their security this year, isn't it? Maybe not, but still even with the best protection in place there will be always a possible 'dedicated' way to steal your data or your money. If it's done by a dedicated attack you always will loose ...
and what did I told everybody about dedicated attacks at the end of last year: it is growing and it's underestimated. Something I also spoke about during my roadshow for KMO-IT and in one of my YouTube broadcasts.

BTW I was interviewed by radio station 'Bel RTL' for this topic. I will post this to my press page shortly. Did you notice it as well: Didn't you saw any real malware expert coming up in any broadcast about this matter? And oh yes, who told the press that the attack actually came from the Russian maffia ...