Hacker News new | ask | show | jobs
by staunch 4415 days ago
http://articles.latimes.com/2013/jun/13/business/la-fi-mo-ba...

"Hackers allegedly targeted 15 financial institutions, including JPMorgan Chase & Co., Citigroup Inc. and E-Trade...The other compromised banks and financial services providers were Aon Hewitt, Automated Data Processing Inc., Electronic Payments Inc., Fundtech Holdings, iPayment Inc., Nordstrom Bank, PayPal, TD Ameritrade Corp., the U.S. Defense Department’s Defense Finance and Accounting Service, TIAA-CREF, USAA and Veracity Payment Solutions Inc."

They're absolute shit at security and any suggestion to the contrary is pure ignorance.
1 comments
ZenPro 4415 days ago
I think you need to learn to read. None of these banks were hacked as the editorial misleads. The victims were actually part of a huge phishing and identity theft campaign.

>> In a criminal complaint, authorities allege that the defendants transferred money from victims' bank accounts to pre-paid debit cards. They took the debit cards to ATMs to cash them out or used them to make purchases across the country. Much of the money that was cashed out was wired to the two leaders.

>> Some of those debit cards were secured in the names of individuals who had their identities stolen by the defendants, the complaint says That allowed the group to file fraudulent tax returns in an attempt to obtain undeserved refunds.

Can you direct me to the part of the incident whereby the financial institution had it's integrity compromised due to superior penetration techniques circumventing internal bank security measures?

The compromise came about through bank customers disclosing personal information.

This is Hacker News - not Reddit. Claiming that banking institutions, who are in direct compliance with worldwide security standards are "absolute shit at security" is just juvenile ranting.

Post genuine case studies and security insights if you have them.

link
staunch 4415 days ago
> This is Hacker News - not Reddit.

In the past on HN (I've been here slightly longer than you) I doubt anyone would even consider challenging the idea that banks can't secure their user's data. It used to be a bunch of very technical people who have seen inside the various sausage factories.

The fact that you think banks being "...in direct compliance with worldwide security standards" means they are able to secure their customer's data is truly laughable. I mean that literally, if you said it to any credible security expert they would probably think it was sarcasm and laugh with you.

If you want to set a standard of proof we can actually debate this. What would it take to convince you that banks don't do a good job of protecting the privacy of their customer's data? I can generate like 3 links every 10 seconds on Google.

http://www.computerweekly.com/news/2240208933/More-than-half...

http://www.huffingtonpost.com/2013/09/20/barclays-bank-cyber...

http://www.nytimes.com/2011/06/14/technology/14security.html...

link
ZenPro 4415 days ago
Well if you can find links to content on Google your hypothesis must be sound. Your comment is exactly the kind of elitist, generalised nonsense that should have no place on HN.

A few clarifications to help you out and keep you from ranting -

[1] Your current username has been slightly longer than my current username. Whether one or the other of us has been here longer is unknown.

[2] If being compliant with ISO 27001 is laughable to you then I await your superior system for the baseline of Information technology; Security techniques; Information security management systems and their Requirements, accredited by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

[3] If you have empirical data to back up your assertions post it. Huffington Post articles and LA Times articles which are technically illiterate are not empirical evidence.

[4] The majority of all technical accreditation and training programs including SANS, EC-Council, CISSP, CISA et al all utilise the ISO suite as a baseline.

[5] Your entire post reads as if you hate banks, you hate 27001 and you know of better established security practices than are currently in use by the worldwide banking industry.

A few facts for consideration -

[a] Assets of the largest 1,000 banks in 2008/2009 financial year were US$96.4 trillion. 96 Trillion.

[b] The United States alone has an estimated 82,000 banking branches spread across 7085 institutions.

[c] As of Nov 2009, China's top 4 banks have in excess of 67,000 branches (ICBC:18000+, BOC:12000+, CCB:13000+, ABC:24000+) with an additional 140 smaller banks with an undetermined number of branches.

[d] Japan had 129 banks and 12,000 branches.

[e] In 2004, Germany, France, and Italy each had more than 30,000 branches—more than double the 15,000 branches in the UK.

Is your hypothesis really that banks have laughable security? Not a specific bank or a specific department of a specific bank but banks?

An industry worth a 96 thousand billion dollars (96,000,000,000,000) does not know how to secure customer data?

Interesting viewpoint you have and ludicrous. It is right up there with the sort of people that say things like "I hate all wines from California" or "All Microsoft products suck."

IE - Juvenile comments submitted to HN with no regard for accuracy, clarity or discernment.

link
staunch 4414 days ago
Virtually every major bank has let hackers steal their customer's data. You lose, chump, now fuck off.
link
ZenPro 4414 days ago
You lost the minute you resorted to the word virtually.

And flagged.

link