Tag Archives: Citigroup

US Banks Hit by Largest Cyber Attack Ever (But Won’t Admit It)

Last week’s cyber attacks against US banks were more widespread than reported. In fact, it may have been the largest attack ever, industry experts say. According to Radware, a security firm that has investigated cyber intrusions on behalf of financial firms, roughly a half-dozen institutions endured digital assaults at around the same time, Tuesday. But only JPMorgan Chase (JPM) and BB&T (BBT) have so far confirmed the incident.

“If you have a leak in a boat, you can build a bigger boat so the leaks won’t mathematically sink your boat. That’s been fundamentally the process many folks have been taking.”

Carl Herberger

Cyber-Fighters-of-Izz-al-Din-al-Qassam

The attacks followed a threat earlier Tuesday by the al-Qassam Cyber Fighters, a group that has claimed responsibility for a series of incursions since September that have bogged down websites at some of the nation’s biggest banks and prevented customers from accessing their accounts. Tuesday’s attacks “were the largest attacks we’ve seen to date in scale,” says Carl Herberger, vice president of security solutions at Radware.

The group, which has vowed to continue its campaign until YouTube takes down a trailer for an anti-Muslim film, said it would target JPMorgan Chase, Bank of America (BAC), Citibank (NYSE:C), PNC Financial (PNC), Fifth Third Bancorp (FITB), Union Bank, BB&T (BBT) and Capital One (COF) for another round of assaults, AmericanBanker.com reports.

“The one that was advertised to the world was Chase, but I can tell you that almost on an hourly basis banks were being attacked, which is a very substantial campaign.”

“If you actually measure the response time of some of these banks that are being attacked, you can see that they are under duress,” Herberger says. Adding: “Most of them labored for hours on end with little or no response.”

Herberger declined to say which banks beside Chase weathered attacks on Tuesday, citing confidentiality agreements between Radware and its clients.

BB&T spokeswoman Merrie Tolbert said in an email that the Winston-Salem, N.C., bank “experienced intermittent outages yesterday” but said the bank was able to restore service quickly. Daniel Weidman, a spokesman for Union Bank, said in an email the bank’s website also “experienced intermittent outages” on Tuesday before resuming regular operation.

Citigroup, Fifth Third and Capital One spokespeople said their companies’ websites functioned normally on Tuesday. Bank of America’s websites also continued to operate without incident, according to a source close to the company.

“If you have a leak in a boat, you can build a bigger boat so the leaks won’t mathematically sink your boat. That’s been fundamentally the process many folks have been taking. We see few instances of fixing the leak, “Herberger says.

While banks continue to take steps to strengthen security, hackers continue to hone their capabilities and can outmatch banks’ best efforts to deter them, experts say.

ddos-attacks-by-muslim-cyber-fighters-infographic

.

Can Be A Diversion

IT employees at banks are dealing with malicious coders at all ends.

Depositories are being targeted by both denial of service attacks, in which botnets bombard a financial services company’s website in order to shut it down and disrupt services to customer; and invasive malware that infects customers’ sometimes insecure devices and compromises their accounts.

Often denial of service attacks “can be a diversion,” says Dave Ostertag, a computer security expert and a global investigation manager with Verizon. At the same time, criminals might be trying to extract financial information from a bank using a variety of different techniques, he says.

There are, of course, prescriptions banks can follow in order to block some fraudulent money transfers.

Sergio Fidalgo, BBVA Compass‘ chief information officer, says his bank hedges against instances of high-tech theft by inserting people and processes into transactions. “There is not a single point of failure in which we rely on from a security perspective,” he says. “It’s not just about detecting, preventing and fighting the attacks… we have procedures that have to be strictly met when we talk about money leaving the bank.”

Human beings, however, can only catch so much, says Barak Eilam, president of Israeli tech vendor NICE Systems for the Americas.

Eilam stresses that though computers can only do so much, they certainly pare down what could be indomitable threats to banks by flagging suspicious activity. “Because of banks’ scale, complexity, and sophistication … this is where technology comes in place,” Eilam says. “Technology helps.”

Even then, people will always be susceptible to social engineering attacks in which hackers pick up just enough information about a person to fool a bank employee into moving a victim’s money, or worse.

Still, as Herberger sees it, banks continue to play catch-up:

“How is it we’ve gotten to the point where we’ve had the largest financial institutions, the most handsome security departments and all of the regulators, where there was a risk to begin with and numerous vulnerabilities that are exploitable, and yet we haven’t been able to resolve it?”

Good question. And still there are some who don’t understand why there’s a lack of confidence in the financial markets?

FULL POST@AmericanBanker.com

Related by econoTwist’s:

3 Comments

Filed under International Econnomic Politics, Laws and Regulations, National Economic Politics, Technology

Citibank Hacked: 200.000 Credit Card Numbers Stolen, May Affect 20 Million Customers

Citigroup Inc says computer hackers has breached the bank‘s network and accessed the data of about 200.000 bank card holders in North America, the latest of a string of cyber attacks on high-profile companies. The data theft may affect more than 20 million customers.  How many incidents like this do we need before the industry and it’s regulators realize what we’re up against?

“For the security of these customers, we are not disclosing further details.”

Sean Kevelighan

According to Financial Times did the data theft happen in early May this year. And like Sony, Citigroup have not bothered to tell their customers and the public about it before now – about a month later. Well, Nasdaq Stock Exchange waited a whole year before they told their customers that their computer system had been compromised….

Citigroup – once the largest financial firm in the world – says the names of customers, account numbers and contact information, including email addresses, were viewed in the breach, Reuters writes.

However, the bank points out that other information such as birth dates, social security numbers, card expiration dates and card security codes (CVV) were not compromised.

“We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event,” Sean Kevelighan, a US-based spokesman, says in an email.

“For the security of these customers, we are not disclosing further details.”

In the brief email statement, Citi do not say how the breach has occurred.

Very comforting, indeed.

Reuters also quote another Citi spokesman, James Griffiths in Hong Kong, saying that the breach has affected 1 percent of North American card customers, which the bank’s annual report totals 21 million.

So, what is it? 200.000 or 20 million? It kinda makes a little difference, don’t you think?

And like the Japanese electronics and entertainment group Sony, which declared several security breaches of its networks earlier this year, Citi might come under fire for not telling customers sooner.

“It may be the bank’s business, but it’s the consumer’s personal information so consumers deserve to be told about security breaches immediately,” Dan Simpson, a spokesman for Australia’s Consumer Action Law Center, an advocacy group, says in a comment.

“It’s hard to see any reason why this sort of breach couldn’t have been disclosed much sooner.”

Read the full story at Reuters.

Related by the Econotwist’s:

13 Comments

Filed under Technology

Citi-Split May Trigger Margin Calls

According to a market statement, Citigroup will have a reverse stock split effective after the close of trading on May 6, 2011, and Citigroup’s common stock will begin trading on a split adjusted basis on the New York Stock Exchange at the opening of trading on Monday morning. If you’re in the market you should check your mailbox.

If a corporate action materializes, the client accepts that FxPro reserves the right to make appropriate adjustments to the value and/or the size of a transaction and/or number of any related transactions.

FxPro Financial Services


Although I’m not trading, I receive many of the same alert that ordinary investors do. This morning I got a warning of a possible margin call from the online broker FxPro Financial Services.

The following statement was issued Friday afternoon through the usual market information channels:

Please note that Citigroup Inc. (NYSE: C) will have a reverse stock split which will be effective after the close of trading on May 6, 2011, and that Citigroup Inc. common stock will begin trading on a split adjusted basis on the New York Stock Exchange (NYSE) at the opening of trading on May 9, 2011. When the reverse stock split becomes effective, every (10) ten shares of issued and outstanding Citigroup common stock will be automatically combined into (1) one issued and outstanding share of common stock without any change in the par value per share.

The following small print message was also attached:

Note: A reverse stock split reduces the number of shares in the market and increases the share price proportionately. For example in a 1:10 reverse stock split the number of shares in the market is reduced by 10 times and stock price increases by 10 times (although the opening price after a reverse split may have a deviation from this price).

The result of a maneuver like this is a reduction in the number of a corporation’s shares outstanding that increases the par value of its stock, or its earnings per share.
The market value of the total number of shares (market capitalization) remains the same.
For example, a 1-for-2 reverse split means you get half as many shares, but at twice the price.
It’s usually a bad sign if a company is forced to reverse split – firms do it to make their stock look more valuable when, in fact, nothing has changed.
A company may also do a reverse split to avoid being delisted.
Thou, I can’t really imagine Citigroup being delisted on NYSE – that would really stir the pot, I guess…
A 17 percent plunge in the Citigroup share price last Friday triggered a five-minute trading pause.
It also triggered at debate about the three-week old curcit=braker system that’s been implemented.
Whether the drop in Citigroup’s market value was justified or not, didn’t seem to bother anyone…
Anyway –  this morning I received the following notice from the online broker FxPro:
FxPro Terms and Conditions (CORPORATE ACTIONS 8.1):

If a corporate action materializes, the client accepts that FxPro reserves the right to make appropriate adjustments to the value and/ or the size of a transaction and/ or number of any related transactions; any such adjustment aims in preserving the economic equivalent of the rights and obligations of both the client and the Firm immediately prior to a corporate action. It should be noted that these adjustments are conclusive and binding upon the client; the client will be informed accordingly by the Firm as soon as reasonably practicable.

Thank you for your collaboration.

Sincerely yours,
Dealing Desk,
FxPro Financial Services Ltd.

Well, it doesn’t matter much to me, but I guess if you’re in the market, either directly as an investor in Citigroup, or indirectly by EFT‘s, CFD’s or other derivatives, you should check your mailbox immediately to avoid any nasty surprises on Monday morning.


3 Comments

Filed under Uncategorized