Apparently, the heist couldn’t have been any simpler if it had been drawn up in the lunch line at an elementary school cafeteria.
In February, Bangladesh’s central bank saw $81 million disappear out a virtual window. Now it’s been revealed that, although the computer hackers used custom-made malware, they probably didn’t need to work up a cyber sweat while pulling off their long-distance theft. The bank had no firewalls to defend against intruders and its computers were linked to global-financial networks through second-hand routers that cost $10.
“It’s stunning that a major institution would leave itself so defenseless in this day and age when everyone should know that cyber criminals are waiting for you to let your guard down,” says Gary S. Miliefsky, CEO of SnoopWall (www.snoopwall.com), a company that specializes in cyber security.
But he says the episode can serve as a cautionary tale for other banks and any businesses that want to protect themselves against today’s cyber versions of Bonnie and Clyde.
“Most companies have some vulnerability and it doesn’t take a sophisticated attack to cause a security breach,” Miliefsky says. “Often on the hackers’ end of things, it just takes patience.”
For example, he says, a cyber criminal can gain access by sending a company an email with an attachment called a Remote Access Trojan, or RAT, that looks like a normal file. All it takes is for an unsuspecting employee to open that file and, voila, security is compromised.
That’s bad for companies, of course, but it’s also bad for consumers, whose bank account, credit card and other private information is at risk.
Miliefsky says it’s important to go on the offensive. Among his recommendations:
“Most people log onto the Internet every day without much thought about how susceptible they are to being hacked,” Miliefsky says. “It takes vigilance to protect yourself against cyber criminals who are working hard to figure their way around security measures.”
About Gary S. Miliefsky
Gary S. Miliefsky is founder of SnoopWall Inc. (www.snoopwall.com), a cutting edge counter-intelligence technology company offering free consumer-based software to secure personal data on cellphones and tablets, while generating revenues helping banks and government agencies secure their networks. He has been active in the INFOSEC arena, as the Executive Producer of Cyber Defense Magazine and a regular contributor to Hakin9 Magazine.