funsec mailing list archives
Ocean's 14 - high-speed bank fraud at casinos
From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 5 Nov 2012 07:41:20 -0500
I'm amazed that Citbank has such a fundamental defect in their transaction processing. Wait, no I'm not... http://www.h-online.com/security/news/item/Ocean-s-14-high-speed-bank-fraud-at-casinos-1741079.html Criminals have used a bit of trickery to rob $1 million from Citibank. The criminals found out that they could withdraw many times the deposited amount in a bank account if they operate in parallel and within a very narrow time window. To exploit the vulnerability, the robbers had to be very precise and withdraw identical sums within 60 seconds. In this time window, Citibank didn't detect that the withdrawn amounts were many times higher than the available balance. This was possible due to a flaw in Citibank's security protocol for electronic transactions. According to a report from The Press-Enterprise, the vulnerability has now been closed. Apart from group leader Ara Keshishyan, 13 other individuals were involved in the bank fraud. Keshishyan opened accounts with an initial deposit of around $10,000 that were subsequently raided via special cash machines in at least eleven different casinos in the US States of California and Nevada. To avoid US federal reporting requirements for financial transactions, the criminals never withdrew more than $10,000. They spent the money where they stole it, using it to gamble and sometimes even enjoying free accommodation in the casinos due to their "high roller" status. ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Ocean's 14 - high-speed bank fraud at casinos Jeffrey Walton (Nov 05)