Information Security News mailing list archives
Hacker heat
From: InfoSec News <isn () C4I ORG>
Date: Wed, 13 Dec 2000 01:38:30 -0600
http://insurancenewsnet.co.uk./article.asp?a=1&newsid=CoICWue9GnJuWodqZntm Stephen Nickson December 1, 2000 Risk Management The summer in England was even colder, wetter and shorter than usual. The only real heat was indoors and it came from hackers. Both Prudential's Egg online bank and Barclays online service accounts suffered much-publicized breaches that exposed this new sector's susceptibility to cyberattacks and highlighted the negative effects such exposures can have on a company's bottom line. In Prudential's case, professional hackers created false accounts in an attempt to secure loans. Barclays iBanking customers were able to view other customers' accounts. Fortunately, no assets were stolen, but a few heartbeats were quickened as stock prices fluctuated. "For British consumers, there is a real concern over who is seeing their information and how secure it is," says a National Banking Council spokesperson. "If people can't trust in their banks to protect their privacy, then bells and whistles on a banking Web site aren't going to have any effect. People will stay away." Solutions have been stifled by customers who do not like advanced identification systems because they must be periodically updated, which requires vigilance on their part. But banks that do not update their technology and force this annoying aspect of online banking on consumers risk damage to reputation and brand, which can be far more significant than the direct financial loss from security-related losses. Personal finance cyberproblems in the United States have largely centered on Internet brokerages, as more Americans trade stock than bank online. Prudential's British online banking services has 1.1 million customers, more than all U.S. Internetonly banks combined. But as Internet banking and brokerage services become more popular in the United States, American banks will increasingly find themselves the targets of sophisticated criminals. Many banks could be doing a lot more to make their systems secure. "A solid backend system can foil most hackers," says Gene Ozgar, a partner with KPMG's information risk management practice. "But many large banks build their Internet banking sites using old legacy computer systems, with focus on jazzy front-ends." Without solid, well-secured back-end systems, however inconvenient they are for consumers, American online banking could suffer the same loss of face that Barclay's and Prudential suffered in England. "A hacker doesn't have to be a computer genius to break into the systems that are prevalent today," says Ozgar. "They just have to be persistent." ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Hacker heat InfoSec News (Dec 13)