The Strategist

The largest US banks unite to deal with hackers

08/11/2016 - 14:24

Eight major US banks are planning to join together as a single organization to fight off cyber-attacks more effectively. All of them are already members of Financial Services Information Sharing & Analysis Center, which brings together about 7 thousand financial organizations around the world. Yet, the industry giants consider such a large-scale form of cooperation inefficient.

by The Preiser Project Hacker
by The Preiser Project Hacker
Eight largest US banks have decided to unite and create an organization to combat cybercrime, according to The Wall Street Journal. Within the framework of this organization, they will step up their activities in the field of information exchange and develop countermeasures.

The union will bring together JPMorgan Chase, Bank of America, Goldman Sachs, Bank of New York Mellon, Citigroup, Morgan Stanley, State Street and Wells Fargo & Co. All of them are already part of a larger organization - Financial Services Information Sharing & Analysis Center, which consociates about 7 thousand banks and pursues the same objectives. However, large financial institutions have decided that they need to stand out in a separate group since they are the most coveted prize for hackers.

Every year, the problem of data protection in cyberspace is becoming more and more urgent for the banking industry. According to IBM’s report, presented in May, the US financial sector was the third by number in a list of cyber-attacks committed last year. The first and the second places are occupied by the healthcare system and the industrial sector, respectively. In June, it became known that attackers committed more than 50 successful attacks on the US Federal Reserve during the last five years. Their most resounding success was theft of about $ 81 million from the Central Bank of Bangladesh accounts at the Federal Reserve Bank in New York in March 2016. Another two cases of electronic pickpocketing were recorded at different times in Vietnam and Ecuador.

Remote Banking Services (RBS) are the most attractive target for hackers. They carefully select banks with a large turnover of funds in RBS, and attack their systems.

When digital signature keys were stored on a flash drive or a computer, identity theft could be committed immediately and very simply. Having realized this, banks switched to tokens, compact USB-charms that serve to authenticate a user and give secure remote access to data. Yet, even this was not a panacea. Carberp hacker soon created a suitable computer virus to bypass the security system and imperceptible substitute account details in bank transfer orders.

Trying to protect their customers, the banks began to use one-time passwords sent by SMS to the card or account holder. In response, attackers successfully introduced social engineering and phishing pages, similar to real websites of banks. 

As for the thefts committed by companies, the scheme is quite simple. A malefactor obtains cash, infects a computer with virus and blames the malicious software in the theft.