It has all the elements of a first-rate thriller: Russian hackers, government spooks, nefarious software called Black Energy. Except it's real:
The threat was initially detected by U.S. investigators who saw suspicious traffic coming from Internet addresses that had been used by the Russian Business Network, a Russian gang that has sold hacking tools and software for accessing U.S. government systems.Citigroup (C) denies it lost any money. But this wouldn't be the first such incident. Hackers earlier this year stole $9.5 million from ATMs, while online thieves in 2007 hit a Swedish bank for $1.1 million. Another Russian hacker in 1994 took Citi for more than $10 million, according to the Journal story.
Security officials worry that, beyond stealing money, hackers could try to manipulate or destroy data, wreaking havoc on the banking system. When intruders get into one bank, officials say, they may be able to blaze a trail into others.
The latest attack on the New York financial giant reportedly used a form of so-called "crimeware," which lets thieves steal people's account passwords, log their keyboard strokes or capture data on a computer screen.
Even the feds aren't safe. Hackers recently distributed a message claiming to be from the FDIC that, if readers clicked on a link, ripped off bank account and other confidential info. Said one computer expert of the scam:
"The cyber criminals behind this spam have gone to great lengths to mimic the logos and look of FDIC communications, including going so far as to forge an official FDIC email address in an effort to confuse consumers into following links and downloading harmful programs."Which reminds me -- time for a new mattress.