BULL STREET - The art of the Con

Mis-Routing Mis-Direction

According to Ira Winkler, Technology Director for the National Computer Security Association in Carlisle, Pa. misrouted transactions, usually criminally instigated, account for an estimated $2 to $3 billion a year in losses to banks. This type of bank heist was pulled off as early as 1994 by Russian programmers who cracked Citibank's system and launched $10 million into their own accounts. Although the bank indicates that a substantial amount of these funds were recovered, Citibank's admission of the break in became fodder for their competition to use in ads indicating the Bank's security systems left quite a lot to be desired. According to Time Magazine,[184] this plays havoc with law enforcement. "Most companies that have been electronically attacked won't talk to the press. A big concern is loss of public trust and image, not to mention the fear of encouraging copycat hackers…Almost all attacks go undetected-as many as 60% according to security experts. What's more, of the attacks that are exposed, maybe 15% are reported to law enforcement agencies. "

While many banks such as Chase use the more difficult to break, 128-bit encryption technology, others attempt to appeal to the majority of users that don't have this high level encryption installed on their machines. For some time, for example, Nations-Bank used 40-bit encryption, security that can be breached by run of the mill hackers in less than 4 hours.[185] The theory of using low level encryption in spite of the obvious security problems related to it is obvious. The bank was appealing to the majority of people that did not have higher levels of security. Thus, the bank was creating a compromise between maximizing its business and potentially incurring a substantial financial hit. A somewhat unique compromise.

Moreover, let us say that you are a criminal and the bank is fairly diligent. Even the conscientious bank is comfortable with automatic bill paying features. So let us assume that you set up a fictitious utility account in the victim's name at his online bank. Let us say that it is a phone system now has direct payment at their own American Bank, which in turn is acting for a foreign bank where the account really resides. Although the amounts that can be taken are not humongous, there is currently no defense for this type of Internet based crime. That is exactly the reason that the crime is so successful, the victim sees a charge by, let us say, Consolidated Electric for $18,75 on his account and confuses that with Consolidated Edison. It is only after several months that it dawns upon the victim that it is not one and the same.

A corollary to this type of crime is the theft of massive amounts of money from AT&T by enterprising hackers in Moldova, who transferred telephone calls to porn lines from the U.S. to a 900 number in that country. People found that even when they disconnected from the net, the phone line continued to charge their account and in some cases, person-to-person charges to Moldova continued for several days. More recently, AT&T, GTE, and ""Sprint, among others, were broken into by hackers-for-hire and hit them for over $2 million." [186]



2005 Chapman, Spira & Carson, LLC
111 Broadway. New York, NY. 10006 Tel: 212.425.6100 - Fax: 212.425.6229

Terms of Use  |  Privacy Policy  |  Email