Does your Security supervisor play cards?

Does your Security supervisor play cards?

Target $423 million USD.at Toshiba International, Nomura 

Asset Management, Mitsui OSK Lines and Sumitomo 

Chemical.

They were going to transfer funds to accounts in Spain,

Dubai, Hong Kong and Singapore.

Returning to work after the weekend break, Sumitomo 

staff noticed that PCs had been tampered with.

"We quickly established something untoward had 

happened when we checked the CCTV footage and 

discovered tampering," Kirby told El Reg. "The 

sensitivity had been altered, turned down, so that the 

cameras didn't record what was happening on the 

trading floor."

Security supervisor Kevin O'Donoghue, 34, became 

a key suspect once it was realised that computers were 

tampered with over the weekend.

He had a couple of friends in a few times.

When challenged by other workers, O'Donoghue claimed 

the pair were there only for a card game.

Later, he claimed he was coerced into driving the two 

hacking suspects to the bank and letting them in.

Id only as Laptop and Ponytail. 

The compromised PCs were formatted in a failed, 

rather crude attempt to destroy evidence.

How did these Uber Super Hackers get

access to the to the Secret passwords

even O'Donoghue, security supervisor

didn't know. The audacious Mission Impossible-style

got access but failed. Where is Tom Cruise when

you need him?

It was established the hackers obtained

total access to all the passwords they 

needed to pull the theft of the century.

Why did they fail?

The details of the crime have been released.

They used commercial keystroke-logging software - 

not spyware or specialist hardware to capture usernames 

and passwords needed to make Swift bank transfers.,

"It was a standard key-logger available on the net from a reputable firm of the type parents use to keep an eye on their children," Kirby said. "The use of legitimate technology meant the software was not picked up by anti-virus scanners. And there was no traffic going into or out of the network so it couldn't be detected that way." The software used in the scam, iOpus Starr, is normally used for remote surveillance of networked PCs.

The crooks obtained two sets of Swift login credentials, one 

for an ordinary user and one for a supervisor account, 

needed to authorise transactions, from two machines. 

They had also tested the software on another machine. 

The compromised PCs were then formatted in a failed, 

attempt to destroy evidence.

These stolen login credentials were used in an unsuccessful 

attempt to transfer money to ten overseas accounts under 

the control of the master criminals a month later.

So why did the cyber robbery FAIL?

Errors in completing one of the fields in the Swift system 

used to make transfers. 

( as a broker the biggest wire

transfer I ever did for a client was 3 million dollars, this was

$423 million. G)

If they had filled out the cyber forms correctly then they

would have stolen $423 million USD.

Read the rest of the story here: SOURCE:

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

They were not uber hackers at all.

Off the shelf software and inside access.

But they were too stupid to understand 

how to fill out the forms.

SEX, yes there is some sex in the story.

Soho sex shop owner David Nash, 47, of 

Durrington, West Sussex, as suspects in 

setting up an international network of bank 

accounts used in the scam.

Hmm sex shop, international network of bank 

accounts??? Something going on there too.

And, Frenchman Gilles Poelvoorde, 35. Poelvoorde 

(Ponytail) was arrested with a USB stick that had the 

same digital fingerprint as the key-logging program 

used in the Sumitomo scam, along with instructions 

on how to carry out the same hack on another bank 

outside the UK.

Thats kind of like keeping the guns you used to

shoot someone, these guys were not smart.

Its going to happen just a question of when,

not if.

Does your IT security play cards?

Gerald

Anthropologist

.