[Moderator: "changed the firewall password to prevent further.." If a
bank is relying on a single firewall as the only means of stopping this
kind of transaction...]
From: Nicholas Charles Brawn <ncb05@uow.edu.au>
01Dec98 TAIWAN: HACKERS SNEAK NT$50M OUT OF TAIPEI BANK (421).
A hacker broke into a Taiwan bank's computer system and successfully
transferred NT$50 million to a foreign savings account, according to the
United Evening News, but the bank in question did not report the theft,
fearing its credit rating would suffer or depositors would panic.
The Taipei bank's staff discovered somebody was able to enter the bank's
Internet computer system and wire the funds to a foreign account. The
discovery was made a day after the transfer. By this time, the remitted
funds had already been withdrawn from the foreign bank.
At this point, the bank changed the "firewall" password to avoid further
thefts, the paper said.
Police visited the bank upon hearing of the heist, but were told by a bank
official the bank's board of directors had decided to absorb the loss
without reporting it because it did not want its clients to panic. The
official added that the NT$50 million loss would not unduly affect the
bank's annual profits estimated in the billions of New Taiwan dollars.
Police did find out that the hacker was able to gain access to the auditor
code of a second level supervisor at the bank to access the third level of
security of the bank's Internet system.
Police believe that because the security system was designed to be
impenetrable to hackers, the theft was committed either by the installers
of the system or technical staff at the bank. They are continuing with
their investigation.
Staff members at various banks were not surprised by the theft, the paper
said. In order to protect against hackers, banks install firewalls at each
level of security. There are firewalls to keep outsiders from breaking
into the general banking system and there are firewalls to protect against
infiltration of higher levels of security by low-level employees.
Once these barriers are penetrated, bank workers told the paper, there is
nothing that a thief could not take.
Banks are weary of expanding Internet banking transactions because
computer systems are not yet hacker-proof. To date, clients are limited to
moving funds between their bank accounts using the Internet.
CHINA NEWS 01/12/1998
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Dec 8 09:00:28 1998