Ocean’s Once
In April 2018, hackers stole the equivalent of $15 million from Mexican banks — and now we know how they probably did it.
Penetration tester and security advisor Josu Loza was one of the experts called in to respond to the April heist, and on March 8 he presented his findings at the RSA Security conference in San Francisco.
Based on his analysis, Mexico’s central bank wasn’t doing nearly enough to protect its clients’ money — but other financial institutions could avoid the same fate if they’re willing to work together.
Easy Money
On Friday, Wired published a story detailing the information Loza shared with the audience at RSA’s conference. Based on his assessment, the success of the heist was due to a combination of expert bank hackers willing to spend months planning their crime and a banking network rife with security holes.
During the presentation, Loza made the case that the hackers might have accessed the Banco de México’s internal servers from the public internet, or perhaps launched phishing attacks on bank executives or employees to gain access.
Regardless of how they first got access, Loza said, the main problem was putting too many eggs in one security basket. Because many of the networks lacked adequate segmentation and access controls, he argued, a single breach could provide the bank hackers with extensive access.
That enabled them to lay the groundwork to eventually make numerous money transfers in smaller amounts, perhaps $5,000 or so, to accounts under their control. They’d then pay hundreds of “cash mules” each a small sum — Loza estimated that $260 might be enough — to withdraw the money for them.
Cyber Insecurity
The bank hackers are still at large, but the heist appears to have served as a wake-up call for the Banco de México.
“From last year to today the focus has been implementing controls. Control, control, control,” Lazo said during his presentation, according to Wired. “And I think the attacks aren’t happening today because of it.”
He also noted the need for companies to collaborate to defend against cyberattacks.
“Mexican people need to start to work together. All the institutions need to cooperate more,” Loza said. “The main problem on cybersecurity is that we don’t share knowledge and information or talk about attacks enough. People don’t want to make details about incidents public.”
READ MORE: HOW HACKERS PULLED OFF A $20 MILLION MEXICAN BANK HEIST [Wired]
More on hacking: Hacker Figures out How to Drain $1 Million in Cash From ATM
The post Here’s How Hackers Stole $15 Million From Mexican Banks appeared first on Futurism.
See the original post:
Here’s How Hackers Stole $15 Million From Mexican Banks
- Futurist Serata featuring artist Luca Buvoli at Brown (Nov. 20) - November 7th, 2009 [November 7th, 2009]
- FUTUR1SM00GGI - November 8th, 2009 [November 8th, 2009]
- ‘Futurism on Film’ Series this month in NYC - November 8th, 2009 [November 8th, 2009]
- Schedule of Futurist Events in NYC (PERFORMA 09: Nov 1-22) - November 8th, 2009 [November 8th, 2009]
- ‘Futurismo/Futurizm: The Futurist Avant-Garde in Italy and Russia’ (Nov. 13 + 14) - November 8th, 2009 [November 8th, 2009]
- ‘Beyond Futurism: F.T. Marinetti, Writer’ conference at Columbia (Nov. 12+13) - November 8th, 2009 [November 8th, 2009]
- Futurism and Cars at the Museo Nicolis - November 8th, 2009 [November 8th, 2009]
- MoMA Film Series Marks Centenary of Futurism with Films - November 8th, 2009 [November 8th, 2009]
- ‘Bergson+Futurism. Speed in thought’ - Madrid (Nov. 5) - November 8th, 2009 [November 8th, 2009]
- ‘The Future in Five Senses: Echoes of Italian Futurism in New York Architecture and Design’ Nov. 16th NYC - November 8th, 2009 [November 8th, 2009]
- New World-Wide Climate Treaty in 2010 More Likely - November 8th, 2009 [November 8th, 2009]
- Tar Sands CCS Myth Shattered - November 8th, 2009 [November 8th, 2009]
- Smart Grid and Smart Meters Get Big Grants - November 8th, 2009 [November 8th, 2009]
- Pollution Makes Methane Even More Dangerous - November 8th, 2009 [November 8th, 2009]
- Climate Change Bill Hearing Video - November 8th, 2009 [November 8th, 2009]
- New Satellite to Monitor Water and Plant Growth - November 8th, 2009 [November 8th, 2009]
- Spiritual Battle Awaits the Deniers and Skeptics - November 8th, 2009 [November 8th, 2009]
- Effects of Climate Change are Observed World-Wide - November 8th, 2009 [November 8th, 2009]
- Get Yer Global Warming Science Here - November 8th, 2009 [November 8th, 2009]
- TckTckTck Wake up Call — Delay Kills - November 8th, 2009 [November 8th, 2009]
- Canada’s Awful Gold Rush - November 8th, 2009 [November 8th, 2009]
- Climate Change Talks Spark Global Backlash by Businesses - November 8th, 2009 [November 8th, 2009]
- World May Need Extra Year for Climate Treaty - November 8th, 2009 [November 8th, 2009]
- Senator Boxer Moves Climate Bill Despite Republican Obstructionism - November 8th, 2009 [November 8th, 2009]
- Lights out for incandescent lights? - November 8th, 2009 [November 8th, 2009]
- Sutures from Bacteria - November 8th, 2009 [November 8th, 2009]
- Remote-Controlled Pigeons - November 8th, 2009 [November 8th, 2009]
- Apple Announces iPhone Release Date - November 8th, 2009 [November 8th, 2009]
- UK Government Envisions a Grim Future - November 8th, 2009 [November 8th, 2009]
- Top Ten Emerging Technologies for the Environment - November 8th, 2009 [November 8th, 2009]
- DIY Mobile Networks - November 8th, 2009 [November 8th, 2009]
- Stem-Cell Treatment Cures Type 1 Diabetes - November 8th, 2009 [November 8th, 2009]
- Is Tesla Getting the Electric Car Right? - November 8th, 2009 [November 8th, 2009]
- The Future of TV News - November 8th, 2009 [November 8th, 2009]
- Bruce Sterling on Earth-Friendly Pervasive Computing - November 8th, 2009 [November 8th, 2009]
- First Step Toward Organ Regeneration in Humans - November 8th, 2009 [November 8th, 2009]
- IBM's "Five in Five" - November 8th, 2009 [November 8th, 2009]
- Outsourced Journalism - November 8th, 2009 [November 8th, 2009]
- Is True Global Democracy the Next Great Political Movement? - November 8th, 2009 [November 8th, 2009]
- The Risks of Autonomous Robots - November 8th, 2009 [November 8th, 2009]
- Microsoft Introduces "Tabletop" PC - November 8th, 2009 [November 8th, 2009]
- Britain Piloting First Biofueled Train - November 8th, 2009 [November 8th, 2009]
- Self-Healing Plastic - November 8th, 2009 [November 8th, 2009]
- Bird Population Falls Over Past 40 Years - November 8th, 2009 [November 8th, 2009]
- The iPhone Revolution? - November 8th, 2009 [November 8th, 2009]
- The End of "Cheap Food"? - November 8th, 2009 [November 8th, 2009]
- How to Stop -- Or Live With -- Global Warming - November 8th, 2009 [November 8th, 2009]
- MIT Demonstrates "Wireless Electricity" - November 8th, 2009 [November 8th, 2009]
- Unintended Consequences of Biofuels - November 8th, 2009 [November 8th, 2009]
- Time to Focus on the Big Picture in Copenhagen - December 12th, 2009 [December 12th, 2009]
- Protests in Copenhagen - December 12th, 2009 [December 12th, 2009]
- Mario Guido Dal Monte exhibit - December 13th, 2009 [December 13th, 2009]
- Futurism News Bulletin, xvi - December 13th, 2009 [December 13th, 2009]
- Viva il Futurismo! (video trailer) - December 13th, 2009 [December 13th, 2009]
- 3 exhibits in Gorizia! - December 13th, 2009 [December 13th, 2009]
- Forthcoming: ‘Antidiets of the Avant-garde’ by Cecilia Novero - December 13th, 2009 [December 13th, 2009]
- Pubblicità e propaganda. Ceramica e grafica futuriste at the Wolfsoniana - December 13th, 2009 [December 13th, 2009]
- Balla’s home scheduled to open in 2010 - December 13th, 2009 [December 13th, 2009]
- Futurismo a Savona - December 13th, 2009 [December 13th, 2009]
- ‘Zang Sud Sud’, Cosenza - December 13th, 2009 [December 13th, 2009]
- Conference in Rome (Dec. 10) - December 13th, 2009 [December 13th, 2009]
- Climate Hackergate: A Well-Orchestrated Campaign of Harassment - December 13th, 2009 [December 13th, 2009]
- The Sad Story of Cap and Trade - December 13th, 2009 [December 13th, 2009]
- How to Waste Trillions on Capturing Carbon - December 13th, 2009 [December 13th, 2009]
- Smack the Email Hack Attack - December 13th, 2009 [December 13th, 2009]
- EPA About to Declare CO2 a Public Danger - December 13th, 2009 [December 13th, 2009]
- Copenhagen Summit Starts with Virtually There Media - December 13th, 2009 [December 13th, 2009]
- Climate Scientist Gets Blunt on Trading Scheme - December 13th, 2009 [December 13th, 2009]
- One Climate Change Editorial in 56 Newspapers, 45 Countries - December 13th, 2009 [December 13th, 2009]
- This Decade Will be Hottest Ever on Record - December 13th, 2009 [December 13th, 2009]
- Divide and Conquer - December 13th, 2009 [December 13th, 2009]
- Leave the Coal in the Hole! - December 13th, 2009 [December 13th, 2009]
- COP15: Two Agreements Coming - December 13th, 2009 [December 13th, 2009]
- Climate and Copenhagen News December 10 - December 13th, 2009 [December 13th, 2009]
- Sea Level Already Rising on Atlantic Coast - December 13th, 2009 [December 13th, 2009]
- ‘Umbria Veloce’ in Perugia - December 14th, 2009 [December 14th, 2009]
- An Instable CO2-Filled Ocean - December 14th, 2009 [December 14th, 2009]
- ‘Futurismi a Ravenna’ opens Dec. 19 - December 15th, 2009 [December 15th, 2009]
- ‘Futurism and the Technological Imagination’ – 30% discount until Jan. 15 - December 15th, 2009 [December 15th, 2009]
- Protecting Our Lungs at Copenhagen - December 15th, 2009 [December 15th, 2009]