Hackers Lifting Cash Directly From Bank of England

Well, the rubicon had to be crossed at some point, I guess.

Up until now, if hackers, attackers, and good ol-fashioned crackers wanted to get their hands on your data, they had to go the long way around first. Install a keylogger, wait patiently for you to do some online shopping, and then take the opportunity to strike. Once they have your credit card, they can go on fully-insured spending sprees that 90% of the time are refunded by the bank, covered by the FDIC, and footed by the taxpayer of any given government.

Now however, it seems a small group of dastardly digital thieves have found a way to blow the vault doors of the metaphorical bank, opening up servers of several small financial institutions in the Bank of England network through the use of standard DDOS attacks.

“Cyber attack has continued to threaten to disrupt the financial system. In the past six months, several UK banks and financial market infrastructures have experienced cyber attacks, some of which have disrupted services.

While losses have been small relative to UK banks’ operational risk capital requirements, they have revealed vulnerabilities. If these vulnerabilities were exploited to disrupt services, then the cost to the financial system could be significant and borne by a large number of institutions.”

Of course, banks aren’t taking this threat lying down, and just last month hosted a “cyber war-games” in London, codename Walking Shark II, to prove the readiness of their IT staff and the capabilities of their security software. These displays are meant to instill confidence in investors and families alike, showing that even if the top criminals in the world wanted to get in and loot the place, they aren’t going to make it easy.

Due to the financial crisis of 2008, many financial institutions in the UK have focused on the risk posed by toxic assets, rather than those of a computational variety, but that doesn’t mean they’ll be easily caught with their pants around their ankles.

Peter Armstrong, director of cyber security at Thales UK, said banks need to move towards more integrated cyber defences. Placing particular emphasis on the need to retrain staff members and hire new departments to shield themselves against the coming threat, Armstrong suggests the current system, while stable, won’t remain so forever.

To keep your identity and financial information from being stolen, always use an VPN service to hide your traffic and stay under the radar of data sniffers.