InfoCommons

Maine Firm Sues Bank After $588,000 Cyber Heist

Posted in Information Security by coda on February 24, 2010

Brief facts: A construction firm in Maine is suing a local bank after cyber thieves stole more than a half million dollars from the company in a sophisticated online bank heist. On Friday, Sanford, Maine based Patco Construction Co. filed suit in York County Superior Court against Ocean Bank, a division of Bridgeport, Conn. based People’s United Bank. The lawsuit alleges that Ocean Bank did not do enough to prevent cyber crooks from transferring approximately $588,000 to dozens of co-conspirators throughout the United States over an eight-day period in May. People’s United Bank spokeswoman Valerie Carlson declined to comment for this story, saying the company is aware of the lawsuit but does not discuss pending litigation. According to the complaint, the fraudulent transfers began on Thursday, May 7, when thieves who had hijacked the company’s online banking credentials initiated a series of transfers totaling $56,594 to several individuals that had no prior businesses with Patco. The company alleges that this pattern of fraud continued each day of the following business week, during which time the thieves made additional batches of fraudulent transfers totaling $532,257.
Ocean Bank TOS
See also ‘Shames-Yeakel v. Citizens Financial Bank: Failure to Expeditiously Implement State-of the Art Security Measures Can Create Liability for Negligence in Data Breach Cases’
Also this

Advertisements
Tagged with:

BLACK JUNE 2005

Posted in Information Security by coda on February 23, 2010

3 Student presentations on Information Security
3 examples – UBS, Motorola and Citibank
The 3 types of threats: Physical, Technical and Social
The first is particularly poignant – Haiti, 9-11
The second – infrastructure: Network/Systems
The third – social. [case examples]

What types of regulations?
Data Protection/Privacy
Common Law obligations – laws of trespass, tort of negligence, criminal damage
Q. How do you explain increased legislative activity?

Types of Approaches
Physical Security measures – CCTV, biometric, ID system
Technical – Network/Information Security
Social – Promoting Institutional Awareness

2nd Presentation
Phishing websites of RBS – illustrates the role of social engineering.
Important – how is fraud being perpetrated? Contrast this with the way “old” type fraud take place.
This is a useful example demonstrating the scale, reach and nature of threats.
Why online? What are the incentives/motives for committing online fraud?
We need to look at online security from the perspective of “data” (what we are trying to protect”) “systems” (the vehicle through which data is carried).
Online malicious attack/intrusion – theft, damage system/delete data
Learning point: how do we “draft” legislation/rules? Emphasis of laws: “unauthorised” and “access”
Where are the threats likely to come from? What types of threats?
A particular problem arises where employees access the Internet/engage in personal communications from work. By the same token, quite a lot of individuals work from home – problems may arise if the home network/computer is not secure or does not have updated appropriate security software.
What is the value of “data”? How much does it cost to upgrade systems/install systems?

Securing compliance is a corporate governance issue. How is this achieved?
Law – legal rules governing data processing
Data Breach Notification laws

Presentation 3
Takes a close examination of the “types” of threats
a. Virus (Melissa) – used email to infect computers
Charged in New Jersey

b. Worm (ILOVEYOU)
Downloads malicious software – and program continues to propagate.
Note – offenders from Philippines. There was no law covering what the accused was deemed to have done – this act of creating the malicious software was an offence in US.

c. Individual’s email was hacked – account was used. What are the challenges for enforcement and investigation?

Tagged with: