Skip to: Content
Skip to: Site Navigation
Skip to: Search


Logging on to cyber-crime

The old-fashioned bank heist is now just a few key strokes away - and almost invsible

By Tom ReganSpecial to The Christian Science Monitor / July 8, 1999



BOSTON

Nothing seemed out of the ordinary when clients of the second largest bank in Holland logged on to the bank's Web site to access their accounts. The first time they entered their username and password, however, they received an error message. When they tried again, they were able to access their account, conduct their business, and leave.

Skip to next paragraph

What they didn't know was that the first time they were not actually at their bank site but at a mirror site set up by a hacker.

The mirror site took their information, e-mailed it to the hacker, then sent the clients to the bank's real site. A few hours later, the hacker went to the bank site and, using the stolen information, took five gilders (about $2.35) from each account - a sum most people would never miss. Doing this, the hacker was able to steal thousands of dollars, without the bank or its customers ever knowing.

Luckily, the hacker wasn't a real thief - just someone who wanted to prove that the bank's claims of impenetrable security were nonsense. All the money was returned. But his actions show the new kinds of crimes that are taking place online, especially as many businesses rush to embrace electronic commerce, without making sure their online security is strong enough.

"I don't think that we need to be so concerned about cyber-doomsday predictions," says Yael Sachs, president of Aladdin Knowledge Systems's Internet security unit. "But it's petty crimes like this one on a large scale that will impact our economies to a huge extent."

According to the Association of Certified Fraud Examiners, the average bank robbery stole about $14,000, while the average computer theft was more than $2 million. While the exact figure of financial losses due to cyber-crime is not known, most security experts interviewed for this article put it in the billions of dollars.

For instance, AT&T and MCI were forced to give 38,000 consumers credits and refunds worth $2.74 million in 1997 for phone charges they unknowingly incurred when Internet scam artists hijacked their computer modems. The scam occurred when the victims visited a porn site and downloaded a plug-in to watch a video. While they were doing this, a vandal program (a rogue application that executes automatically when a user views certain kinds of Web pages or opens an e-mail attachment) logged them off without their knowledge and redialed their modems to connect to a 900 number overseas, for which they were later billed.

In fact, cyber-criminals based in nations once a part of the Soviet Union are a growing problem for US businesses. In one recent case, two men from St. Petersburg hacked into a US bank's computer network and transferred $10.5 million from the bank's corporate accounts into accounts they controlled.

"There's a lot going on out there right now," Mr. Sachs says. "Many businesses are driving on the information superhighway at 200 miles an hour without a seat belt or an airbag."