Banking Blog

Finance Blogs » Banking » Hackers empty $900K bank account

Hackers empty $900K bank account

By Claes Bell · Bankrate.com
Monday, February 25, 2013
Posted: 9 am ET

In itself, a distributed denial of service, or DDoS, attack on a bank's website is little more than costly hooliganism. It essentially consists of hackers ordering a bunch of malware-infected computers to "click" on a bank's website until it's too overwhelmed to respond to legitimate users.

The effect is pretty similar to a barricade across the entrance to your bank: You can't get in, but your money is still safe inside the bank.

But what if thieves used a DDoS attack as cover for a more harmful attack that did actually compromise customer checking accounts? That appears to be exactly what happened to a customer of Bank of the West, according to a report from security blogger Brian Krebs:

A Christmas Eve cyber-attack against the website of a regional California financial institution helped to distract bank officials from an online account takeover against one of its clients, netting thieves more than $900,000.

At approximately midday on Dec. 24, 2012, organized cyber crooks began moving money out of corporate accounts belonging to Ascent Builders, a construction firm based in Sacramento, Calif. In short order, the company's financial institution -- San Francisco-based Bank of the West -- came under a large distributed denial of service (DDoS) attack …

There were 62 individuals suckered in to acting as "mules" for the stolen money, according to Krebs.

It's standard operating procedure for scammers to recruit unsuspecting individuals and businesses ("make big money working from home!") to accept a substantial deposit from thieves and wire the bulk of it overseas, keeping a portion for themselves as payments. Typically, the money clears and the mule completes the transfer, only to have the authorities catch up with them and claw back the money, leaving them on the hook for most of the losses.

Obviously, you never want to agree to accept and transfer cash as these mules did. Aside from the legal implications of engaging in what amounts to money laundering, what good are promised payoffs if they're going to be clawed back later?

Another important step to avoid having your account on the receiving end of this type of coordinated attack is having up-to-date antivirus software installed on your computer. Krebs writes that the thieves may have gained access to Ascent Builders' bank logins using malware surreptitiously installed on its computers. And you don't want that happen to you, especially on Christmas Eve.

What do you think? Do you worry about online thieves draining your accounts? What precautions do you take to prevent that from happening?

Follow me on Twitter: @claesbell.

«
»
Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
147 Comments
howard schwartz
March 10, 2013 at 6:41 pm

I meant 45 years of hard work.

David Luken
March 09, 2013 at 11:10 am

I hope someone can answer this question. If somebody snitches one of my credit card numbers, I'm limited to only $50 if that perp makes unauthorized purchases. Is there a similar limitation on my liability if my bank account is hacked?

Claes Bell
March 09, 2013 at 11:59 am

Your liability for fraudulent credit card purchases tops out at $50. Your liability for fraudulent checking account transfers or purchases starts at $50 if you report it within 60 days of receiving your statement, but could potentially be unlimited depending on when you report it. Your bank may also have a zero liability policy, but that's in excess of what the law requires.

Igor
March 08, 2013 at 10:39 pm

Well the best thing would be to stop offering online banking and just go back to visiting the institutions in person to perform any type of transactions. More people would have jobs and there would be less trouble for officials to recover the money.

mike
March 08, 2013 at 2:44 pm

"No, I don't worry about hackers draining my account, because I have the Federal government looking out for me, taking my money, ruining the value of the dollar and keeping my account balances low enough that they aren't attractive to thieves."

The roads you drive on, the food you eat, the electricity you use, the relatively low cost of living you enjoy... all for what... 35% at the very most of what you earn? Give me a break. Try most other countries where taxes are FAR higher. Your taxes build roads and infrastructure like electric grids. They also subsidize agriculture and encourage investments in many sectors of our economy. All this boils down to an extremely easy life comparatively speaking. You're the problem, Don. Not the Feds. Quit being such a complaining dolt and go make more money if you feel you don't have enough. Just remember, you can't take it with you.

Don't forget about all the good we as a nation do by taking the money from the evil 1% and making sure that welfare recipients can have big screen tv's and steaks. Why our poorest 1% lives better than the 80% of the rest of the world....Thanks Don!...but you know...we CAN do better...we should take everything from the wealthiest among us and just let them have back what they need....let's form a US Department of Need....to determine what each person needs and then make sure they get no less AND no more....after all we should be fair in all things....I think it should probably be a cabinet position

And as far as the doofus people trying to get something for nothing by acting as mules...they deserve to be punished as severely as the hackers...they took money that was not theirs...it will be ultimately restored to the account holder by FDIC (most of it anyway) but that comes straight from the US bottom line...time to draw a line in the sand with all the lazy a**es in this country trying to either "get over on" or "game" the system....we want to make it out to be the "evil" corporations or "greedy" CEO's that make for all our ills....I suggest a great many of us look in the mirror and decide to go out, work hard and do the right things....naive? ...maybe

David
March 08, 2013 at 12:42 pm

The fact is... Make Sure you know what websites, emails, etc that your Using. Just remember There's No Such Thing As Hacker Be Gone.!!

Dons Excuse
March 08, 2013 at 7:14 am

"No, I don't worry about hackers draining my account, because I have the Federal government looking out for me, taking my money, ruining the value of the dollar and keeping my account balances low enough that they aren't attractive to thieves."

The roads you drive on, the food you eat, the electricity you use, the relatively low cost of living you enjoy... all for what... 35% at the very most of what you earn? Give me a break. Try most other countries where taxes are FAR higher. Your taxes build roads and infrastructure like electric grids. They also subsidize agriculture and encourage investments in many sectors of our economy. All this boils down to an extremely easy life comparatively speaking. You're the problem, Don. Not the Feds. Quit being such a complaining dolt and go make more money if you feel you don't have enough. Just remember, you can't take it with you.

Dale
March 07, 2013 at 11:07 pm

I usually keep my account overdrawn so I don't have to worry about this kind of thing. Helps me sleep at night having one less worry.

Harsh Singh
March 07, 2013 at 12:41 pm

Echo Don, The only people who aggravate ID Theft is the Bank of America where they say they own your house than put your name in the credit bureaus. Their argument that you owe on the mortgage is a private business matter with you and the title owner period. At Counterfeiting documents they have no equals, buying a $6.00 rubber stamp putting ficticious names on it then using it as a transfer document.

No there is nothing at all illegal about transfering ownership of real property just be prepared to come up with the paperwork. I haven't seen it and Judges don't require them to provide it be cause they are an exception to old common law rules called special interest that masquerades as "legitimate state interest."

Don
March 07, 2013 at 12:51 am

No, I don't worry about hackers draining my account, because I have the Federal government looking out for me, taking my money, ruining the value of the dollar and keeping my account balances low enough that they aren't attractive to thieves.