09/12/2013

Bank Data Theft & Security Breach

Singapore banks told to boost security after StanChart data theft
singapore-banking-standard_chartered.jpg
Files containing data on Standard Chartered’s clients were discovered on a seized laptop. Photo: AFP


Singapore's central bank has called on financial institutions to tighten up cyber security after a database on elite customers of Standard Chartered Bank was compromised.

Police confirmed Friday that information on private-banking clients of the British lender had been found in the laptop of a Singaporean man charged with hacking the parliamentary district website of Prime Minister Lee Hsien Loong.

The Monetary Authority of Singapore (MAS) said in a statement it has "reminded all FIs (financial institutions) to heighten their vigilance to safeguard their IT systems and customer information, including controls at third party service providers".

read more

Data of wealthy clients stolen from StanChart in Singapore


The information was stolen from a server used for Standard Chartered Private Bank at a printing facility, Fuji Xerox Singapore chief executive officer Bert Wong said. Other clients weren’t impacted and a forensic team is probing the breach. Photo – Bloomberg News

Standard Chartered said wealthy clients' confidential information was stolen in Singapore from a printing company, underscoring the vulnerability of global banks to attacks from hackers and thieves.

Singapore's central bank plans to consider regulatory action against Standard Chartered after reviewing the bank's investigation into the incident. The London-based lender said it hasn't found any unauthorised transactions since the theft from Fuji Xerox, which was hired to print statements for the 647 clients, and is contacting affected customers. The city's police discovered statements for February on a laptop seized from an alleged hacker.

The security breach threatens to undermine Singapore's reputation as a private-banking hub for Asia. The city is Asia's largest wealth management centre with about $800 billion in offshore assets, according to Boston Consulting. Shares of Standard Chartered, which this week forecast that earnings from its consumer-banking unit will drop, fell to the lowest in five months in Hong Kong trading.

read more

StanChart client data stolen in Singapore via Fuji Xerox server


Bank statements belonging to hundreds of Standard Chartered's richest customers were found to have been stolen from a server at Fuji Xerox Singapore, the third party where printing was outsourced

The unauthorized access only came to light after files containing the data were found on a laptop, belonging to the recently arrested alleged hacker "The Messiah", according to Today. James Raj Arokiasamy was arrested last month and charged for hacking a government website and has been linked to a spate of other cyberattacks

Standard Chartered was notified by Singapore police of the theft of 647 of its Private Bank clients' monthly bank statement for February 2013, according to its joint statement with Fuji Xerox on Thursday

read more

Standard Chartered says private bank client statements stolen in Singapore

The Monetary Authority of Singapore (MAS) said it was aware of the matter and investigating. "We will review SCB's (Standard Chartered Bank) investigation report and consider if regulatory action against the bank is warranted," the central bank said in a statement. MAS added it believed the incident was an isolated case but said it had reminded all financial institutions to safeguard their IT systems and customer information.

Standard Chartered said it had not found any evidence that unauthorised transactions had resulted from the incident and that it was contacting the clients whose statements were taken. It added that customers from its retail and other banking units had not been affected.

Fuji Xerox Singapore said it had taken appropriate action to protect its servers and a forensic team was conducting a review.

read more

Standard Chartered Customer Data Stolen

Standard Chartered PLC said Thursday that hundreds of its private-banking clients had their monthly statements stolen from a server at Fuji Xerox, where the statements were being printed.

Standard Chartered said it hadn't found any unauthorized transactions since its data security was breached and that it was contacting the 647 clients affected.


The company's joint statement with Fuji Xerox didn't say whether the accounts of the affected customers were in Singapore and it didn't identify the customers. It also didn't say when the breach occurred.


647 StanChart bank statements stolen in Singapore

They were found on the laptop of an alleged hacker.

According to a report by reuters, bank statements for almost 650 of Standard Chartered Plc's private banking clients have been found on the laptop of an alleged website hacker in Singapore, the police and the British lender said on Thursday.

Standard Chartered said the February 2013 monthly statements for 647 of its clients were stolen, taken from the server of Fuji Xerox which provides printing services to the bank.

related: Singapore banks told to boost security after StanChart data theft

read more

Full statement from Standard Chartered Bank

“5 December, Singapore - Standard Chartered has been notified by the police of the theft of 647 of its Private Bank clients' monthly bank statement for February 2013.

Ray Ferguson, CEO, Standard Chartered said: "The confidentiality and privacy of our clients are of paramount importance to us, and we take this incident very seriously. Customer data protection is our responsibility and we sincerely apologise to all our customers and specifically to our Private Bank clients who have been affected.

The Bank has spared no efforts to thoroughly investigate the matter and can confirm that based on investigations to date, the theft did not occur through the Bank's IT and data security systems but through one of the servers of a third party service provider which the Bank engaged to print bank statements for its Private Bank clients. As a precautionary measure, the Bank is contacting its affected Private Bank clients.



Full coverage:
Kroll Ontrack: Standard Chartered client data stolen
The Guardian: Standard Chartered says client bank statements were stolen


Did you know that


The theft of bank statements of StanChart’s private banking clients from Fuji Xerox took place in March?

And both bank and printer only knew about it this month after police found them on James Raj’s laptop?

Also, Fuji Xerox has said that “definitely no employee” is involved. So maybe James Raj is a super hacker, and you wonder what use was made of those 647 bank statements in the intervening eight months before his arrest.

read more 

Hacking in Singapore: Messiah complicated

The name James Raj Arokiasamy may or may not trip off the tongue, but it has been everywhere in the city-state’s media in recent days. Mr James Raj, who may or may not be a.k.a. “The Messiah”, stands accused of hacking into at least two government websites as well as that of a scandal-plagued singer and churchman. In all, as many as 19 government websites were taken down simultaneously on the afternoon of November 2nd. (Three hours later a government agency used Twitter to announce that the sites were down due to “planned maintenance”.)

And then the story gets complicated. Since Mr James Raj’s arrest in early November, a series of copycat attacks have compromised the websites of high government offices, a government-friendly newspaper and others, using cross-scripting and DDoS attacks. On November 22nd the websites of 13 schools were defaced in less than two hours’ time.

And on December 5th, Standard Chartered, an international bank, said that data belonging to some 647 if its “high net-worth” clients were stolen from a server at Fuji Xerox Singapore. Here the link to Mr James Raj seems clear: the data is said to have been retrieved from his laptop.

read more

S’poreans feel safe as Standard Chartered loses 647 Private Bank’s clients’ data to hacker
standard-chartered
Bank did well as they did not lose data to anyone else, such as someone working in the bank

Singaporeans from all walks of life with varying amounts of money in the bank are glad that Standard Chartered has lost 647 Private Bank’s clients’ data to the hacker, James Raj, also allegedly known as, The Messiah.

This after files containing data on Standard Chartered Bank’s clients were found in a laptop seized from James Raj, who had been arrested by police in November for defacing some websites.

One Singaporean, Jin Wu Lui, said he is heartened that it took a hacker to break into the server to steal the personal data: “Imagine if the data was lost to a staff working in the bank itself. That would have been disastrous as it would be an inside job.”

read more

2 Million More Passwords For Facebook, Google, Twitter, Other Sites Were Stolen And Posted To The Net
two guys on computers

A computer security researcher has stumbled upon another huge file of stolen user names and passwords that was posted on the 'net for other hackers to enjoy.

Daniel Chechik, and his fellow researchers at Trustwave SpiderLabs, found a cache of user names and passwords for 2 million accounts that gives hackers access to accounts on popular websites like Facebook, Google, Yahoo, Twitter, LinkedIn, and others.

This stash of 2 million passwords follows a massive hack on Adobe revealed in October in which a jaw-dropping 38 million user accounts and passwords were nabbed and posted to the 'net. That attack was so big that other website vendors were affected, because many people use the same user name and password for all of their websites. Website vendors like Facebook and Evernote sifted through hacked passwords, found accounts using the hacked user/password combo and forced those people to change their passwords.



2 million Facebook, Google accounts hacked

Hackers managed to steal user passwords through keylogging software. The software records all your credentials, including passwords and route information, to the proxy server (a computer system or an application that acts as an intermediary for requests from client seeking resources from other servers), making it impossible to know which computers have the virus. The hacking began on October 21 of this year.


John Miller, security research manager at Trustwave, said that the hack wasn’t due to an imperfection in any of those company’s servers. “It was the individual users’ computers that had the malware installed on their machine,” he said.

He adds that the unnamed hackers were most likely motivated by profit. “These passwords were never publicly posted. We can’t say for sure, but the hackers were probably going to sell them”.

read more

Hackers Are Attacking Millions Of Computers And Demanding Ransom In Bitcoins
bitcoin

Before you mail holiday gifts to far-away friends and relatives, back up your most important computer files. There's a scary new computer virus called CryptoLocker that was spreading like crazy in the U.K. last month and is now crossing over to infect U.S. computers.

The National Crime Agency in the U.K. issued an alert last month saying that hackers have targeted "tens of millions" of computers.

CryptoLocker is a form of a virus called "ransomware," meaning hackers do something bad to your computer and then demand money to reverse what they've done. In this case, CryptoLocker encrypts the files on your computer. Then you get a pop-up notice on your computer telling you that you must pay if you want your files back.



Here's A Great Idea For Creating Passwords That Are Easy To Remember But Hard To Hack

In the past couple of months, security researchers have discovered huge numbers of hacked passwords for popular websites posted to the net, available for hackers to use and abuse. One of the things made obvious is how many people use the same, easy-to-guess passwords for their online activities, such as Facebook, LinkedIn, Twitter.

The most popular passwords are "123456" or the even more clever "123456789" or the ever-popular "password." (Here's a list of the top 25 passwords to avoid.) After we wrote about 2 million more user names/passwords found on the net this week, we heard from computer security expert Neal O'Farrell, executive director of The Identity Theft Council.

He offered this excellent tip about how to create easy-to-remember passwords that are hard for hackers to guess: Don't use passwords, use passphrases.


read more

Analysis reveals popular Adobe passwords
Adobe logo

"123456" was the most popular password among the millions of Adobe users whose details were stolen during an attack on the company.

About 1.9 million people used the sequence, according to analysis of data lost in the leak.

Online copies of the data have let security researchers find out more about users' password-creating habits.

The analysis suggests that many people are making it easy for attackers by using easy-to-guess passwords.

related:

Adobe hack worse than first reported
Malware mastermind suspect arrested
Adobe confirms data security breach


read more

Adobe in source code and customer data security breach
Adobe hq
Adobe says cyber attacks have become an "unfortunate" part of doing business

Adobe has confirmed that 2.9 million customers have had private information stolen during a "sophisticated" cyber attack on its website.

The attackers accessed encrypted customer passwords and payment card numbers, the company said. But it does not believe decrypted debit or credit card data was removed.

Adobe also revealed that it was investigating the "illegal access" of source code for numerous products, including Adobe Acrobat and ColdFusion.

read more

related: