Alleged Theft at Citibank Underscores Worries Over Online Bank Robberies

By Matthew Harwood

The Wall Street Journal stands by its report yesterday that  the FBI is investigating a cybertheft last summer or earlier where hackers stole tens of millions of dollars electronically from Citibank.

The bank has vigorously denied such reports and in a statement assured its customers their money is safe.

We take the security of our customers’ accounts and systems seriously. We continuously take steps to protect our customers against fraud, and we have state-of-the-art processes to detect and prevent criminal activity.

Whether or not the Journal's initial report was true, the consensus on bank security in a digital age is worrisome.

According to the Associated Press:

Internet attacks on banks are common, said Tom Kellermann, a former senior member of the World Bank’s Treasury security team and now vice president of security awareness for Core Security Technologies.He said large financial institutions are “consistently targeted’’ and are “hemorrhaging funds.’’

Or as the Journal writes:

Experts said financial institutions are grappling with increasingly frequent attempts to pierce their technological defenses, often by hackers with ties to organized crime rings in Eastern Europe.

Such attacks can occur through breaches of internal bank systems; by accessing data through outside firms that process transactions for financial firms; or by infecting customers' computers to gain access to bank systems when customers log on to bank Web sites.

Which only goes to sure that modern-day John Dilingers don't rob banks with Tommy guns and a note to the teller; they rob them quietly with software programs.

♦ Photo of Citibank in San Francisco by kiwanja/Flickr


Citi systems security

No doubt, the story is based on true accounts, while the dates, amounts, etc. may be off, the security breach is real. The problem is basically, the Citi IT management  team does not have the background or skills to deal with real time banking systems.

These are the boys, and a few girls who were the winners from the Smith Barney vs. Citicorp wars of nearly 10 years ago. Smart good people at managing investment back- office processing systems, but clueless about banking.

Citi's on-line banking system is content rich, contains great functionality but architecturally is old. Sure it uses 128 bit encrytption, etc, but a smart Eastern European thief with a 5 year old laptop, can hack his way in within a nansecond. The Citi IT dopes really do not understand how important on-line is to the retail business today, and how much more important it will be in the future and are not sufficiently resourcing this delivery channel.

With all of the management changes, organizational realignments, third party stops & starts, it is suprising that there haven't been more cyber thefts, but then again they are quietly cleaned up, new cards, numbers, passwords, etc created and life goes on BAU for the IT organization.  WHAT A PITY !!!!! 

View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.