FBI Investigating Over 400 Corporate Account Takeovers

Friday, September 16, 2011



The Federal Bureau of Investigation's assistant director of the Cyber Security Division, Gordon M. Snow, presented Congressional testimony this week on the ever growing impact of cyber crime on American businesses and consumers.

Snow presented his statements to a House Financial Services subcommittee governing financial institutions and consumer credit issues.

Snow revealed that the FBI is currently investigating a surprisingly large number of corporate banking account breaches, with losses from ACH fraud and bogus wire transfers in the tens-of-millions of dollars.

"The FBI is currently investigating over 400 reported cases of corporate account takeovers in which cyber criminals have initiated unauthorized ACH and wire transfers from the bank accounts of U.S. businesses. These cases involve the attempted theft of over $255 million and have resulted in the actual loss of approximately $85 million," Snow testified.

Snow also made note of an increase in the targeting of payment processors, companies who handle the electronic payments and act as an intermediary between merchants, banks, and the credit card issuers.

"Sophisticated cyber criminals are also targeting the computer networks of large payment processors, resulting in the loss of millions of dollars and the compromise of personally identifiable information (PII) of millions of individuals," Snow said.

Snow remarked that the problem is growing as more critical systems utilize the Internet, despite increased efforts by the private sector to ensure data protection and information system integrity, and an increase in the number of federal and local law enforcement personnel dedicated to stemming the underground cybercrime economy.

"As the Subcommittee is aware, the number and sophistication of malicious incidents has increased dramatically over the past five years and is expected to continue to grow. As business and financial institutions continue to adopt Internet-based commerce systems, the opportunities for cyber crime increase at retail and consumer levels."

Snow also pointed out that the ability of federal agencies and the private sector to accurately gauge the true financial impact of cybercrime is hindered by several factors ranging from breaches of security that go undiscovered to a reluctance by many companies to report data and financial losses publicly.

"The potential economic consequences are severe. The sting of a cyber crime is not felt equally across the board. A small company may not be able to survive even one significant cyber attack. On the other hand, companies may not even realize that they have been victimized by cyber criminals until weeks, maybe even months later. Victim companies range in size and industry. Often, businesses are unable to recoup their losses, and it may be impossible to estimate their damage. Many companies prefer not to disclose that their systems have been compromised, so they absorb the loss, making it impossible to accurately calculate damages."

Snow's testimony covered multiple threat vectors, including:

  • Account Takeover
  • Third Party Payment Processor Breaches
  • Securities and Market Trading Exploitation
  • ATM Skimming and Point of Sale Schemes
  • Mobile Banking Exploitation
  • Insider Access
  • Supply Chain Infiltration
  • Telecommunication Network Disruption
Snow's complete testimony before the subcommittee can be found here:

Source:  http://financialservices.house.gov/UploadedFiles/091411snow.pdf

Possibly Related Articles:
Government FBI Cyber Crime Headlines Financial Congress hackers Law Enforcement Account Fraud Testimony
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.