Ever heard of high tech security system house, and the doors aren’t locked ?! Using the CitiGroup customer Web site as a gateway to avoid conventional maintenance and imitate actual credit card holders, a team of sophisticated thieves cracked into the bank’s enormous reservoir of personal financial data, until they were distinguish in a routine check in early May.
That allowed them to incarcerate the names, account numbers, e-mail addresses and transaction histories of more than 200,000 Citi customers, security experts said, revealing for the first time details of one of the most brazen bank hacking attacks in recent years.
The case illustrates the threat posed by the rising demand for private financial information from the world of foreign hackers.
In the Citi breach, the data thieves were able to go through the bank’s defenses by first logging on to the site reserved for its credit card customers. Once inside, they accessed between the accounts of different Citi customers by inserting various account numbers into a string of text located in the browser’s address bar. The hackers’ code systems automatically repeated this exercise tens of thousands of times, allowing them to capture the confidential private data. The method is apparently simple, but the fact that the thieves knew to focus on this particular vulnerability marks the Citigroup attack as especially resourceful .
The fiscal damage to Citigroup and its clientele is not yet clear. The bank spokesman declined to comment on the details of the breach, citing the continuing criminal investigation. In a statement, he said that Citigroup discovered the violation in early May and the problem was “corrected immediately.” He added that the bank had started domestic fraud alerts and stepped up its account monitoring.
The expertise behind the attack, according to law enforcement officials and security experts, is a sign of what is likely to be a wave of more and more sophisticated violators by high-tech thieves hungry for credit card numbers and other private information. That is because demand for the data is on the rise. In 2008, the subversive market for the data was flooded with more than 360 million stolen personal records, most of them credit and debit files. That evaluate with 3.8 million records stolen in 2010 .Now, as credit cards that were finding the middle ground in the immense 2008 thefts expire, thieves are stepping up efforts to find new accounts.
As a result, prices for basic credit card information could rise to several dollars from their current level of only pennies. The kind of information the thieves are able to glean is shared in online forums that are a actual marketplace for criminals.