Two years after attack μιας εναντίον της Tesco Bank, που είχαν σαν αποτέλεσμα την διαδικτυακή κλοπή 2.26 εκατομμυρίων λιρών Αγγλίας από 9.000 πελάτες, βγήκε το πόρισμα από την έρευνα. Μαζί με το πόρισμα ανακοινώθηκε και η επιβολή προστίμου στην bank (over £16.4 million) because it failed to protect its customers.
The audits were carried out by the Financial Conduct Authority (FCA) and the concluded (PDF) that the bank should pay a fine of 16,4 million pounds because it failed to "exercise the necessary actions, and show the necessary care and diligence" to protect account holders from cyber attacks.
Their identities hacker were not disclosed but according to the report published by the FCA they managed to acquire over £2 million within 48 hours in November 2016.
The attack began at 2:00 a.m. on Saturday, November 5, 2016, and by 04:00 a.m., Tesco Bank's fraud detection system had begun automatically sending text messages to holders of the bank's current accounts, urging them to be alert to "suspicious activity." »In their accounts. This is how the bank learned about the attack…
As calls grew rapidly, Tesco Bank's controls managed to stop almost 80% of unauthorized transactions. But the attack had already hit 8.261 from the 131.000 bank customers.
Attackers allegedly used an algorithm that created authentic Tesco Bank debit cards and using these virtual cards, thousands of unauthorized transactions were made.
The FCA said this was due to the way Tesco Bank distributed debit card numbers, but also Mistakes made in reaction when they perceived the attack. But the poor design of Tesco Bank's debit cards played a major role in finding security holes.
Also according to the FCA, it took 21 hours after the attack began for Tesco Bank's security team to be notified. Throughout this period, illegal trading continued.
____________________________
- Google Chrome 69 comes and brings problems for Flash
- Debian 9.5: Available the fifth point release of Stretch
- MX Linux 17 x64 Custom ISO from iGuRu.gr