UK Home >  OUT-LAW News >  News Archive >  2007 >  January 2007 >  Bank hit by 'biggest ever' hack

Bank hit by 'biggest ever' hack

OUT-LAW News, 22/01/2007

Swedish bank Nordea has been hit by what security company McAfee has called the biggest internet fraud in history. Up to £600,000 has been stolen in the past three months from 250 customer accounts, according to Swedish press reports.

Emails were sent asking Nordea customers to download a piece of software which they were told was a piece of anti-spam software. In fact it was a piece of software which was activated when customers tried to log into internet banking with Nordea. It recorded their login details and asked them to log in again because of a fictional error.

It then recorded their second attempt to log in, which would give hackers enough information to access accounts. Most internet banks only ask for a portion of an access code at login to prevent one-off spying attempts from gaining the whole code, but the fake error messages ensured that the Nordea hackers were given access to enough information to access an account.

Police told Computer Sweden that the information was sent to servers in the US and then on to Russia, from where money was siphoned from users' accounts.

"This is a worrying concern for any online bank user as the threat of cyber crime targeting 'safe' institutions gets an ever more real concern," said a statement from security firm McAfee.

Around 250 customers were said to have been targeted over a period of 15 months. The software was written especially for the Nordea system and to target only that bank's customers, though it was a modification of a more general Trojan application, Haxdoor.

Trojans are named after the Trojan Horse which was used at Troy. Like the wooden horse, the Trojan applications make a claim to be innocent and beneficial but are actually a secret mode of attack. This Trojan claimed to be an anti-spam application.

The bank has refunded the customers the money that was stolen from them. Nordea spokesperson Boo Ehlin told the ZDNet news service that most of those affected by the software were not running anti-virus applications.

The hackers had avoided automated transaction checking that internet banking systems have in place by transferring small sums of money over a 15 month period out of the affected accounts. Sudden large transfers would have alerted the system but the thieves were able to siphon a large amount of money out over time using smaller transactions.

 

Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please contact us. See also: our full disclaimer

 

OUT-LAW Recommends

This week's podcast
Bribery law extended

Advert: Pinsent Masons works with forensic accountants to help you to manage the costs of litigation. Our approach is called Reaching Solutions.
Advanced Search
UK Home | 
OUT-LAW News | 
This month's news | 
News Archive | 
2010 | 
2009 | 
2008 | 
2007
2006 | 
2005 | 
2004 | 
2003 | 
2002 | 
2001 | 
2000 | 
OUT-LAW RSS feeds | 
OUT-LAW Radio | 
Legal Info About... | 
Legal Info For... | 
Our Services | 
Case Studies | 
Events and Training | 
Fun | 
About Us | 
Contacts | 
Legal Notices | 

 

Pinsent Masons named Legal Firm of the Year 2009 at Finance Directors' Excellence Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility Logon
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.