Huge Online Loss by Swedish Bank Nordea – Claimed to be Biggest Loss?


A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD.

Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided by using 2 factor authentication such as hardware tokens or SMS verification.

Swedish bank Nordea has told ZDNet UK that it has been stung for between seven and eight million Swedish krona “up to £580,000” in what security company McAfee is describing as the “biggest ever” online bank heist.

Over the last 15 months, Nordea customers have been targeted by emails containing a tailormade Trojan, said the bank.

Nordea believes that 250 customers have been affected by the fraud, after falling victim to phishing emails containing the Trojan. According to McAfee, Swedish police believe Russian organised criminals are behind the attacks. Currently, 121 people are suspected of being involved.

If it’s a custom trojan I don’t see how anti-viral software would have helped, but then…executives and corporates tend to talk a lot of crap when it comes to technical issues.

Nordea spokesman for Sweden, Boo Ehlin, said that most of the home users affected had not been running antivirus on their computers. The bank has borne the brunt of the attacks, and has refunded all the affected customers.

Ehlin blamed successful social engineering for the heist, rather than any deficiencies in Nordea security procedures.

“It is more of an information rather than a security problem,” said Ehlin. “Codes are a very important thing. Our customers have been cheated into giving out the keys to our security, which they gave in good faith.”

As always just be wary, no point preaching here as the people reading this site know not to open random executables sent from anywhere unless they are signed and md5 hashed ;)

Source: Zdnet UK

Posted in: Hacking News, Malware, Privacy, Social Engineering

, , , ,


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


3 Responses to Huge Online Loss by Swedish Bank Nordea – Claimed to be Biggest Loss?

  1. Bogwitch March 14, 2007 at 1:43 pm #

    “As always just be wary, no point preaching here as the people reading this site know not to open random executables sent from anywhere unless they are signed and md5 hashed ”

    So, you would open a random executable as long as it was signed and hashed?

    Sheesh.

  2. Darknet March 14, 2007 at 6:18 pm #

    Bloody pedants!

  3. Patrick Ogenstad March 15, 2007 at 8:05 am #

    “If it’s a custom trojan I don’t see how anti-viral software would have helped, but then…executives and corporates tend to talk a lot of crap when it comes to technical issues.”

    Then again a lot of people will listen to the fact that some of the customers didn’t have antivirus, by talking about antivirus and giving it away for free the bank is shifting the blame to the customers.

    That way less focus will be spent on the banks security issues. It would be more useful so check how many of the customers were running as a local administrator.