In denial
As reported by CNET, a Wall Street Journal (WSJ) article (subscription required) today stated that Russian cybercriminals hacked into Citibank and stole tens of millions of dollars, which prompted an investigation by the FBI.
Citigroup denies that such an attack ever took place. Citibank is a unit of Citigroup.
The attack reportedly was discovered this past summer, but FBI and NSA investigators believe that the attack may have happened months or a year earlier. (Note added December 24, 2009: … which makes me wonder how a LOSS of tens of millions of dollars appeared on their quarterly and annual reports! OH, I forgot! It never happened! 
) FBI and NSA reportedly have shared information with the Department of Homeland Security and Citigroup for its defense.
According to the WSJ article, investigators noted traffic that came from IP addresses that had been used by the Russian Business Network, a gang of cybercriminals that mysteriously “disappeared” back in 2007. The group may have resurfaced to launch attacks in 2009.
A tool that allegedly was used to break into Citibank was Black Energy, according to WSJ, which is a $40 piece of software that launches Distributed Denial of Service (DDoS) attacks and is sold on Russian-language forums. Now, Black Energy is sold as part of a $700 package called the YES Exploit System that also includes software to steal bank account credentials .
Citigroup mailed a prepared statement to CNET that denied a breach of Citi systems and associated losses. While admitting attempts to interfere with system availability, Citigroup said that, “… none of these have resulted in any breaches, compromise of customer information, or losses to Citi.”
A Citigroup spokesperson further denied any involvement of the FBI.
FBI and NSA did not return CNET’s phone calls.
I mentioned a few days ago that the beauty of secrecy is that incompetence can be “swept under the rug.” I also realize that open discussions of network security provide “aid and comfort” to the folks who are interested in breaching your network.
The list of banks with which I will not do business keeps growing longer all the time.
-Bill at
Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”
You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. Apparel and other gifts decorated with some of our most popular photos can be ordered from the Cheshire Cat Photo™ Store on CafePress®. Both Shutterfly™ and CafePress® ship to most international locations worldwide! Framed prints and prints on canvas can be ordered from our galleries on imagekind® and redbubble®. All four locations are accessible from here. If you don’t see what you want or would like to receive an email when new photos are up on the site, send us an email at info@cheshirecatphoto.com.
