Government interventions are on the rise
LONDON // Governments across the world are desperately starting to intervene to avert an impending potential financial crisis arising from the escalating level of cyberattacks on banks.
Canada’s financial regulator is the latest to warn banks and insurance companies of the urgent need to substantially strengthen the security of their information technology (IT) systems in the face of rising online theft.
But most western governments are reluctant to be seen to be overregulating the banks, and many require the support of major financial institutions to an extent where they are often reluctant to legislate even when it is urgently necessary.
A few months ago, Iain Kenny, the head of the Canadian accounting firm MNP’s anti-money laundering compliance and forensic technologies services practice, told Thomson Reuters that “with our current regime” getting a foothold on stopping cybercrimes against banks would be “an uphill battle”.
But unless governments and banks act quickly, a rapid deterioration in confidence among banks could eventually lead customers to look elsewhere to avoid the rising costs and uncertainties passed on to them because of the banks’ inability to contain cybercrimes.
For instance, the virtual online currency Bitcoin already allows individuals to make international money transfers and safeguard cash deposits without using banks. The internet enables them to sidestep traditional banking channels in the same way that Skype enables people to use the internet to avoid the telecoms networks.
This small but growing trend away from traditional banking and towards online solutions hardly accords with the interests of governments or banks. However, relatively little has been done to address the worsening nature of the cyberattacks.
According to Britain’s Telegraph newspaper, every minute of every day a bank somewhere is under cyberattack.
There are, however, new forms of cyber fraud in the category of “cyber espionage”, which, unlike a direct assault, may go unnoticed by financial institutions that have been targeted for months, if not years.
One example of this growing form of cybercrime is an assault against the Nasdaq stock exchange in the United States.
In July, US federal prosecutors identified a 26-year-old Russian they had previously secretly charged with hacking in 2009 and 2010 the computer system of the company that runs the Nasdaq stock exchange. The Russian allegedly stole millions of dollars from US bank customers in these attacks.
Aleksandr Kalinin, known in hacking circles as “Grig” and “Tempo”, is charged with illegally accessing the computer servers of the New York-based Nasdaq OMX Group, which runs the technology underpinning Nasdaq.
Mr Kalinin allegedly installed software on the Nasdaq back-end computers which enabled him and others to surreptitiously execute commands, including those to delete, change or steal data.
A second indictment accuses him and Nikolay Nasenkov, 31, of stealing more than $7 million by hacking Citibank and other banks. They allegedly cloned bank teller cards with the stolen data, which were then used to access cash machines in countries including the US, Estonia, Canada, Britain, Russia and Turkey.
If cyber hackers really do have the tools to take over Nasdaq’s computers for years and go undetected, many in the security industry now suppose, and some claim to have evidence, that banks across the world are unknowingly being infected with similar, but more sophisticated malware, which enables hackers to monitor the banks’ strategy and hack into their systems.
By doing this, hackers can not only look into the banks’ secrets, but also into their vast databanks of customer information.
There are now growing fears, mostly being voiced by IT and cyber security professionals, that the banks are in danger of losing two of their key attractions for customers: confidentiality and a secure home for cash.
Only the savviest or more paranoid banking customers worldwide are cognizant of this. Banks must now act quickly, in a concerted and more transparent manner, if they are to plug the holes in their IT security before more customers start to lose confidence in the banking industry.
Published: November 5, 2013 04:00 AM