Skip to main content

“Cyber Security Loophole”- Bank Hackers “Unfettered Access” To Accounts





– Bank accounts at majority of banks in Britain and Ireland are vulnerable to hacking says Financial Times

- Two-step authentication process used by most banks is inadequate

- Vulnerabilities identified similar to those that were used by hackers to steal up to $1 billion across Eastern Europe

- UK regulator says bank customers must be reimbursed, banks are responsible for security

- Highlights risks to deposits and systemic risk should such vulnerabilities be exploited in cyber-warfare or indeed for monetary gain


The vulnerability of banks and the global banking system – reliant as it has become on computer systems, information technology and the internet – was highlighted yet again in an important article in the Financial Times on Tuesday which was largely ignored elsewhere.

The FT reports that it has come into possession of documents and correspondence between the Financial Conduct Authority (FCA) and a cyber security firm, Bronzeye that identify “serious security issues” at British high street banks.

“Britain’s markets watchdog, the Financial Conduct Authority, was warned last July about a loophole in the cyber security of one of Britain’s biggest banks that could give hackers unfettered access to customer accounts,” reports the FT.

Bronzeye identified a weakness in the two-step authentication process used by most banks and reported it to the FCA in July of last year. It is apparently similar to the flaw that allowed hackers to raid up to $1 billion from around 100 banks, predominantly in Eastern Europe.

Bronzeye identified one “large British bank”, the name of which was redacted in the documents, that had “22 critical vulnerabilities”. One of these flaws could “stop the bank in it’s tracks”, according to the firm.

Oddly, the bank refused to work with Bronzeye to fix the problem.



On the surface it would appear that banks customers need not concern themselves with these developments. The FCA has made it clear that banks must absorb the costs of raids on customers accounts by hackers.

“We are focused on ensuring the right outcomes based on our three operational objectives. We expect firms to provide redress for consumers impacted by cyber crime, consumers should not lose out as a result of cyber crime. Management and oversight of the systemic cyber risks lie with the Bank of England and Prudential Regulation Authority supervision,” they said.

While this is encouraging we believe that this story again exposes systemic risks to the banking system. If the accounts of a number of banks were targeted en masse in a coordinated act of cyber-warfare or cyber-terrorism it could severely impact and even disable individual banks and their deposit accounts and indeed the entire western banking system through contagion.

We have covered previously how governments across the world have been infecting the systems of their rivals with malware. Although generally they have not exploited the breaches to date.

It is likely that groups and governments hostile to the West have also identified such simple vulnerabilities in the western banking system but decided it was not in their interest to exploit them … yet.

Recently we pointed out how an international hacking group stole $300 million from bank accounts and how the global digital banking system is not secure . We also pointed out how cyber war poses risk of bail-ins to banks and deposits.

We are not suggesting that readers should dash out and empty their bank accounts. We are simply identifying risks to the system of which people should be aware and that they take reasonable precautions including diversification of deposits and diversification from deposits.

Having all your eggs in a deposit account is no longer prudent.

Academic and independent research and indeed the modern and historical record shows how physical gold is the safest asset-class in the world. An allocation of some of one’s portfolio to physical gold is insurance against technological and systemic risks posed to all virtual wealth today – whether that be digital bitcoin or electronic currencies in deposit accounts.

These risks have never been seen before and yet are largely unappreciated and ignored by brokers, financial advisors and bankers.

Comments

Popular posts from this blog

Why States Still Use Barrel Bombs

Smoke ascends after a Syrian military helicopter allegedly dropped a barrel bomb over the city of Daraya on Jan. 31.(FADI DIRANI/AFP/Getty Images) Summary Barrel bombs are not especially effective weapons. They are often poorly constructed; they fail to detonate more often than other devices constructed for a similar purpose; and their lack of precision means they can have a disproportionate effect on civilian populations. However, combatants continue to use barrel bombs in conflicts, including in recent and ongoing conflicts in Africa and the Middle East, and they are ideally suited to the requirements of resource-poor states. Analysis Barrel bombs are improvised devices that contain explosive filling and shrapnel packed into a container, often in a cylindrical shape such as a barrel. The devices continue to be dropped on towns all over Syria . Indeed, there have been several documented cases of their use in Iraq over the past months, and residents of the city of Mosul, which was re...

Russia Looks East for New Oil Markets

Click to Enlarge In the final years of the Soviet Union, Soviet leader Mikhail Gorbachev began orienting his foreign policy toward Asia in response to a rising Japan. Putin has also piloted a much-touted pivot to Asia, coinciding with renewed U.S. interest in the area. A good expression of intent was Russia's hosting of the Asia-Pacific Economic Cooperation summit in 2012 in Vladivostok, near Russia's borders with China and North Korea. Although its efforts in Asia have been limited by more direct interests in Russia's periphery and in Europe, Moscow recently has been able to look more to the east. Part of this renewed interest involves finding new export markets for Russian hydrocarbons. Russia's economy relies on energy exports, particularly crude oil and natural gas exported via pipeline to the West. However, Western Europe is diversifying its energy sources as new supplies come online out of a desire to reduce its dependence on Russian energy supplies . This has ...

LONDON POLICE INDIRECTLY ENCOURAGE CRIMINALS TO ATTACK RUSSIAN DIPLOMATIC PROPERTY

ILLUSTRATIVE IMAGE A few days ago an unknown perpetrator trespassed on the territory of the Russian Trade Delegation in London, causing damage to the property and the vehicles belonging to the trade delegation , Russian Foreign Ministry Spokeswoman Maria Zakharova said during the September 12 press briefing. The diplomat revealed the response by the London police was discouraging. Police told that the case does not have any prospects and is likely to be closed. This was made despite the fact that the British law enforcement was provided with video surveillance tapes and detailed information shedding light on the incident. By this byehavior, British law inforcements indirectly encourage criminals to continue attacks on Russian diplomatic property in the UK. Zakharova’s statement on “Trespassing on the Russian Trade Mission premises in London” ( source ): During our briefings, we have repeatedly discussed compliance with the Vienna Convention on Diplomatic Relations, sp...