Mexican banks hacked; losses unknown

Snowboarder_Bo · May 15, 2018, 9:34pm

The head of the country’s central bank, Alejandro Diaz de Leon acknowledged late Monday that a “cyberattack” was involved in shadowy transfers of between $18 million and $20 million.

The central bank issued a memo Monday saying banks could opt to immediately pay out transfers for customers they know and trust, but would impose a one-day wait period for others.

The head of the country’s bankers’ association told local media Tuesday that the hackers had apparently duplicated valid settlement payments between banks, with one copy going to the intended recipient and the other going to account set up by hackers.

Few expected authorities to be so unprepared. Security breakdowns were first detected on April 27, but by Monday, authorities were still not sure how much had been taken. They said some of the fake transfers were caught before they could go through.

But it was also revealing that the central bank did not have a cybersecurity division until Tuesday, when one was created by decree.

How could the banks NOT have a cybersecurity division? WTF?

How long until an American bank admits something like this?

Dewey_Finn · May 16, 2018, 2:47am

This may turn out to be something similar to the theft of about $100 million from the central bank of Bangladesh a couple of years ago (and in that case they were actually trying to steal a billion dollars).

Projammer · May 16, 2018, 3:54am

And they only got away with 100 million?

Posers.

nightshadea · May 16, 2018, 6:36am

20 mil in pesos? That’s what 5-10 grand maybe ?

Nava · May 16, 2018, 7:03am

Lots of companies have cybersecurity that can be defeated by a ten year old and physical security that can be destroyed by a white van, a pair of blue coveralls and a clipboard, or by a middle-aged woman who looks like she knows where she’s going.

Patch · May 16, 2018, 5:38pm

A nice presentation by a guy getting access to banks. The whole thing is interesting, but this starts at the bank stuff.

Snowboarder_Bo · May 16, 2018, 6:21pm

For sure, but to not have one at all? In 2018? That’s not normal (or smart).

I can vouch for his BAD descriptions. I used to do similarly and was always amazed at how easy it was.

Melbourne · May 17, 2018, 12:16am

What, you need a special cyber-security division with a cyber-security VP to impress the shareholders and the government? Security doesn’t begin with the creation of a “security” management position. Although it sometimes ends there.

Nava · May 17, 2018, 5:53am

They had cybersecurity. What they didn’t have was a cybersecurity department, division, call it X. And as Melbourne says, if all they’re doing is give a title and a fat salary with commensurate fat bonuses to somebody’s nephew, it’s not going to really solve anything.

I’ve told you guys before about my client who was hit very badly by ransomware, and which in the course of cleaning up every company-owned computer discovered some employees had up to 6 company computers. Did they make the people with extras hand them in? No. Did they create a list of who had what? No. Did they put in place any measures that would prevent employees from taking a laptop home, giving it to their kid with the company’s confidential data and highly-paid licenses in, etc.? No. Did they punt those employees in orbit around Saturn? No.

But hey, they did have a cybersecurity division.

Topic		Replies	Views
Chinese hackers allegedly attack US Treasury Miscellaneous and Personal Stuff I Must Share trump	20	335	January 2, 2025
What's the history of banks robbing themselves? Cryptocurrency "hackers" or inside job? In My Humble Opinion	3	524	January 27, 2018
Cases of hacking/cybertheft from major financial institutions? Factual Questions	2	2030	January 22, 2012
Online banking fraud - how do the scammers get away with the money? Factual Questions	9	2097	November 14, 2016
Russians hack many US government systems Miscellaneous and Personal Stuff I Must Share	69	2362	December 26, 2020

Mexican banks hacked; losses unknown

Related topics