Whom to trust? Bank? Online payment system? Or... 20-year old hacker?

The world is a constant confrontation of evil and good. From the very childhood we have been taught that there are good guys and bad guys, and that bad guys always do something bad and good ones punish them and save the world. We’ve got used that bad guys that steal money and rob the honest people are ugly mid-aged thugs in black masks that burst into the banks or shops and pulling a gun at the cashier ,demand money. This image of a burglar has appeared due to numerous films about brave policemen and commissars. However today we can witness quite another picture. Today’s criminals are usually young and attractive men without any guns and masks. Today’s thefts use not their force and deterrents but their brains and skills. However it doesn’t mean that they are less successful and get less money.

Let’s turn to the latest statistics. In February Visa and MasterCard payment systems have announced the breach of a large payment processor however the name of the company remained unrevealed. There are no reports on any amounts that could be stolen however it was said that only credit-card numbers and expiration dates. Nevertheless some banks will be obliged to reissue credit cards.

In January Heartland Payment Systems has announced that their system was hacked and a malware installed. System kept silence for more than three months before making an official statement. So may be in May we’ll be informed about the name of the company mentioned above. 

Result: millions of credit cards compromised; hence millions of dollars can be stolen.

Accused: At the moment police has arrested young men: Timothy J. Johns (21), Jeremy A. Frazier (20), Tony Acreus (20). All three young men were arrested on February 09, 2009 after using stolen credit card numbers to make fraudulent purchases at local Wal-Mart stores and were charged with processor breach.

In early December RBS WorldPay has announced the breach of the system that happened three months earlier. According to RBS WorldPay the fraudsters have stolen sensitive information and cloned payroll debit cards. What happened later is beyond any understanding. On November 08, 2008 unknown people have simultaneously come up to 137 ATMs in 49 cities of the world including Atlanta, Chicago, Hong Kong, Montreal, Moscow, New York and others., and have withdrawn all money from the accounts. It is the most massive operation of such kind. If not the presence of fraudulent ideas such action could have been named a flash mob. The whole operation took 30 minutes.

Result: $9mln have been withdrawn from hundreds of cloned payroll debit cards.

Accused: The FBI has photos of the people suspected in the crime however they must be just ‘pawns’ who have just withdrawn money. There is no doubt that the whole operation has been managed by one and the same person or may be a group of people. 

The first bomb of such kind was breach of TJX Companies Inc. (T.J. Maxx and Marshall’s). A retailer giant has announced that more than 45.6 million credit cards have been compromised due to the system breach. 

Result: $118 million stolen

Accused: Police of Turkey has arrested Maksym Yastremsky (25), aka Maksik, a Ukrainian carder who was suspected for hacking TJX. Also he was charged with hacking 12 more Turkish banks. According to US authorities the ringleader in that operation was Albert "Segvec" Gonzalez of Miami. And it was he who served as Maksik's stateside hacker. Maksym Yastremsky has been sentenced to 30 years. 

There are a lot of other minor cases of this kind however our aim was not to tell about the breaches and hacks but to prove that today’s back robbers do not need to wear any black masks and threaten with guns. The arm of today’s thefts is knowledge and education and the lack of such ones very often lead to imprisonment. 

One of such examples is a failed heist of the Sumitomo Bank that was to become one of the largest robberies. No, this time the robbers preferred to use not the gun but their skills and luckily (for Sumitomo Bank owners) and unfortunately for the thefts their knowledge appeared to be insufficient. 

Three people Kevin O'Donoghue, a bank security supervisor and two Belgian software experts, Jan Van Osselaer, 32 and Gilles Poelvoorde, 34 tried to steal £229 million ($318 million at today's exchange) from London office of Sumitomo Bank. In September-October 2004 they have installed a keylogging program on the bank’s PCs to record users’ passwords and account names. Then they tried to use this information to withdraw money from the accounts of customers among who were Toshiba International, Sumitomo Chemical, Nomura Asset Management and Mitsui OSK Lines. Actually they would have succeeded but for the poor knowledge of SWIFT system. The only line that has been filled incorrectly saved $318 million. 

All the three man have pleaded guilty. By the time the fraudsters were arrested the bank officers noticed that their computers had been compromised and addressed the police. 

Who are those hackers? Geniuses? Then why not to introduce those geniuses to work for those companies? How does it happen that Heartland Payment Systems failed to notice a malware installed half a year ago? Why the companies that proudly say that they are the largest ones do not care for their customers? Why the certificates that are allegedly protecting the systems remain just an icon on the site that just occupies some place on the site? Why should we, common people trust the giants that can easily been hacked by 20-year guys? So many questions and no answers... The reaction starts only after some breach occurs. The same situation is with offline financial institutions. So, there is nobody and no service we can trust? Seems to be so. And it is sad…