A remarkably lucrative $6.7 million cyber bank heist of South Africa's state-owned Postbank provides an outstanding case study of just why 2011 was the year of the cyber criminal: The insecurity of the Internet, coupled by organizations' failure to embrace sufficient security practices, make cyber crimes too high-value and low-risk for bad guys to resist.
The heist, which took place during the first three days of January, went down like this, according to Sunday Times: Using stolen login details for a Postbank teller and a call center agent, the perpetrators transferred 42 million rands (around $6.7 million) into several accounts they'd opened throughout the country late last year. The thieves -- likely part of one or more cyber crime syndicates -- were then able to continually withdraw the cash via various ATMs over a three-day period. They managed to take out so much cash by using the aforementioned stolen credentials to authorize larger-than-usual withdrawals.
The theft is under investigation, and there are plenty of questions to be answered. Among them: How did the perpetrators get their hands on login information for a teller and a call-center agent? There could have been insiders involved, but then, cyber thieves have proven themselves entirely capable of duping victims into coughing up login credentials via clever (or not-so-clever) social-engineering attacks. End-users, time and again, have proven themselves tremendously weak links. Combine that with organizations' propensity to ignore best password practices, and you're practically handing over keys to bad guys.
Also, why were the perpetrators able to use login details of relatively low-level employees to significantly increase withdrawal limits? Best security practices would have companies limit how many users have admin-level privileges on their network; it would be prudent for organizations to also assess what other powers lower-level employees have, in light of how easy it's become for hackers to impersonate victims.
Postbank may be able to eventually figure out how the bad guys pulled off this multi-million dollar theft, and hopefully it will reassess its security practices to close up holes. Given the low-risk nature of cyber crime, however, there's a good chance the perpetrators will get off scot-free. Perhaps the biggest question in all this is, will a successful $6.7 million cyber bank heist do anything to spur the move toward making the Internet safer, or do we continue to rest on our laurels until as bad guys pull off not only criminal acts, but terrorist acts as well?
This story, "Will a $6.7 million cyber heist spur a move toward fixing the Internet?," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.