HACKERS STEAL $50k FROM E-TRADE ACCOUNT (Ft. Myers, FL)

MSNBC.com ^ | 12/30/2005 | Staff

[FerdieMurphy]

It's surprising the entire cash balance wasn't stolen!

[thoughtomator]

It's not only surprising, it's suspicious. Why would a hacker not steal the whole balance, or close to it? Why leave $50k sitting there untouched? This smells fishy.

[frankjr]

Maybe it wasn't stolen...maybe the couple forgot they invested in NY Times Company stock.

[RockinRight]

They felt bad about taking it all?

[Boundless]

As expected, the MSNBC article is pretty content-free,
but this looks like a case of keylogging. The crackers
got an applet installed on their PC, logged keystrokes
on the keyboard, and periodically phoned home with
account usernames and passwords.

Unless Windows users have a firewall, anti-virus and
anti-spyware, keep it updated, and run scans often,
they have to assume that their PC is compromised.
If they let the kids use it, it's definitely "owned"
by some cracker somewhere.

[xrp]

You can defeat keystroke loggers with Control-C and Control-V

[savedbygrace]

Maybe s/he only needed $63K.

($119,000 - $56,000 = $63,000)

[Protagoras]

The story doesn't pass the smell test.

The police don't think there is any way to track it? Nonsense.

The firm isn't all over this? Their entire business depends on a successful outcome for this problem.

How did the money get out of the account? It can't go out as cash. A transfer? Where did it go to?

I'm in this business and I transact business in these on-line accounts all day. The rest of the story should be interesting.

The reporting in this case is pathetic.

[nj26]

Poorly-written article, but I'd be quite surprised if E Trade doesn't pick up the losses.

[lastchance]

Just a guess but maybe withdrawal amounts were restricted to a certain maximum at any one time. It may have also triggered a request for verification if all the money was taken out of the account.

[tflabo]

I have friends who tell me how 'secure' online banking has become.....but for me no way in Hades will I do my banking online. Case in point.

[Prime Choice]

You can defeat keystroke loggers with Control-C and Control-V

*snerk!* And just who told you that?

[Arkinsaw]

The main gist of the article is.....E-Trade is not a safe way to manage investments.....if hacked and your money stolen E-Trade will shrug its shoulders.......when asked to respond E-Trade will clam up in defensive mode.

Thats all I need to know to not use E-Trade and to find out before hand from a company how they will react if this happens with my money in their system.

[InsureAmerica]

care to elaborate a bit?

[Boundless]

Another suspicous aspect is this line:
"We looked at the account ..."

Unless E-Trade has some pretty bulletproof protocol for
changing passwords, one of the first things done in an
account hijack (e.g. on eBay/PayPal) is to change the
password, and perhaps the contact phone number.

[for-q-clinton]

*snerk!* And just who told you that?

I haven't ever thought about that until I read it here, but it seems to make sense to me. All they'd have is a copy paste action. Now if they had a more robost logging program then yes copy paste is weak. But the problem I see with copy paste of ID/PW is that you have to store them on your machine somewhere to copy paste from. And then you're more at risk of someone getting your password file and then having free reign to all your info.

[FerdieMurphy]

Good points.

[Protagoras]

Unless E-Trade has some pretty bulletproof protocol for changing passwords, one of the first things done in an account hijack (e.g. on eBay/PayPal) is to change the password, and perhaps the contact phone number.

Passwords are easy to change and indeed it is encouraged. In this case, the password has not been changed or the customers would not have been able to log on.

Phone numbers and addresses cannot be changed online. The firms all require verification of identity. SS number, mothers maiden name or the like. Before any money is disbursed to a new address or different payee, a verification is sent to the old address.

If the account had a check writing feature, I would investigate that avenue first.

Something smells in this story.

[nkycincinnatikid]

bump

[Protagoras]

The main gist of the article is.....E-Trade is not a safe way to manage investments.....if hacked and your money stolen E-Trade will shrug its shoulders.......when asked to respond E-Trade will clam up in defensive mode. Thats all I need to know to not use E-Trade and to find out before hand from a company how they will react if this happens with my money in their system.

The person who wrote this story may have wanted some people to think that. If you bought into it based on this story,,,well,,,I'll be kind,,,you need to have more information.