That's my guess also, but the article uses the term "hackers" which implies a breaking of the encryption....if it were a matter of simply stealing users' passwords I wouldn't call that "hacking".
Too bad the article doesn't give more detail.
>>if it were a matter of simply stealing users' passwords I wouldn't call that "hacking".
FYI: Tricking a person out of their password is known as "Human Engineering"
Even a fairly strict definition of hacker (what I might call a cracker) includes the possibility of exploiting other software bugs. Your bank data is usually only encrypted while going over the internet. On both ends, your PC, and the banks computer, it is often wide open.
If I were trying to crack the bank to steal money, I'd probably go after other possible software or human weaknesses, rather than trying to crack the encrypted data going over the net. It's not even clear what good cracking the data intransit would do me.
It is as if you hired an armored car to transport your pile of cash from the mattress in your apartment, to your uncle's shoebox in his garage. If I wanted to steal that money, I'd let the armored car pass, and either sneak in before to your apartment, or after to your uncle's garage, to steal it.
In this case, getting into your PC only nets me your money, while getting into the banks computer could net me the money of many customers, if I can just figure out how to get it transferred out to someplace I can use it, without leaving a trail that leads the investigators straight to me.
One of the uses for rootkits is to hide programs on your PC that will wait until you connect to your bank, and then add a few instructions to those you send along, asking for some money to be transferred out to the bad guys account as well.
Most likely, the banks computers get hit now and then as well. That's harder (one would hope) but more lucrative. We don't hear much about such attacks, as the banks tend not to publicize them, or as in this case, publicize them with insufficient or inaccurate details.
The New York Times will probably have a full detail article soon, to show Al Quida how to do it.