Report: FBI probes hacker attack on Citigroup
Citing anonymous government officials, the Journal reported that the hackers were connected to a Russian cyber gang. Two other computer systems, at least one of connected to a U.S. government agency, were also attacked.
Citigroup denied the report. "We had no breach of the system and there were no losses, no customer losses, no bank losses," said Joe Petro, managing director of Citigroup's Security and Investigative services. "Any allegation that the FBI is working a case at Citigroup involving tens of millions of losses is just not true."
The Journal reported that the attack on Citigroup's Citibank subsidiary was detected over the summer, although it may have occurred up to one year earlier. The FBI, the National Security Agency, the Homeland Security Department and Citigroup worked together to investigate the attack.
On Tuesday, Obama announced the appointment of Howard A. Schmidt, a former eBay and Microsoft executive, as the government's cyber security coordinator.
Internet attacks on banks are very common, said Tom Kellermann, a former senior member of the World Bank's Treasury security team and now vice president of security awareness for Core Security Technologies.
While he said he has no knowledge of an attack specific to Citigroup, Kellermann said Tuesday that large financial institutions are "consistently targeted" by criminal organizations in Eastern Europe, Brazil and Southeast Asia.
"Ninety-eight percent of bank heists are now occurring virtually and not in the real world," he said, adding that the industry is "hemorrhaging funds" as a result.
Banks that accept deposits made more than 53,000 reports of wire transfer fraud between April 1996 and the end of 2008, according to the Department of Treasury's Financial Crimes Enforcement Network. These reports are filed when a bank suspects criminal activity, though they are not necessarily evidence that a crime was committed. Nevertheless, such reports have been increasing. Nearly 15,000 of these reports were filed in 2008, up from 9,300 the year before.
It's often difficult to determine who pulled off a virtual bank heist. Hackers tend to use "botnets," worldwide networks of "zombie" personal computers they've infected with viruses without the knowledge of the computers' owners.
And even if the hackers are caught, punishing them is another hurdle.
"Less than 30 countries have actually criminalized cybercrime," Kellermann said.
©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.