25m at risk from bank hack

6 February 2012

hackersThose pesky hackers are at it again, making a bee-line for Britain's 25million internet banking users after cracking the latest generation of security devices. You know those calculator-style keypads you have, to help you set up payment and the like? Well, those naughty crims have cracked them.

Gary Clark, of data protection company Safenet, said the findings of a BBC investigation 'raise serious questions' over ordinary anti-virus protection. What is happening is that hackers have unleashed a bug that tricks users into taking part in training for an 'upgraded security system'.

You log on, and they can harvest all that lovely information you give them from your device. From there, money is moved out of your account by a trick called 'Man in the Browser' (MitB).

Daniel Brett, of testing lab S21sec, told the BBC the attack is a 'very specific, advanced threat, specifically focused against banking.'

The general advice seems to be along the lines of making sure your anti-virus/malware software is constantly up-to-date and, effectively, ignore any requests from your bank to complete any surveys.


  • Mike H.
    'Please enter your your security code' 'Password' 'Mothers maiden name' 'passcode' 'pets name' 'your first school' 'your favourite colour' 'inside leg measurement' 'far end of a fart' 'your session has timed out'
  • Mary H.
    What the fuck do the BBC know? All they know is how to make is 'Downturn 'Fucking' Abbey' as it's being commonly referred to.
  • LanceVance
    2543 armPIT123 Brown Umbrella Fluffy Gaylord First School Purpleygreen Trump Do i win a prize?
  • Mike H.
    urmm.... isn't Downton Abbey ITV?
  • dt
    MH - fail =) I quite Like Downton Abbey!
  • lumoruk
    haha MH oh dear.
  • Sawyer
    I don't understand. The headline and opening paragraph of both articles suggest a major hack (of what, I'm not sure), but the details describe something more akin to phishing, which is nothing new for banks.
  • Al
    They haven't really cracked the keypad things and this isn't really anything new. The point is that you can have as many complicated passwords and keypads as you like but once a user is logged into somewhere they are at the mercy of whatever malicious software is in their browser/computer. The banks just need to give us more control over the security of our accounts. For example, why can't I disable doing bank transfers to international destinations or disable transfers over £1000? If such a transaction happens then I'll get prompted to ring the bank and enter the code from my keypad thingy. Users who do these things regularly can enable these transactions whereas those of us who don't can prevent someone pocketing our cash.
  • Alexis
    Handy tip - avoid Lloyds. Their online banking calculator / card machine is absolutely horrendous. If you need to pay 5 or 10 people through internet banking there is a very high chance you'll commit suicide before getting to the end.
  • Mike H.
    Shows how much TV you sad cunts watch. I blame the BBC with their Downturn 'Fucking' Abbey.
  • Gaylord S.
    Mmm, I had the "Man in the Browser" withdraw a large wodge from me recently. Of course, I mean "Man in my Arse". And I mean deposit.

What do you think?

Your comment