GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I can't think of any way of doing that without leaving a trace that could get you in a lot of trouble ... but I'm no hacker so watch out.
If you want the gory details of how it was done you might not get that sort of information here.
Generally speaking the weakest link is allays the end user so be ware that you could be subject to fishing or man in the middle attacks at any time.
Do your best not to be the weakest link in any security chain ...
Never accept insecure ssl certificates as they can open a way to man in the middle attacks even when using https.
Make sure the emails you receive are from who they claim to come from especially if they ask you to visit some URL, for whatever reason, and make sure that the URL they want you to visit is actually going to take you where it claims and not somewhere else that only looks like what it claims.
Never accept to authenticate anywhere via insecure channels (http or any other clear text protocol).
Don't execute attachments unless you are 100% certain that they are come from a trusted sender, that they were consciously sent and that the content is not malware.
I've always largely been of the opinion that you ultimately leave tracks. Like that guy said in the Die Hard movie, something like "if you steal 60 dollars, no one will look for you ... if you steal 60 million dollars they WILL find you, unless they think you are dead." Of course the modern day CSI thingy would be that his evil plot of blowing up the building still would not work. They'd sort through the rubble and explain literally every piece of DNA until they were sure, and those bearer bonds he was trying to steal also would be flagged and traced. They'd know.
The only difference in all that stuff is the extent of risk they'll take, how far they'll cross the line.
I don't know why politicians would profess any concern over "60 million dollars," since the US Federal Reserve "borrows from itself" (sic) about $2 million dollars a minute, 24/7/365. (Most of which money is, one way or the other, spent on Continuous War, despite various attempts to conceal the actual extent of it by burying the expenses in other parts of the budget.)
Funny thing about banking today is money never changes hands anymore, everything is electronic transfers. So if you could wipe out the transfer once the transaction was finished you would more or less get away with it without them ever finding you.
From what I have gathered so far about this story it seems to me as if it was an " inside job " and the money did not sit in any one place long before accounts were cashed out and closed. It seems that the easy way to steal identities makes it very easy to set up phony bank accounts to cash out illegally wired money transfers!!
Way back in the bad ol' days around 1975 a friend of mine and I would walk into a bank with a single
German currency note (forget the denom. but '1000' sounds about right) that we purchased for 1 USD
and happily "exchange it for the current rate" of a couple of hundred US bucks.
Although this story indicates that the software is based on Windows ... ... there is a fundamental problem in our world-wide reliance on distributed (esp. "open-source") software systems:
We rely upon the software on every system to be unmodified, but we have no way to detect nor to confirm this.
Every computer "trusts" every other, but implicit in that trust is one thing which none of the peers can actually verify: that the software running on each peer is identical. "The most obvious attack-vector in all the world" is to tamper with the software on any node(s).
Also, it is perfectly ridiculous (IMHO™ ...) to look to "outside hackers, in faraway lands," as the probable culprits. In my opinion, these crimes are inside jobs, anywhere and everywhere they occur.
In a place like Bangladesh, where someone might spend all day watching trillions of dollars flying back-and-forth between nations (using software that he is apparently able to "compile" ...), and then at the end of the day he's expected to go home to a hovel ... what do you expect any reasonable (group of) people to conspire to do? The people who work inside the place, and who are authorized to do what they do, have: "the means, the motive, and the ability to cover it up."
I'm quite sure that this incident is merely one that has been discovered, and made public.
Last edited by sundialsvcs; 04-27-2016 at 07:30 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.