I think it is safe to say that ways to cover one's tracks still exist. Otherwise rogue groups like Anonymous would not still exist (in some locations, murder would be the result) and it is not so long ago that The Silk Road was brought down only because of the owner's foolish cross contamination, revealing who he was. If the news is to be believed, it is much more fruitful to gather millions of credit card account information data than one offs and only last year this occurred with at least one major. Apparently the new chip-basd cards are one attempt to minimize such fakery but it is by no means 100% secure

I wonder just how long it is going to take some enterprising criminals to use the new cards to steal some money??

So the banking system needs updates as more hacking is going on:
http://www.nytimes.com/2016/05/01/bu...king.html?_r=0

Personally, "I don't think we have heard the last of this issue yet."

Speaking (much) more generally, we have constructed a cloud of strategically located computer systems which are located in places in the world where labor is cheapest. And then we simply "trust" anyone and everyone who works there. We install open source software on these machines, and simply "trust" that no one (and, no [foreign ...] company) with whom we are thereby necessarily dealing, is smart-enough and devious-enough to surreptitiously modify the software that they run. (Consider: "If they did, we'd have no way to detect it.")

In short, there is a human-trust issue that we have not yet properly considered, even as we have ostensibly "worked so hard" to build technology-based trust systems. We allow "anyone and everyone who says they know PHP" to get to the very guts of our systems ... and to build those "guts" ... no matter who they are or where they are, "as long as they're cheap."

Per contra, if you want to make a new addition to anyone's physical house, you must be a "licensed general or residential contractor." (This does not mean that you are not also a scumbag, but it helps.)

You can't build secure software/hardware systems without knowing the people who build it and who have access to it ... and the companies, as well. In a world of "trust, but verify," we have provided no way to "verify" ... people.

So, we're still trying to convince people that those "hackers," who have by now cost us trillions of dollars in losses, "invariably come from 'far, far away.'" That notion, though, is wearing thin, because we have not yet begun to mind our own store. We "simply 'trust' everyone," as we give thousands of people "the motive, the means to do it, and the ability to cover it up." We have neglected (and stubbornly resisted ...) all forms of licensure or official, government-issued certification in our industry, even as countless other industries have had these things for years. Can we truly say that our "software" is not as critical to the well-being of millions(!) of people, as are our roads, our buildings, our mechanical devices of various sorts, and our homes?

With the Internet as it is today, there's an extremely blurry line between "banking" (and any other "official" use of said network) and any other form of electronic commerce. Eventually, legislators are going to recognize this, and our industry is going to have to help them do so. (Although, instead, I fully expect a vociferous repeat of "what Apple just did with the FBI" ... ) We can't build secure systems without securing the people, too. We can't confine "the damage caused" just to the banking industry.

There is trouble brewing ahead, in the not-too distant future, for all of us in our industry here and now.

Amen, Sundialsvcs, Amen!!

In 1965 I met a guy who talked about stealing money from banks using computers. Guess banking and crooks have improved equally since then. Or maybe not improved at all.

Crooks are a world wide free for all automated exploit of systems. In various countries there is no law to speak of and they are not interested in what gets stolen in other countries. Crooks can spend all day and all night working on ways to access free money.

I have to admit that I worry about what steps " governments " are going to take regarding the internet " in the name of stopping the criminals "!!

It is easy to anticipate that data processing will become a licensed, regulated industry. For instance, in order to be working on a system that has anything to do with financial transactions involving citizens of the United States, you must be (a) a US Citizen, and (b) must hold an appropriate level of Federally-issued licensure, operating under the command-and-control of a licensee at a higher and more general level. You must "earn your way up," and you run the risk of losing your license (and hence, your ability to work in the industry at all) at any time.

If this seems "strange and non-democratic" to you, think again. "Software engineering" is the only non-regulated "engineering" discipline. Even the people who install low-voltage wiring(!) are subject to licensure. Instead of being "the new, free, Libertarian Brave-New-World Normal" that is still being anxiously talked-about in the few remaining Berkeley coffee-shops that haven't turned into Starbucks , the truth (IMHO) is that "the lassiez-faire that you might have grown-up with" is about to permanently change.

There is probably no industry on planet Earth that is more pervasive, now, than "computing." We have put devices in everyone's hands, and we should have fully foreseen the consequences of that act: when we connected billions of people "as individuals," we also made them vulnerable "as individuals, by the billions." But we haven't addressed the human side of our own business. "We are too goddam*ed trusting." Fatally so.

As someone said " freedom is a two edged sword "!! It's just sad that being " hacked " goes along with using the internet!!

Actually, I feel quite free to reject "this very-fatalistic notion" out of hand.

I think that if you very-carefully look at most, if not all, of the "hacking" cases that have claimed so much attention in the past few months and years ... whether they involved "small amounts of money" or (literally ...) "trillions," you will find that "the presence of an international high-speed telecommunications network" is not actually a factor.

I would hazard that every one(!) of these cases is actually ... "an inside job," and that the perpetrator might not(!) be "an individual."

In the past half-dozen years or so, our Accountants (and, our Capitalists ...) [self-]confidently assured us that "any cheap(er) Source of Labor™ would do." Why not build a "cloud data center" in Calcutta? Why not build another one in (or very, VERY near ...) a country that the USA has bombed unmercifully over the last fifteen(!) years?

Why, exactly, should that "oh, so American" foreign company, which glad-handed your delegates in just the right way before getting them just-enough drunk, actually be what they earnestly wanted to convince you that they were ... when all of them had families who had been obliterated by your bombs and/or starved by your war-induced famines? (Sorry. "Reality sux.™")

Or ... "why hire American citizens, when you can re-create 'Indentured Servants' (prohibited by the 13th Amendment ...) through a mere trick of immigration law?" (Northern capitalists fought mightily to strike the phrase ... "or involuntary servitude" ... from the text of that Amendment!)

I suspect that a great many of the transgressions of the past dozen-or-so years are finally settling back home to roost, to the great consternation of the people who innocently believed that "an international high-speed telecommunications network" would, alone and by itself, somehow transform the world.

"First of all, it is utterly impossible to bluff a digital computer."

"Second, technology can never usurp [the darkest and most-foul movements of ...] human nature."

As a computer user that has no idea how to code etc. I have to endure spammers and hackers etc. because I love using the internet. Many of my senior friends have gotten off of the internet because of the thievery etc. How many innocent people were victimized by A.O.L. continually dipping into their bank accounts many times a month to collect their " monthly fee "?? AOL paid a fine but no one went to jail. Internet banking is very nice but it is also very dangerous!!

I fear that we have spent too much time fingering "spammers and (far away) hackers," when it is becoming ever-more clear that the root causes of our (multi-trillion dollar ...) problems, are probably internal.

I really don't know what we were thinking, when we started bringing people by the millions from places like Bangladesh, and put them into the innermost workings of our data-centers, and also set up remote data centers in those same places and gave them access to all of our data. It's an easy three-hour flight from there to a country which the United States has been bombing, night and day for over fifteen years in a war that it never declared and which it obviously has no plans for ending.

Apparently, we did this only to circumvent US labor laws, using the mechanism of "non-immigrant visas" to put these people in conditions of effective peonage for 2, 4, or 6 years before sending them back where they came from and bringing back another shipload of "IT workers."

And we seem to trust "everybody everywhere," if they're cheap enough, without any means to verify. Why do we blindly trust even foreign banks ... the people who work in those banks?

Even at home, there are no controls. Walk into any coffee-shop in America without a computer and a smart-phone in your hand, and I assure you that you are the lonely exception. You're looking at a quasi-professional industry that has access to ... well, now, "everything about everybody" ... and there's not one scrap of licensing nor any other form of qualification or internal controls to be found. It is much more difficult to become a landscape architect, a plumber or a low-voltage wiring installer. "We don't really know who you are, where you came from, or what your motivations might be, but ... you say you know PHP? You're hired!"

This is not going to be the way of the future, folks. Enjoy things the way they are right now, if you want to, but don't expect it to continue, because quite frankly it can't continue. Our industry is going to have to mature and grow up. Data processing, in its present deployment, is easily the most pervasive intruder into the daily affairs of virtually everyone on Planet Earth. We made it that way. But, the fact that we did so is going to change our industry itself.

Very excellent points, Thanks!!

Stealing money from a bank online? easy, in fact too easy as many banks still use windows XP and other outdated software.
Now trying to destroy the world with nukes? a far better challenge, mwahahaahahahaha!

When I worked with some dangerous stuff we used HP Basic to guide them.

I did work for big computer company making banking systems. They would be running (unix) and very multi redundant. In fact on some systems they'd have 8-32 boards that all had to be in sync for every transaction.

Even the ATM's were running OS/2 for a long time. Maybe security through obscurity.

Most times these hacks have nothing to do with the OS but rather some weak link in the chain of security.

I like the guy who got a password by calling the help desk and saying he was new and forgot his password so they gave him a temp on where when went on to hack into the system.