The Invisible Thief—Hacking, Loans, and Banks

The days when bank robbers put on black ski masks, used shotguns, automatic rifles, specialists who are renowned for breaking into the most sophisticated of safes, loud intimidating shouts, and a paneled getaway van are slowly dwindling. The legacies left behind by Tarantino’s Mr. Pink, White, and Blonde are beginning to look dated and ancestral.  Rather, the financial thieves of today are taking a whole different approach.

Imagine if a robber could render himself invisible, effectively becoming untraceable and uncatchable. The thief has no need to be intimidating, he doesn’t need to take hostages, nor does he wait until night time when the bank is completely vacant.

Instead, he strolls in and out whenever he likes, allowing him access to not only cash but any other bits of private information he may find interesting. This is happening online, and can affect anything from your mortgage or your personal loans.

This isn’t a description of a science fiction movie plot, or something that may happen in the future. This has been a scenario banks and other holders of vital information have been attempting to protect themselves against for some time now, and unfortunately, as some believe, they’ve hit a cap that’s preventing them from protecting themselves any longer.

Keepers of Information

Banks hold some of the most important and sensitive information in existence: social security numbers, bank account numbers, credit card numbers, phone numbers, all linked to their corresponding names, addresses, and locations of consumers.

Even those who don’t keep their money in banks may have some of their personal information locked away in a digital file. When consumers apply for a loan, whether that be a mortgage, personal, auto, or any other type of bank-backed loan, they are required to disclose very private and sensitive information about themselves. That information is not deleted once the transaction is satisfied. Instead it’s kept on the bank’s records and stored in case a customer returns.

While the individual may not be able to access their own information—or even be aware a bank has it—there are others who might: others whose intentions are quite different than the consumer’s it belongs to.

The Invisible Thief

Today’s banks and financial institutions have to arm themselves against the invisible thief—the computer hacker. As the internet allows information to become more readily available with each passing day, computer users are learning how to “hack” at an increasing rate. Popular amongst high school and college-aged computer users, hacking is quickly becoming an out-of-control problem that is not nearly as easy to fight as many of the less tech-savvy believe.

“Last year there were more online bank robberies than there were actual on-site bank robberies,” said Sean Sullivan, a security adviser at internet security firm F-Secure, to bankrate.com. “Banks have become very proactive in protecting accounts from hackers, but it’s still quite a large problem. We see all types of new attempts every day.”

Hackers steal information, not goods. They conceal their identity through anonymous internet protocol (IP) addresses, and attempt to break through virtual security systems in pursuit for whatever bit of information they’re after. They can attempt their digital breaking-and-entering from anywhere in the world with a computer and internet access, and—perhaps the most frightening of it all—are becoming better at what they do than many government hired computer scientists and security advisers are.

Security is Breached

Huge corporations and even the government itself are having difficulty shielding themselves from this growing army of thieves.

Take for instance Bank of America, the United State’s largest financial institution. Earlier this year, a hacking group that calls itself “Anonymous” broke into B of A’s email database.

The hacking group claims to defend against any entity that infringes on the rights of others. In this case, B of A was targeted because Anonymous felt they were oppressing home loan holders. Anonymous gave to the public a huge pile of internal B of A emails that revealed unscrupulous home loan activity that the bank’s employees were participating in. From changing numbers on home loans to deleting mortgage loans all together, Anonymous exposed the criminal activity happening behind what employees believed were closed virtual doors.

B of A’s website also experienced a huge amount of downtime in October of this year. When four and five days go by and a huge corporation’s website is unable to stay standing, they’re usually the victim of a website barrage attack called a distributed denial of service, or DDOS, attack. “A site of that size should be expected to handle a huge volume with no trouble at all,” explained Steve Gibson, an internet security expert, to ABC News. “The only time we ever see anything like this is when some major site has upset a group of hackers.”

Even the government has proven to be vulnerable to hacker’s antics—but in the government’s case, it’s not just finances that are at stake.

WikiLeaks, the website founded by the now infamous Julian Assange, was responsible for revealing sensitive information held by the United States Government. The website disclosed the inner workings of the government’s foreign policy, and even exposed the identity of undercover operatives.

Then, in a frightening display of power, another hacking group called LulzSec demonstrated their prowess when Black & Berg Security, a cyber security agency that claimed to have ties with the federal government and whose former About Page preached to offer security that “exceeds that of the NSA and Department of Defense,” offered a $10,000 reward and a senior security advisor position if their homepage was hacked and the image was changed. After a short time, an illustrated man with a top hat appeared on Black & Berg’s website, with the sentence typed in caps-lock, “Done, that was easy. Keep your money we do it for the lulz,” resting at the top. Black & Berg has since taken their website offline.

From emails and personal loans to the identity of spies and security firms, and to online banks — it seems nothing is safe on the digital playground most of us visit every single day.

We’re in Their Element Now

Like a fish out of water, the common computer user, despite what they may think, really has no clue how the internet or their computer works. There are layers and layers of computer code all working in unison to provide consumers with the aesthetic, user-friendly experience they encounter whenever they operate their systems. But computer hackers are the digital engineers floating through the internet grid with full knowledge of exactly what they are doing. Anytime an average consumer logs onto their computer, they enter a foreign land, skirting across the surface as an outsider. (Still don’t believe it? Right-click on this webpage and select view page source—all of that code is what makes this page display and operate the way it does).

While private businesses and governments have been the target of some hacking groups, it’s the common computer user who is most susceptible to a security breach.

Through the use of Trojans viruses, hackers can follow a bank user’s footsteps as they sign online to check out their balance or personal loan status. Then, as Will Smith and Jeff Goldblum hid in an alien craft to breach the mother ship in Independence Day, hackers conceal themselves looking like the customer, and nuke the customer’s bank account once they’ve safely passed security measures.

How do I Protect My Account?

There are a few steps proactive consumers can take to make sure their accounts are protected when applying for or monitoring their personal loans online.

In order to provide themselves with the most amount of protection, consumers should:

• Never access their account or personal loan statements from a shared or public computer
• Make sure the bank’s website begins with “https://” (the “S” stands for secure)
• Never access a bank’s website from a third-party link, such as from an email that comes doesn’t come from the bank directly
• Use anti-virus software and keep computer firewalls up and running
• Carefully review all bank statements and report any suspicious and unapproved transactions immediately
• Avoid non-reputable personal loan brokers and providers
• Log out of every banking or loan monitoring session on any computer

If consumers do find themselves the unfortunate victim of hackers and digital theft, they should contact their bank and report the incident immediately. If the money stolen was from a consumer’s checking or savings account, they are protected under the Electronic Funds Transfer Act, which limits a consumer’s losses to $50 so long as the theft is reported within 60 days.

When consumers are simply obtaining personal loan quotes, don’t input information such as social security numbers or bank routing numbers. Stick to providing public information, like names, addresses, credit scores and contact information. After receiving a personal loan quote (or a quote for any other type of loan), a consumer should contact the loan provider directly or wait for them to receive contact from the provider. Ultimately, don’t put sensitive information on non-reputable third-party sites.

By taking these self-protecting measures, consumers (regardless of their tech knowledge) can thwart the invisible thief’s efforts at getting access to victims’ accounts. Like buckling up in a car, consumers can use online banking in confidence, and can manage their online personal loans from the comfort of their own home so long as they adhere to the proper safety guidelines.