Citigroup gets hacked, some data exposed

Citigroup has confirmed that a security breach has given hackers access to basic info for 1 percent of its bank card customers.

The breach occurred in early May and was found by Citi through routine monitoring.

Citi Account Online was hacked, and 1 percent of card holders are affected, with their names, account numbers and email addresses compromised.

About 210,000 customers are affected, out of 21 million customers adds the bank.

More sensitive information, like birth dates, SSN and card security codes are locked down elsewhere and were not compromised.

It is unclear whether customers have seen an increase in phishing attacks since the breach.

Written by: Andre Yoskowitz @ 9 Jun 2011 0:56

FreedomPatriot (unverified)

This world is dominated by a banking cartel that has the politicians and corporations in their back pocket, so these hacking incidents are not a coincidence. Especially when internet censorship bills such as Cyber Security and Protect IP bill are being/trying to be passed.

These events are manipulated and controlled so they can be used as a pretext to gain support for these bill, which will reduce the freedoms of the citizens. They pretty much want to track all out internet activity, and censor any information that does not suit their agenda.

9.6.2011 02:08 #1

lomtevas

Here is what happened to me. My landlords son worked at Chase. He accessed without my knowledge all of my accounts to snoop for my information. He was fired and I sued my landlord. To date, I still do not have a report from Chase how deeply he snooped. I run a law office and I know he went into my business account and observed transactions involving my clients. The FTC and the FBI did nothing. So I imagine we will be reading in the news how thousands of Chase customers accounts were hacked when in fact nothing was hacked: in my case Chase sat on its ass and kept quiet about an insider whom they failed to properly supervise and who later released his accumulated data.

9.6.2011 07:25 #2

Mez

Originally posted by FreedomPatriot: This world is dominated by a banking cartel that has the politicians and corporations in their back pocket, so these hacking incidents are not a coincidence. Especially when internet censorship bills such as Cyber Security and Protect IP bill are being/trying to be passed.

These events are manipulated and controlled so they can be used as a pretext to gain support for these bill, which will reduce the freedoms of the citizens. They pretty much want to track all out internet activity, and censor any information that does not suit their agenda.

What have you been smoking??? You you really think banks hack themselves or want to be hacked to gain power over you? Banks are excedinly, greedy, lazy and stupid. You are pretty niave as well. I bet the US already tracks what you do. They have robots scanning everyones email, cellphones ect. If your emails have too many of the wrong words in them they will have robots track everything you do and anything you say on your cell phone. They have all the master keys for any Western cybher routine. I ran a test trying to send a zip file with data I had encrypted using my one encryption app. I couldn't email it. You can only email data encrypted that the master key is known. 1984 is already here! I am sure they realize you know too much not to be watched so they are tracing your every move though cyber space learning more about you. The more they know the more they will fear you and want to know everything about you.

lomtevas, if you are in ther US look into locking your credit reports. Anyone trying to access your credit without a pin# is assumed to be a thief and the bank will set up a trap for them. Once the thief 'hits' one of those 'land mines' his days are numbered because they are on to him without his knollage. If they can't get him one way they will try another. This kind of idenity theft is starting to level out after many years of doubling because of this process.

9.6.2011 09:58 #3

LordRuss

Originally posted by lomtevas: Here is what happened to me. My landlords son worked at Chase. He accessed without my knowledge all of my accounts to snoop for my information. He was fired and I sued my landlord. To date, I still do not have a report from Chase how deeply he snooped. I run a law office and I know he went into my business account and observed transactions involving my clients. The FTC and the FBI did nothing. So I imagine we will be reading in the news how thousands of Chase customers accounts were hacked when in fact nothing was hacked: in my case Chase sat on its ass and kept quiet about an insider whom they failed to properly supervise and who later released his accumulated data. The statute of limitations is probably over, but I'm sure my landlord of last year may also be in violation currently as well so look me up if your firm is interested. One of landlords in Florida actually worked for Equifax and consistently checked my credit history and possibly put information into my credit report with out my knowledge.

It's bad enough that insider trading goes on as it does, but for this kind behavior; deceit at this level. For once I would like to see the law actually prevail without a price tag dangling beneath.

http://onlyinrussellsworld.blogspot.com

9.6.2011 13:44 #4

xaznboitx

More sensitive information, like birth dates, SSN and card security codes are locked down elsewhere and were not compromised.

Sony should learn something from them. At least SOME files were not compromised.

9.6.2011 21:22 #5

Oner

Originally posted by xaznboitx: More sensitive information, like birth dates, SSN and card security codes are locked down elsewhere and were not compromised.

Sony should learn something from them. At least SOME files were not compromised. Sony, Nintendo, Square-Enix, Codemasters, Lockheed Martin & now CitiGroup have been recently hacked along with the Pentagon, FBI, Nasa, Other Major Banks plus many other companies too...people really need to get over focusing on just 1 company when people/consumers compromised information and what the hackers are actually doing is what is key here.

Quote:Things like this happen because skilled people find ways around ANY type of security. It's really more like a lock that can be picked by a person that figures out a way to make the right key more than it being an "open door"

Search > http://forums.afterdawn.com/search
Rules > http://forums.afterdawn.com/thread_view.cfm/2487
Important Rule > http://forums.afterdawn.com/thread_view.cfm/380660

10.6.2011 05:54 #6

Mez

Oner, I have not seen your posts before. Any is as large a word as Never.

I took a security course once that I just took for grins and the user group said it would be worthwhile. I thought I was near expert. It was the most amazing course I ever took. The guy was an ex-hacker and knew all the world class hackers at the time. His theory was make your application an order of magnitude harder to break than most secure systems. He stared with a 'secure' system then added layers and layers of confusion. The effect would be shock and awe for the would be hacker. You can make a system 10 times as secure as a very secure system but at an extreme cost. Hackers rely on the fact nobody wants to pay that much.

One such scheme is to have 80 % of the tables, columns and rows to be red herrings. Disk space even back then was fairly cheap. Columns were all the same length (type char) and would change their name (value) depending on row. Each table that contained real values had an algorithm that would swap the �column names� per row. When you appended a row depending on a counter you would add several rows of garbage encrypted by the application then to be encrypted by the database. On a real row the column �names� were selected by a routine. If all columns were 250 wide and the true column was 25 wide garbage was put front and back then encrypted by the app. It would also add rows of pure garbage to many rows in dummy columns. The idea is to most of the data crap. Downloading it would take forever giving security time to catch the hackers. I am sure banks only protected their system with commercial encryption and possibly not even that. I doubt anyone goes to that much trouble. If they did those systems would be hard to crack. Since you will need brute force to crack the next layer it will take forever to crack pure garbage. Pushing the garbage to 99% would make it even harder to download and decode. Hackers are expecting to break into the usual stuff.

Performance would suck which would be the biggest cost.

10.6.2011 08:29 #7

LordRuss

Originally posted by Mez:

Performance would suck which would be the biggest cost.
Which is one of many reasons why we seem to be having a rash of cyber attacks all over the world.

And probably because there's a bunch of freshly educated junior college students that are bored, dicks are itching and they're looking for something to do before summer semester?

http://onlyinrussellsworld.blogspot.com

10.6.2011 12:29 #8

Mez

I suspect it is just easy pickings. Banks are short sited and too cheap to have better than minimal standard security. That can be broken by a clever hacker if they get lucky. They would never go the 'extra mile' to really secure their data.

10.6.2011 12:47 #9

LordRuss

Maximize the minimum. I suppose I shouldn't bitch. I do it with my car insurance.

http://onlyinrussellsworld.blogspot.com

10.6.2011 13:11 #10

Gnawnivek

Originally posted by xaznboitx: More sensitive information, like birth dates, SSN and card security codes are locked down elsewhere and were not compromised.

Sony should learn something from them. At least SOME files were not compromised. Okay, PSN breach sucked ass, no questions there... But a bank? Come on now, compromised bank accounts are no joke.

Peace!

11.6.2011 22:52 #11

LordRuss

Originally posted by Gnawnivek:

Okay, PSN breach sucked ass, no questions there... But a bank? Come on now, compromised bank accounts are no joke. I'm with you on that one. You'd think with all the sublime appearance of a church & the gaudiness that they display, the last thing a bank would do is lose the one thing they covet the most... Yet they are one of the biggest scam artists out there. People always give lawyers a bad rap... get to know a banker. I've known murderers that are better human beings than some bankers.

It's kind of like this weird cliche' I've told my kids to beware of as they grow up & people around me think I'm an ass until they fall victim to it... goes something like this,

"If it sounds like BS it is. So remaining silent, not telling the guy he's full of shit is the same as telling him he's right. Which means he's going to start believing in his own BS. If he starts believing it, then he starts to get others to believe in it to... Then the next thing you know he no longer has control over the BS monster he has created. In the meantime, you may or may not have tried to warn people about this happening, but it was too late. You 'should' have spoken while the iron was hot.

Equally so... DON'T start to believe in your own bullshit!"

My point being a bank will pull the wool over our eyes just as fast too. With the recession turning into a depression, it's getting to a point I'm going to hide my money in a mattress. Criminal activity isn't just in the street any more. I swear, the old west is going to make a comeback. Or my meds need a little tweaking... one or the other.

http://onlyinrussellsworld.blogspot.com

12.6.2011 12:19 #12

bandoogie

Originally posted by Mez: Originally posted by FreedomPatriot: This world is dominated by a banking cartel that has the politicians and corporations in their back pocket, so these hacking incidents are not a coincidence. Especially when internet censorship bills such as Cyber Security and Protect IP bill are being/trying to be passed.

These events are manipulated and controlled so they can be used as a pretext to gain support for these bill, which will reduce the freedoms of the citizens. They pretty much want to track all out internet activity, and censor any information that does not suit their agenda.

What have you been smoking??? You you really think banks hack themselves or want to be hacked to gain power over you? Banks are excedinly, greedy, lazy and stupid. You are pretty niave as well. I bet the US already tracks what you do. They have robots scanning everyones email, cellphones ect. If your emails have too many of the wrong words in them they will have robots track everything you do and anything you say on your cell phone. They have all the master keys for any Western cybher routine. I ran a test trying to send a zip file with data I had encrypted using my one encryption app. I couldn't email it. You can only email data encrypted that the master key is known. 1984 is already here! I am sure they realize you know too much not to be watched so they are tracing your every move though cyber space learning more about you. The more they know the more they will fear you and want to know everything about you.

lomtevas, if you are in ther US look into locking your credit reports. Anyone trying to access your credit without a pin# is assumed to be a thief and the bank will set up a trap for them. Once the thief 'hits' one of those 'land mines' his days are numbered because they are on to him without his knollage. If they can't get him one way they will try another. This kind of idenity theft is starting to level out after many years of doubling because of this process. I'm with Freedom Patriot here. You are aware of 1984, so you know what the deal is. How do we even know this story is true? Like false stories are never planted to manipulate the public.

12.6.2011 17:35 #13

Mez

You are all not reading the comment before responding. The banks kept the most sensitive material better secured so they didn't get everything. That was what xaznboitx comment on I don't know what the rest of you read.

12.6.2011 17:39 #14

Gnawnivek

Originally posted by Mez: You are all not reading the comment before responding. The banks kept the most sensitive material better secured so they didn't get everything. That was what xaznboitx comment on I don't know what the rest of you read. Hmm, I read this part and I personally think bank account shouldn't be compromised, personal info like address is less important.

Quote:
Citi Account Online was hacked, and 1 percent of card holders are affected, with their names, account numbers and email addresses compromised.

About 210,000 customers are affected, out of 21 million customers

Peace!

12.6.2011 21:51 #15

Mez

"Hmm, I read this part and I personally think bank account shouldn't be compromised,"

No argument there.

14.6.2011 11:22 #16

AfterDawn: News