Tuesday, January 19, 2010
"The [FBI] is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang, according to government officials. ... It couldn't be learned whether the thieves gained access to Citibank's systems directly or through third parties. ... The attack underscores the blurring of lines between criminal and national-security threats in cyber space. Hackers also assaulted two other entities, at least one of them a US government agency, said people familiar with the attack on Citibank. ... The FBI and the National Security Agency, along with the Department of Homeland Security and Citigroup, swapped information to counter the attack, according to a person familiar with the case. Press offices of the federal agencies declined to comment. Citigroup said, 'Allegations of a breach of Citi systems and associated losses are false.' ... Losses to online crime of all types exceeded $260 million in the US last year, the FBI estimates. Attacks on corporations are 'at an epidemic level,' former White House cyber-security director Melissa Hathaway said recently. US banks have generally been loath to disclose computer attacks for fear of scaring off customers", my emphasis, Siobhan Gorman & Evan Perez at the WSJ, 22 December 2009, link:
Absent national security implications, I would tell the FBI drop this case. $260 million in annual losses is peanuts. Vampire Squid (VS) got $13 billion from the AIG bailout, 50 times the annual cybercrime total. I note the FBI jumped on this. Well FBI, how many people have you investigating the AIG-VS fiasco? If Citigroup denied the breach and lied about it, will Preet Bharara indict anyone for securities fraud? Will KPMG find Citigroup committed an illegal act? Will Dudley Doo-Right save Nell Fenwick? Isn't it nice to see how concerned the Feds are about attacks on corporations? The DOJ's case selection is designed to further DOJ employees' careers. Never forget it. Where's the SEC? What's this "loath to disclose" nonsense?