Analysis: Banks seek cybershelter with "ethical hackers"
Percoco says his group almost always manages to penetrate bank firewalls or find other ways to cause mischief, from viewing confidential checking account images online to physically strolling into unsecured data centers.
"We'll call the CIO (chief information officer) and tell them, 'We're standing in the middle of your data center. Do you want to come get us?'" he said.
[My Note: Is Christian Slater with them? :-) ]
Many financial institutions are starting to bulk up security around their treasury services divisions, which can process trillions of dollars daily for large corporate clients, according to the American Bankers Association.
But now a new push toward mobile payments by big banks, from BofA to Wells Fargo, has some cyber experts worried.
On average, only 8 cents of every dollar that banks spend on IT infrastructure goes toward sustaining and securing that infrastructure, according to Tom Kellermann, chief technology officer at AirPatrol Corp in Maryland and a member of the Obama Administration's Commission on Cyber Security.
Bank security chiefs "are always playing second fiddle to the folks that are saying, 'Let's create the wonderful wireless Web portals with access to financial services through our mobile phones," he told Reuters Insider. "Most security wonks would say 'That's a really, really bad idea.'"
[My Note: Ya think?]
"I think there's been an over-emphasis in security on perimeter defenses, on the walls and moats of castles, and not enough attention is being paid on remote access and website security," he added.
[My Note: Ya think?]
None of the largest U.S. banks would discuss the latest attacks or make security executives available for interviews.
[My Note: Heh, heh.]
Woodbury Advisor payments consultant Steven Kietz, a former credit card executive for Citigroup and JPMorgan Chase, said he helped to implement federal guidelines for Internet security standards in 2006 while at Citigroup.
But he said those standards are now far out of date, and "five years later we've seen really no new efforts by any of the major banks to protect customers."
Someone the other day proclaimed this the "Golden Age of hacking". Now you see why.