FBI investigates cyber attack on Citigroup, WSJ reports

Reuters

Published: 7:02AM GMT 23 Dec 2009

"There has been no breach and there have been no associated losses," Citigroup
said in a statement.

"Occasionally, as with virtually all financial institutions, there are
instances of fraud or breaches of third-party systems that result in our
taking actions to protect our customers and Citi," the bank added.

The cyber attack, believed to be linked to a Russian gang, was aimed at
Citigroup's Citibank subsidiary, the
Journal reported paper reported, citing unnamed government
officials. It also said the hackers may have gained access to the bank's
systems through third parties.

The attack on Citibank is believed to have taken place over the summer and was
detected at that time, but investigators suspect it could have taken place
up to a year earlier, the paper said.

Two other entities, including a US government agency, were also attacked by
hackers, the paper said, citing people familiar with the Citibank incident.

FBI spokesman Richard Kolko declined to comment, saying it is agency policy to
neither confirm nor deny whether investigations are in progress. A spokesman
for the Department of Homeland Security also declined to comment.

The issue of computer hacking financial institutions has been a growing
concern. And after months of searching, the White House said on Tuesday that
President Barack Obama picked Howard Schmidt, a former eBay and Microsoft
executive, to serve as the national cyber security coordinator.

Mr Schmidt is president of the Information Security Forum, a non-profit
consortium of 300 large corporations and public-sector organizations working
on cybersecurity issues. He also worked under US President George W. Bush on
cyber issues.

The Wall Street Journal mentioned a Citibank customer who saw more than $1m
removed from his account and sent to banks in Latvia and Ukraine. The bank
helped him recover most of the money and reimbursed him for the rest, the
newspaper reported, adding that it was not clear whether the incident was
part of the larger attack on Citigroup.

In a statement, the bank said it was an isolated case of fraud.

Citigroup also said that attacks are directed against companies globally, and
while there had been attempts to interfere with the bank's systems, none had
been successful.

But Fred Cate, director of the Center for Applied Cybersecurity Research at
Indiana University, said, "I don't want to sound alarmist ... but the
evidence is just overwhelming today that attacks are successful in many
instances, particularly socially engineered attacks."

Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction.