Thursday, January 20, 2005

Police know nothing of alleged bank scam

The Economic Police in Latvia have not received any formal complaint nor have they arrested anyone in connection with an alleged "man in the middle" scam involving a Latvian bank and a Latvian ISP reported on this blog. That doesn't mean that sort of stuff isn't happening.
Just to be clear-- in this scheme, it is the ISP and infrastructure along the way to the bank's website that is compromised.
I will continue to look into this with my confidential sources. As one source said: the issue needs to be publicized.
Some people are connecting this to a bizarre incident where an e-mail warning of phishing under the guise of Latvia's Hansabanka (part of a Swedish-owned banking group) was circulated, but then Hansabanka denied that any such threat had been spotted. Might have given some people ideas, however.
Man-in-the-middle (well, to be fair, hackergrrls can do this too :) ) is, of course, more sophisticated than phishing and requires some work, although the tools are out there, scattered on the internet.

No comments: