The first major cybercrime of 2012 has taken place in South Africa, with hackers made off with about $6.7 million from Postbank, which is state-owned and part of the South African post office.
According to the Sunday Times, the hackers used stolen login details for a Postbank teller and a call center agent to transfer about $6.7 million into multiple bank accounts that were opened across the country late last year.
The hackers also made large cash withdrawals from ATMs in Gauteng, KwaZulu-Natal, and the Free State. Thanks to the stolen login details, the hackers were able to increase withdrawal limits and withdraw large amounts of money.
The robbery took place over three days, beginning on Jan. 1 a little after 9 a.m., and the last of the money was withdrawn from Postbank at 6:11 a.m. on Jan. 3.
Postbank told the Sunday Times that none of its four million customers were affected.
As Infoworld’s Ted Samson notes, a crime like this raises several questions. Namely, how hackers were able to obtain a bank teller’s and call center agent’s credentials, and why such low-level employees had the ability to significantly increase withdrawal limits.
A senior IT and banking security expert told the Sunday Times that the Postbank network and security systems are “shocking and in desperate need of an overhaul” and that this type of theft was “always going to be a very real possibility.” Three years ago, Postbank spent nearly $2 million to upgrade its fraud detection system.
Even though we hear a lot about annoying (but somewhat harmless) hacks performed by Anonymous-like “hacktivists,” it’s important to remember that most hacking and illegal activity occurs on the Web to make money, not a statement.