I find it funny (in the sad-funny kind of way) that most people spend just about every waking hour with a smartphone in hand, consuming information, yet often fail to pay attention to the things that impact their lives most. I bet if someone asked, you could tell them the exact number of cat videos you’ve watched this week. But can you also explain what Project Blitzkrieg is, or what you’re currently doing to protect your bank accounts from similar online identity theft initiatives?
Listen, I love Grumpy Cat as much as the next person, but let’s turn our attention away from our Facebook and Reddit threads for a moment to talk about the impending cyber attack on banks that has been making headlines recently. It’s kind of a big deal.
What Is Project Blitzkrieg?
McAfee Online Security Expert, Robert Siciliano, tells me that to date, Project Blitzkrieg is the largest known effort to organize an attack against banks and their customers. In essence, organized Russian criminals are planning to infect bank systems with multiple Trojan viruses, creating a “robot network of computers” that will “look and act as if they are being operated by the bank’s customers avoiding fraud detectors…siphoning small dollar amounts from multiple accounts to evade detection,” said Siciliano.
First believed to be a possible sting operation, McAfee Labs confirms the threat is real in this report. The author, Ryan Sherstobitoff, states, “McAfee Labs believes that Project Blitzkrieg is a credible threat to the financial industry and appears to be moving forward as planned.”
So I Can Stop Russian Hackers from Accessing My Information, Right?
According to the FTC, individual victims of identity theft lose an average of $1,180. Obviously, it’s in your best interest to do whatever you can to prevent your bank accounts from being hacked online.
But here’s the bad news: Steven Weisman, a nationally recognized expert in identity theft and blogger for Scamicide.com, explains that the Project Blitzkrieg attacks are expected to exploit the security vulnerabilities of major banks — not their customers. That means you can do everything possible to secure your own technology, but unless financial institutions actually take the time to improve theirs, your accounts are at risk no matter what. The problem is, they often don’t.
Not only do financial institutions often use outdated technology that is particularly vulnerable to security breaches and viruses, but as Penny explains, “Banks all work together, so there are several web portals that can easily be found through Google searches if you know what you’re looking for…a simple DDoS attack could shut down these sites.” He adds, “I’m honestly shocked an attack like this hasn’t happened yet. I imagine it’s only because people assume the banks are more secure online than they truly are.”
How to Prevent (or at Least Minimize) Online Identity Theft Losses
I know, at this point you’re thinking, Great, thanks for letting me know just how screwed I am. But not so fast: While the consequences of these bank cyber attacks — which may or may not even occur — are largely out of your control, there are a couple of things you can do to protect yourself.
Weisman says the best thing you can do in case Project Blitzkrieg goes through is keep accurate records of your accounts, so that if they are accessed fraudulently, you can prove what was lost as a result.
Additionally, since Russian hackers are targeting big banks, you can keep a majority of your money with local institutions, which will likely be ignored. Hey, they have better savings interest rates anyway.
Finally, since we’re now all focused on online identity theft, consider implementing some of these additional online banking safety tips — just in case the Russian hackers end up calling it quits on Project Blitzkrieg. Joshua Marpet, Principal at Guarded Risk, a data security and forensic consulting firm, provided me with the following five excellent suggestions:
1. Use a password manager: If you break the cardinal rule of online safety and use the same password for just about everything, use a password manager like Pocket for Android or Keypass for Mac, Windows and Linux, so you can create and keep track of unique passwords for every login you have.
2. Only bank online at home: Don’t bank from an internet cafe, or anywhere with free wi-fi! There are numbers of tools out there — Hak-5′s Evil Pineapple, for instance — which are designed to hijack wi-fi sessions. You’ll never know…until your money disappears.
3. Use a dedicated online banking computer: Virtualbox is free and allows you to run a virtual computer inside your existing one. Ubuntu is a free operating system that is much more secure than Windows, and you can run it inside Virtualbox while accessing bank accounts online to minimize vulnerability.
4. Find a bank that allows you to use two-factor authentication: Having a token, like an RSA SecurID key, or Wikid Systems token, means that even if a bad guy steals your username and password, they have to physically steal your token to break in and steal your money.
5. Standard operating procedures also apply: Don’t click stuff you’re not sure about — if a website says you’ve won an iPad, they’re probably lying!
Russian hackers or no Russian hackers, online security is serious business. You spend a good chunk of your time online, so try and be safe about it; don’t put your accounts at risk of online identity theft.