The press release also contains this quote:
"To date, the United States has seized hundreds of thousands of
dollars in cash and bank accounts, two Rolex watches and a Mercedes
SUV, and is in the process of forfeiting a Porsche Panamera."
... or, in other words, the feds recovered a small percentage of the
total. The rest is probably being squirreled away in counting rooms
guarded by lots of men with guns, which is the method that criminals,
unlike bankers, know to be secure.
That small percentage of recoverd money isn't a record to be proud of:
the press release, which is long on self-congratulatory back-slapping
but short on results, indicates that a few low-level mules were
apprehended, but does not even begin to address the larger question of
*how* the data was "compromised", and what safeguards, if any, will be
put in place to prevent a recurrence.
Let me put this another way: stealing a car by lifting the keys off a
valet-parking key board is /not/ a defeat of the automaker's
anti-theft safeguards. The banks whose computers were hacked - if they
/were/ hacked, and not simply subverted through bribery or coercion -
bear the burden of having been careless with financial data. The ATM
network performed as it was /designed/ to: it dispensed funds based on
the data supplied to it during uploads from the offline systems at the
issuing banks. The data was compromised /before/ it got to the ATM
network.
If any good is to come out of this debacle, I hope it will be that
electronic funds transfer systems will be, at long last, changed from
their current setup, which is just an overlay of the old face-to-face
recognition security paradigm, to a professionally vetted, hardened
infrastructure where /every/ aspect has been debated, planned,
designed, and implemented as a secure system.
Bill
--
Bill Horne
(Remove QRM from my address to write to me directly)