Like Swiss Emmental cheese, the ways your online banking accounts are protected might be full of holes.
According to internet security software developer Kaspersky, the number of cyberthreats reached record levels in 2014. One in three computers or mobile devices were subjected to at least one web attack over the year.
Particular targets are companies or individuals using internet banking.
In January, a Swiss firm lost an estimated one million euros in an online financial transaction that was hacked.
The victim, an accountant at the company, was unaware of what was going on.
It started when he opened an email containing an attachment infected with a virus. Once they had taken control of his computer, all the hackers had to do was wait for him to connect online with his bank.
“When he tried to connect to his bank online, he activated the “Trojan horse”. A message appeared asking him to hold. For 20 or 30 minutes, he wasn’t able to use his computer at all. During that time, the pirates took control of the computer and carried out several money transfers onto foreign accounts,” says Frederic Marchon, spokesman for the Fribourg Police.
Plenty of viruses allowing that kind of illegal activity are available on the internet. The most updated versions are available for just over 1,000 euros on the darknet.
The hacker gets a warning as soon as someone connects with their bank online using an infected computer.
This IT expert explains how it works: “I can monitor all the computers I have successfully hacked, and I can see precisely, among them, how many are currently banking online and therefore vulnerable. So here, there are two which are currently connected,” says IT expert Cedric Enzler.
Faced with a growing number of cyber attacks on companies, Switzerland has set up an emergency centre to track the attacks and analyse them. But the nature of the centre means they cannot provide with any names or figures.
“It’s a really big problem. You’ve got to realise that anyone who wants to do harm and wants to make money that way will automatically turn to e-banking,” says IT security expert Max Klaus.
For this professor at the Bern University of Applied Sciences, there’s another big problem with this kind of cyber attack: most of the tools we use for internet banking like calculators or smartphone applications designed to read cryptograms are vulnerable to hacking.
“From an electronic point of vue, internet banking is safe. We use secure channels using SSL encryption. The problem comes from the client’s computer, its use no longer guarantees a secure connexion. Whether it’s a computer or a smartphone, hackers can take control and security is compromised,” says Professor Reto Koenig.
None of the banks contacted agreed to answer to our questions on camera.
Swiss banks warn their clients about security problems linked to the use of internet in their general conditions – a warning which often comes with a clause clearing the bank of any responsibility in the event of an attack.
“The client is a victim twice over. First, he’s the victim of a crook, and then he has hardly any chance to defend himself because of the general conditions in his contract. Sometimes, there are agreements between banks and clients but unfortunately, most of the time, these agreements are kept secret, they are confidential, so it’s hard to find out what the procedure is, which is of course detrimental to the client,” says Mathieu Fleury, of the Swiss consumer’s rights association.
A coordinated cyber security taskforce and response scheme, aimed at providing cyber security services for small and medium enterprises in Europe, is to begin pilot deployments in 2015, starting in the UK, the Netherlands and Belgium.
EU authorities are concerned about the vulnerability of SMEs because they employ two-thirds of Europe’s workforce.