Canadian banks face somewhat less risk of cyberheist

Canadian banks may be less likely to be hit by the kind of recent, massive cyberattack on ATMs that netted criminals around the world 45 million dollars. Seven men have been arrested so far in the United States, but the coordinated thefts were carried out by many more in 27 countries.

The attacks focused on two banks, one in the United Emirates and the other in Oman. Some banks in the Middle East use older security technologies. Canada and other countries have, for example, abandoned cards with magnetic stripes in favour of those with built-in chips that are very difficult to copy.

In this case hackers got into bank databases and removed withdrawal limits on pre-paid debit cards. They then created access codes. Others loaded that data onto cloned cards with a magnetic stripe.

A network of petty criminals then went to ATMs around the world and rapidly withdrew money.

“There have been attacks using essentially this mechanism before, “said David Skillicorn, an expert in cyberhacking at the Queen’s University School of Computing. “But I think what is startling people this time is the sheer management skill…of being able to keep such a large group of people together and, for example, stopping someone starting the ball rolling a bit early and taking the money for themselves.”

While Canadian banks may have some good cyber security measures, Skillicorn believes there will be increasing attacks launched from other parts of the world where security is softer. Skillicorn said the kind of country most at risk is “…any country joining the global financial network fairly recently and has not yet realized that by doing that they’ve become a target to international global types of criminals.”

There will be copycats, said Skillicorn. And to put things in perspective he noted that in the U.S. the annual loss from ATMs alone is more than a billion dollars. “From that perspective this is a tiny, tiny part of the bigger picture.”