$2.7 Million in the Browser's Address Bar Jul 17,2013
Among the other major cyber attacks of the year 2011, the CitiGroup was a victim of one that is probably listed among the all time greatest cyber attacks. A group of hackers breached into the security of their systems and stole the information for over 200,000 clients. The after effects of the attack led to a loss of about 2.7 million US dollars.
In the attack, the names, addresses, and account numbers of the customers were accessed by the hackers. Even though the social security numbers, birthdates and other credit card information remained safe, the organization had to issue over 210,000 new cards to their clients in different cities.
Different sources have cited this loss as only a fraction of what they annually suffer, however, the print media greatly criticized CitiGroup's security systems. Reports suggest that it was relatively really easy for the hackers to enter the system by using a front door technique. The technique employed is generally referred to as 'Parameter Tampering' in which all the attackers had to do was to login through the company's website and just change the account number in the browser's address bar to access different accounts. An automated program was designed to repeat the process at a very high rate.
This event proved to be very shameful for the CitiGroup as the humiliation was directed towards their inferior security rather than the loss suffered. In comparison to other organizations, one would expect such companies to maintain the highest level of security standards. They were fortunate to detect the security breach in time, otherwise a greater loss would have occurred. Had they spent a relatively insignificant amount of finances on Information Technology security, the embarrassment could have been avoided. Regardless of the fact that security is never 100 percent, such attacks are completely unacceptable. A free service provided by Zenith Secure called the Zenith Vault Freeware could have prevented the attackers from using this method. This free hardware and software data storage model uses the Secure Sockets Layer (SSL) certificates to encrypt the data transferred between storage nodes. With the encrypted passwords and data located on different servers, CitiGroup could have easily prevented this misfortune.
In absolute terms, an amount of 2.7 million dollars is enormous. Since this is insignificant in comparison to the revenue generated by CitiGroup, it did not have much of a financial impact on the company. Otherwise, any small enterprise would have either completely shutdown or taken years to recover from such a loss. An increase in cyber attacks demand for increased information technology security. To prevent such disasters, organizations are recommended to contact Zenith Secure for their products and services.