Operations Risk - Police expose Latvian hacker who “tweeted” bankers' pay details

Neo, the Latvian hacker who stole millions of classified tax documents from government computers and leaked the information via Twitter, has been caught by police.

In February this year, Neo and his colleagues at the “People's Army of the Fourth Awakening” contacted a local TV station to claim they had downloaded the documents from the state revenue service. They exposed salary details for senior officials through Twitter, revealing that management at a Latvian bank that received bail out money had not taken the pay cuts they promised at the time.

The revelations prompted anger in a country devastated by the global financial crisis and forced to embark on austerity measures to meet the terms of a €7.5 billion IMF and EU led bailout.

The hacker, who took his name from the central character in the Matrix film, attained cult status for his actions and was hailed as a "virtual Robin Hood".

Police have now detained the mystery tweeter, who according to local press reports, is Ilmars Polkans, a researcher in artificial intelligence at the University of Latvia's computer science department. According to AFP, hundreds of protesters chalked slogans outside the main government building in central Riga, calling for Polkans' release.

However, the suspect has confessed and criminal proceedings have been launched, although he has been freed from detention until a trial.

His unmasking came after a police raid on the house of a television journalist recently. This latter action has enraged the country's reporters and prompted the ombudsman to investigate whether freedom of speech regulations have been breached.

Abu Dhabi hotel installs gold ATM

An ATM that dispenses gold bars has been installed in the lobby of Abu Dhabi's five star Deluxe Emirates Palace hotel.

The “Gold to go” machine - developed by Germany's TG-Gold-Super-Markt - dispenses 24 carat one gram, five gram and 10 gram pieces of gold as well as coins bearing designs such as the Krugerrand, Maple Leaf and Kangaroo.

A computer in the machine - itself gold-plated - constantly keeps prices in line with the firm's online store.

Last May the company showcased a machine at Frankfurt railway station and claimed it would install 500 of them ATMs in Germany, Switzerland and Austria.

Malawi launches mobile banking

Opportunity International Bank of Malawi (OIBM), a provider of microfinance services in Malawi, has launched a mobile phone banking system named 'banki m'manja'. It has done this to encourage rural Malawians’ access to the bank’s services. The OIBM innovation will enable its customers to check their account balance, transfer funds, conduct merchant payments, top-up mobiles, view a mini-statement and change their PIN.

OIBM Chief Executive Officer, Alexandr-Alain Kalanda, said: “We would like to help our customers, who most of the time live in the rural areas where by they spend a lot of money on transport alone to access our services, to have these services right in their palms.”

The service, which is being implemented in collaboration with local telecommunications company, Telekom Networks Malawi (TNM).

Square mobile payment system goes live

Twitter co-founder Jack Dorsey has started to ship out hundreds of free credit card “dongles” that plug into the headphone jack of an iPhone, Android phone or iPad.

The system is called Square, and the free app is available to download now for iPhone OS and Android. Basically, you fire up the app, attach the dongle, punch in the amount (say, whatever you agreed on for selling a couch on say Craigslist), and then have the buyer swipe their credit card through the adapter. No personal information is stored, and the buyer has to sign the phone with their finger. Once that happens, an SMS or email is sent to the buyer confirming the purchase.

It's a pretty simple solution, and it has the potential to revolutionize small business for whom it's quite difficult to get a proper credit card system setup, and the fees can be outrageous. With this, setup costs are essentially nothing, and the fee structure is much more reasonable.

Mobile banking set to rocket

For consumers, mobile banking is about convenience: the ability to check account balances, pay bills and transfer funds from a device they take with them everywhere. For financial institutions, it is a means to deepen customer relationships, streamline operations and cut costs.

Several forecasts predict that by 2015, 50% or more of US mobile users will be conducting transactions from their mobile devices.

“The ubiquity of these devices offers banks an opportunity to connect with customers outside the online channel, including those who are always on the go as well as the under banked and unbanked consumers who lack consistent Internet access,” said Noah Elkin, eMarketer senior analyst and author of the new report “Mobile Banking: Financial Services Firms Look to Cash In.”

Estimates of mobile banking adoption vary widely, although it appears to be growing at a good pace. For example, studies conducted in 2009 by Mercatus, Mintel Comperemedia and Experian Simmons put the usage rate between 7% and 11%.


However, in a January 2010 survey by Luth Research for the Mobile Marketing Association, mobile banking usage was 17% among the overall US population and 19% among mobile phone users. A March 2010 study by OnePoll for mobile billing and message delivery firm mBlox uncovered a 25% usage rate among US mobile phone users.

Research among smartphone users reveals much more extensive mobile banking adoption. Data Innovation’s January 2010 “Mobile Money Study” found that nearly 70% of smartphone users had accessed mobile banking, payment or financial services in the past three months.

Mobile Banking and phishing

Online fraudsters continue to use advanced methods with their victims. Now a phisher has de-activated a bank's mobile alert system.

An SMS alert informing money withdrawals was blocked by phishers after fraudulently obtaining online banking information of a Chennai (India) based victim through a phishing e-mail. A first-of-its-kind case reported here, a thorough probe is under way to find its modus operandi.

The victim received the phishing e-mail in February supposedly sent from a his bank where he held an account with online and mobile banking facility. “Taking it for real, the complainant responded to the e-mail asking to update his online and mobile bank account to refrain from debarment,” said Additional Deputy Commissioner of Police (Cyber Crime Cell) M. Sudhakar.

The victim realized that all the money from his account was withdrawn only after visiting an ATM a few days later. Puzzled about not receiving any SMS alert on his mobile phone on the withdrawal, he contacted the bank and later, lodged a police complaint.

Preliminary police investigations revealed that the phishing mail was sent from Lagos in Nigeria and Rs. 60,000 that was illegally transferred from the victim's account was deposited in two bank accounts in Lucknow and Jaipur. The accounts were blocked immediately and sums of Rs. 43,000 and Rs.17,000 were recovered from them.

“After obtaining confidential online banking details of the complainant through the phishing e-mail, the culprit de-activated the SMS alert in order to keep the victim unaware of the money transfer from his account as long as possible,” Dr. Sudhakar said.

This is the first case reported here, in which an SMS alert was blocked before money transfer, he added.

Even though the money lost was minimal, the Cyber Crime Cell carried out a detailed investigation into how the phisher in Lagos managed to go to the extent of deactivating the mobile alert system.

On the other hand, police search to track the account-holders of the bank accounts in Lucknow and Jaipur hit a barrier after it was found to be opened for non-existing business houses.

He also said that illegal online money transfer could be reduced, only if banks would verify with the respective customer on every request for an online money transfer from overseas. “The culprit in Lagos cannot be apprehended as there is no international law to extradite him.”

Referring to the case, city Police Commissioner T. Rajendran said that an international body to investigate cyber crime is essential. “The number of arrests made in cyber crime cases here is very low now as most culprits operate from overseas,” he added.

Operational Risk - Computer-based trading under scrutiny after Dow dive

US regulators are scrambling to deal with the aftermath of a wild day of trading on the Dow Jones Industrial Average which shipped more than 600 points in seven minutes before the close of trading in New York on Friday.

The sickening lurch in the Dow caused scenes of chaos in US markets as computer-based programs kicked in and exchanges and currency markets struggled to handle an unprecedented surge in volumes.

The panic spilled over into other markets as investors fled for the safety of government bonds causing yields to drop and pushing the dollar sharply higher.

US regulators are undertaking a forensic investigation of the day's trading in an effort to pinpoint the cause of the collapse as exchanges move to cancel obviously erroneous trades.

Nasdaq issued a statement saying it would cancel all trades executed between 14:40:00 and 15:00:00 that showed a 60% swing in price during the peak trading period.

"There is no indication at this time that a Nasdaq market participant experienced a technological failure in connection with this event," the statement continued.

The Chicago Mercantile Exchange also felt moved to responded to rumors concerning irregular trades by Citigroup in stock index futures: "While our policy is not to comment on individual participation in our markets, in light of volatile market conditions, CME Group confirmed that activity by Citigroup Global Markets Inc. in CME Group stock index futures markets does not appear to be irregular or unusual in light of market activity today."

Whatever the cause, the freefall in the markets will stoke up regulatory concerns about the role played by high frequency traders and automated trading programs in the ensuing market meltdown.

Giles Nelson, chief technology strategist of Progress Software, gives the vendor perspective: "Unfiltered access to trading destinations can end up causing trading errors or even a 1,000 point crash on the Dow Jones Industrial Average. This is why pre-trade risk management tools are absolutely essential - to monitor position limits, trading limits and to catch fat fingered errors before they happen. Banks and regulators must act to stop this happening. It is completely avoidable."