Advertisement
Promo

Security threats Toolkit

ABN Amro systems compromised

Tom Espiner ZDNet.co.uk

Published: 19 Apr 2007 18:14 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A two-factor authentication system operated by Dutch bank ABN Amro has been compromised and money stolen from four customers who fell victim to a phishing scam.

The man-in-the-middle attack occurred after the customers opened an email with an attachment purporting to be from the bank, downloading malware onto their machines. When they next tried to visit the bank's website, their browser was redirected to a fake site, allowing the attackers to overcome ABN Amro's two-factor authentication system by piggy-backing on a legitimate log-in.

Two-factor authentication systems normally use passwords as well as tokens, which provide pseudo-randomly generated numbers. Use of both is supposed to make online banking identity verification more robust.

But security experts have warned that two-factor authentication is ineffectual against man-in-the-middle attacks.

Speaking at the E-Crime Congress in London in March, Cambridge University professor Ross Anderson spoke of the limitations of two-factor authentication. "There are a whole bunch of things that can go wrong with two-factor authentication," said Anderson. "Banks are resisting because their technical staff know that it will be expensive to introduce and will not be effective. Some banks will introduce it, it will be quickly broken and then quickly forgotten," Anderson added, according to Out-Law.com.

The four ABN Amro customers have been compensated by the bank for the money taken from their accounts.

Barclays bank on Wednesday said it would send 500,000 chip and PIN devices to its customers to secure online banking.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
8 out of 8 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

1 comment

  1. communication paths Arthur B.

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:







Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters