Security test prompts federal fraud alert

Security test prompts federal fraud alert
Security test prompts federal fraud alert 

By Robert McMillan
August 28, 2009
IDG News Service 

A sanctioned security test of a bank's computer systems had some 
unexpected consequences this week, leading the federal agency that 
oversees U.S. credit unions to issue a fraud alert.

On Tuesday, the National Credit Union Administration (NCUA) warned all 
federally insured credit unions of a bogus letter that an unnamed credit 
union had received along with two CDs. The bogus letter claimed that the 
CDs contained NCUA anti-fraud training materials, but in its fraud 
alert, NCUA warned that running the CDs "could result in a possible 
security breach to your computer system, or have other adverse 

Only it turned out that the CDs were not sent by fraudsters. They were 
sent by employees of MicroSolved, a Columbus, Ohio, security testing 
company. "It was a part of some social engineering we were doing in a 
fully sanctioned penetration test," said MicroSolved CEO Brent Huston in 
an e-mail message.

Companies like MicroSolved are routinely hired to independently test the 
security of corporations and government agencies.


Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods