By Robert McMillan
August 28, 2009
IDG News Service
A sanctioned security test of a bank's computer systems had some
unexpected consequences this week, leading the federal agency that
oversees U.S. credit unions to issue a fraud alert.
On Tuesday, the National Credit Union Administration (NCUA) warned all
federally insured credit unions of a bogus letter that an unnamed credit
union had received along with two CDs. The bogus letter claimed that the
CDs contained NCUA anti-fraud training materials, but in its fraud
alert, NCUA warned that running the CDs "could result in a possible
security breach to your computer system, or have other adverse
Only it turned out that the CDs were not sent by fraudsters. They were
sent by employees of MicroSolved, a Columbus, Ohio, security testing
company. "It was a part of some social engineering we were doing in a
fully sanctioned penetration test," said MicroSolved CEO Brent Huston in
an e-mail message.
Companies like MicroSolved are routinely hired to independently test the
security of corporations and government agencies.
Subscribe to InfoSec News