AOH :: ISNQ5351.HTM

Security test prompts federal fraud alert

Security test prompts federal fraud alert
Security test prompts federal fraud alert


http://www.computerworld.com/s/article/9137215/Security_test_prompts_federal_fraud_alert?taxonomyId=17 

By Robert McMillan
August 28, 2009
IDG News Service 

A sanctioned security test of a bank's computer systems had some 
unexpected consequences this week, leading the federal agency that 
oversees U.S. credit unions to issue a fraud alert.

On Tuesday, the National Credit Union Administration (NCUA) warned all 
federally insured credit unions of a bogus letter that an unnamed credit 
union had received along with two CDs. The bogus letter claimed that the 
CDs contained NCUA anti-fraud training materials, but in its fraud 
alert, NCUA warned that running the CDs "could result in a possible 
security breach to your computer system, or have other adverse 
consequences."

Only it turned out that the CDs were not sent by fraudsters. They were 
sent by employees of MicroSolved, a Columbus, Ohio, security testing 
company. "It was a part of some social engineering we were doing in a 
fully sanctioned penetration test," said MicroSolved CEO Brent Huston in 
an e-mail message.

Companies like MicroSolved are routinely hired to independently test the 
security of corporations and government agencies.

[...]


________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org

Site design & layout copyright © 1986- CodeGods