

Citibank confirms hacking attack - srimadman
http://www.bbc.co.uk/news/technology-13711528

======
chime
I apologize for not talking about the main topic here but I have to say what
an obnoxious website! I can't read the article because it says:

    
    
       Premium Content Area
       Please complete a survey to unlock this page.
       Download F1 Racing Challenege Today!
       How Would You Look As A Redneck?
       How Would You Look As A Zombie?
       Download 1600 Games! Full Versions!
       Want To See Yourself As An Elf?
       How Would You Look As A Vampire?
    

When I try to close the tab, it asks me "Help keep this content free. Please
take one minute to complete a SPAM-free market research survey to gain access
to this special content. Are you sure you want to leave?"

YES. Especially when I can read it easily on
[http://techland.time.com/2011/06/09/now-citibank-hacked-
thou...](http://techland.time.com/2011/06/09/now-citibank-hacked-though-
admits-breach-one-month-late/)

If annoying your visitors and harassing them into taking ridiculous surveys is
the only way to keep your site running, your business plan is seriously
flawed.

~~~
pg
BTW this comment refers to the bogus site this originally linked to.

~~~
corin_
I thought I was going mad for a second until I moved on to your comment.

------
cing
I had a Citibank VISA as payment from Google Summer of Code 2009 that started
getting $100 charges each month about a year later. I assumed it was some sort
of fee, but it turned out my information was stolen (despite me never using
the card once). Thankfully, someone noticed this activity on several cards and
I was reimbursed.

~~~
JakeSc
How would you guess that your information was stolen?

------
mrcharles
I wonder when corporations will start taking true computer security seriously?
Because it seems to me that companies just aren't. Toyota, Sony, Citibank,
that construction company who allowed their computers to be compromised and
thus have hundreds of thousands of dollars stolen.

It's a good time to be a hacker in the classic unlawful sense. Because of
that, these events are only going to get worse and more frequent.

~~~
jdp23
Corporations won't start taking computer security more seriously until they
start facing serious business or legal consequences from being hacked.

~~~
jcromartie
There's a perception problem: "being hacked" means you are a victim, and the
question of negligence rarely comes into play. There should be more stigma
associated with it, so that someone who has a serious security problem is seen
as the lax/irresponsible party to a breach that they really are.

------
j1o1h1n
That website is terribly annoying. Please don't post things like that.

------
dtap
FWIW, my Citi card info was stolen and used last week. This despite never
being out of my possession.

~~~
ryanfitz
About 2 months ago my citi card was charged for various things originating in
L.A. and also small purchases online such as netflix. I was in possession of
the card the whole time. Citibank refunded me all the charges.

------
dspillett
The same news from a source that doesn't fade out the content and put a pop-
over, or pop up messages as you try to leave the page:
<http://www.bbc.co.uk/news/technology-13711528>

------
jrwoodruff
So the thing I keep wondering is, where is all this data going? Outside of the
high-profile Lockheed Martin attempt, have there been any reports of accounts,
particularly consumer accounts, getting hacked as a result of these attacks?

Also, is there any indication of who is behind these attacks? For arguments
sake, I'll buy that Anon was behind the Sony attacks, but RSA? Lockheed
Martin? Major banks like Citibank? Those are huge targets.

~~~
jonknee
Credit card numbers get sold to people who use them to commit fraudulent
purchases.

------
Wickk
>It has been criticised for not telling customers about the breach when it
happened in May.

Really now? This needs to stop, it wasn't ok a decade ago, it wasn't ok when
Sony pulled this recently, why would they think it's ok now?

~~~
smackfu
The tense is weird in that sentence you quoted. If this information came out
today, when were they criticized?

~~~
Wickk
I'm making a huge leap based on the title alone, I'm going to assume that
they( and I guess others) knew about this and are just not confirming what
everyone believed.

------
yalogin
Security became a hot topic about 10 years ago and thought it will be become a
mandatory/important class in degree courses just like programming or OS is
there by increasing the knowledge/awareness among every techie. I realized a
few years later how naive that was.

------
sunchild
Can anyone tell if this is connected to the RSA SecurID compromise?

------
nothis
That is one of the most aggressive subscription-pushing site I know.

~~~
apu
Seriously. It actually checks that you've completed one of the surveys! And
checks for ad-blocking the wedget to prevent page load.

There is no way its content is worth all the hassle.

~~~
dspillett
If you hit a site like that when looking at a news story, just slap the
keywords from the headline into Google News to find many copies of the same
information in a less irritating package, such as the BBC
(<http://www.bbc.co.uk/news/technology-13711528> in this case).

I would search the BBC directly but the last few times I've tried their search
feature has failed to find the relevant story when an external search provider
(Google in my case) found it easily...

