So most dos attacks are
1. Put key logger on company x machines
2. Gather banking keys
3. Transfer money
4. Hit with dos and get key logger to do as much damage as poss
Only two weaknesses leap out:
1. Two factor authentication - I genuinely do not know at what level a bank stops requiring a separate token for each transaction but it seems silly to ever do that.
2. The money mule - I recently was amazed that directors in Hollywood sometimes accept a percentage of net. But allowing your bank account to be used by some guys on the Internet?
Really those two issues seem ... Well with those blockers I would not invest in the internet crime startup. Weird they have bootstrapped quite well