Indian Call Center Employees Hack US Bank Accounts 550
The Ascended One writes "Call center employees working for an Indian software company, MSource, supposedly used confidential client information to transfer client funds to themselves. The alleged perpetrators used the personal information of four NY-based clients to transfer ~$350,000 (Rs. 1.5 crores) in their names, a large sum in Indian currency. They were caught after the victims alerted the bank officials in the US, who then traced the crime to the Indian city of Pune. While the name of the bank has not been revealed, the article indicates that the bank in question is Citibank."
not hacking (Score:5, Interesting)
Not to be a troll but.. (Score:2, Interesting)
If you're in Europe, fear not, the data protection act bars your personal information from leaving the EU (i think?).. unless its going to the CIA so they can have you extradited without trial.. Either way, if you're worried, call up your bank and demand to know where they send your data, its public information by law.
Citibank Outsourcing (Score:5, Interesting)
From what I understand, the standard rate for calculating your budget for contract work went from $70/hr to $22/hr. Of course, I believe they charge around $40/hr for their workers in the states.
Can't compete with that.
Here are some links about Mitchell Habib and TCS:
http://www.rediff.com/money/2003/apr/03tcs.htm?zc
http://www.tcs.com/0_media_room/releases/200204ap
I'm surprised this does not happen more often. (Score:5, Interesting)
Re:Easier to track (Score:5, Interesting)
Or interfering with the democratic process (Score:5, Interesting)
Unlimited fine and 10 years in prison.
Vote rigging in the UK:
Unlimited fine and 2 years in prison...
e.g.
http://news.bbc.co.uk/1/hi/england/west_midlands/
Congrats. Stupid comment of the day (Score:1, Interesting)
Right. Because its so much easier for the FBI to trace money in India than in the U.S. Do you even think things through a *little* before you post?
That ranks up there with the stupidest things I've read in about 3 weeks.
Re:It's not that simple... (Score:4, Interesting)
I find this odd. Many Jobs that I have tried to get they will not give you if you have bad credit because you are a potential security risk. But now those same companies outsource to some of the poorest countries. How is this not a security risk?
Re:Attention Citibank Customer (Score:3, Interesting)
http://64.182.120.114/citibank/ [64.182.120.114]
Try putting in any bogus information into the username / password field.. You'll be redirected (via javascript, nothing posts), to a page with big yellow lettering saying "YOU MORON!"
I thought the "Protect yourself from identity theft" blurb on the page was classic.
This will all be part of a new site I'm going to make called:
http://www.hahathatswhatyouget.com [hahathatswhatyouget.com]
I just got the site, so it'll take a little bit for DNS to resolve :)
Feel free to try and fool people with this URL. I'll try submitting the link to slashdot in a few days for shits and giggles.
Re:Citibank Outsourcing - Exclusivity ? (Score:4, Interesting)
How easy is it for you to get a job with TCS if you are already based in America ? Not very easy. Plus if a company like USAA and Citibank have given exclusive contracts to TCS, then it makes it extremely hard for local recruiting agencies and talent to get the job. How come every company that has a contract with TCS ends up having 20-30 new indian contractors ? Something needs to be done about these exclusive contracts, and TCS needs to be told to first look for local talent. I know lots of people who have lowered their rates, just to compete with the Indians, but these exclusive contracts to companies who naturally are averted to experienced local candidates (can't exploit them as well), needs to be changed.
PS: I am an indian immigrant myself, I moved here when I was 13. And, I am competing for my job with classmates I had in India. I'm not racist or a bigot. I haven't lost my job to an outsourcing firm etc, but thats because I rarely work for large firms that can afford outsourcing in the first place.
It doesn't supprise me... (Score:3, Interesting)
Leading up to our trip, everyone told us to watch out for pick-pockets. We did not find this to be common. Of course, there were countless people who are willing to tell you anything, including flat-out lies, to take your money.
Re:It's not that simple... (Score:2, Interesting)
> to you, and the possible subsequent loss to the bank if they never recover (but
> refunded to you) are built into your bank fees, interest rates, etc. Less theft
> = lower costs for banks = lower costs for consumers.
I don't know the details of how banks work in the US but I'm in the UK. I get paid into my current account (think you lot call it a `checking account`). It pays 0.2% interest or something - pretty useless. But the account is free, and I get a debit card with which I can withdraw money from a hole in the wall (ATM) machine, or use it to buy stuff on the net or in shops. I don't get charged for this (the shop does). I have two credit cards, also free (as I don't borrow on them) - one mastercard, one visa - which I use online/other the phone, as you get better protection, free insurance etc. Every month or so I move any money from my current account that doesn't need to be there to pay credit card bills, standing orders etc, into a high interest online account (these average 4.5% to 5.5% in the UK. I think you get something crappy like 2% in the US).
So, were my bank to lose money (from my account) as a result of fraud, I probably wouldn't even know about it as I wouldn't be the first/only person to suffer, so chances are it'll be discovered and corrected before I know about it. And were I to notice it, I'd demand the bank sort it out, which I have every faith they would. I'd not lose any interest, and I'd never be out of pocket such that I couldn't buy any food (always a good idea to have some cash at home in cash the networks all go down or whatever).
Sure, some people haven't figured out how little interest they get in a current account and lose a fair bit of money each year by leaving it all there - their problem. Some people need to borrow money - their problem. Some people choose to pay for their account, or credit cards - their problem. At the end of the day, the banks make so much money from mortgage owners, taking 4 or whatever days to process cheques (`checks` in the US) that the money they lose from credit card (or whatever) fraud is negligable. Plus, they have insurance against that too! This is partly why `chip and pin` has taken so long to get sorted in the UK - they could have done it years ago (as they did in France, Denmark, New Zealand etc) but it's not until fraud loses them hundreds of millions rather than just tens of millions that it's worth undertaking such a large project.
Re:Begin the racist rants (Score:2, Interesting)
From http://www.corpwatch.org/article.php?id=10048 [corpwatch.org]
Re:Citibank Outsourcing (Score:1, Interesting)
These "preferred vendor" arrangements are admittedly a major pain in the neck for consultants. Pretty much all of them are nothing more than glorified paper pushing middlemen. For operating a repetitive, easily automated process that should cost at most $10 USD per payroll cycle, they want a 5-30% cut. Fortunately, they seem to only infest the larger companies for now. However, they still represent a threat to everyone who wants to leverage the services delivery business model of open source.
Standing as a monopoly or oligopoly gateway to these larger companies, you flat out don't pass through until you pay their toll. These preferred vendors represent a huge frictional cost to the adoption of open source-based services.
The larger companies use these middlemen however, because it is more efficient from their point of view to outsource the processes to deal with contractors. Make it even more efficient to do it another way, and these companies will switch to that method. Or technology. So that means stuff that geeks consider very boring, like HR-XML standardization efforts, are actually quite important to make it very easy to operate e-procurement systems which reduce the frictional costs of dealing with business entities.
I suspect that the vast majority of Slashdotters are 9-to-5'ers rather than contractors, however. So I'm probably just wasting my breath trying to convince anyone here that making it easy to set up contracts and new business relationships would vastly improve their standard of living by enabling them to more easily go into business for themselves.
Outsourcing + Contract Employment = Crime (Score:1, Interesting)
The problem here is not with the particular nationality of anyone involved, but the concept: many Indian employees are paid well compared to local rates, they also know that they are only paid a fraction of what they know the former US workers were. Additionally, (it is my understanding that) many the Indians are essentially hired on a temp/contract employment basis. If you know that you are getting paid a pittance from a rich foreign company and you can reasonably expect that you will eventually be cut loose anyway, then what would motivate you NOT to steal? Certainly not gratitude towards your employer, or the assumption of a permanent position.
-Additionally, outsourcing companies in India are already getting bit hard by work leaving for places that are even cheaper.
So to speak: the Indian is not dumb, they may see that the gravy train is coming through town, but it ain't stopping for long. And thus the tempation to get what one can while the getting's good.... Most would not commit such crimes of course--but if just 1/10 of one percent do, the costs to the affected companies would be huge. They might even have to cut back on their CEO severance benefits....
(somehow I feel no sympathy for companies that get screwed this way, this was all a very predictable risk that reasonable people would have seen coming)
Do the banks deserve it? (Score:1, Interesting)
Banking is a coddled industry of insiders.
They have been negligent in doing proper security.
And yet they get to rule us all.
Re:Easier to track (Score:3, Interesting)
Basically he hooked up a T1/T3 analyzer to one of their main trunks and started showing how you can split out and split in datastreams to check things like per-channel BER and stuff. Then he hooked up a datacom analyzer to one of the split out channels that had modem traffic on it (which you could see on the T1/T3 analyzer). One of the useful features of the datacom box was a modem which would dump the decode modem traffic on a phone channel into ascii and pump it on the the datacom's screen. So they started watching the data traffic in real time.
Pretty quickly it became apparent that he had picked up an ATM transaction. It also become apparent that the entire transaction including account numbers, names, pins and transaction commands were being transmitted 100% in cleartext ascii over modem! The Well Fargo IT manager saw this too and, wait for it, he kicked out the HP Sales Rep and AE yelling and screaming how never wanted to see any HP test equipment enter a Wells Fargo facility ever again or hear that HP was talking to Wells Fargo IT employees about telecom or datacom products ever again.
Gee, security through obscurity. Needless to say, probably (?) most banks are using at least SSL or SSH by now, but for a measly $20K (in 1990 dollars, far cheaper today) in off-the-shelf equipment you could trivially do a man-in-the-middle replay attack just be putting some cones down and wearing a hardhat and hooking up to one of those telephone boxes outside the bank! And what audit trail other than your word some poor slob have against an "obvious secure" ATM transaction? None really.
This is absolutely true, unfortunately.
Re:Nail on the head! (Score:3, Interesting)
Would I risk something like this for for more money than I could otherwise reasonably expect to earn in my lifetime? Maybe. Imagine yourself in a situation where a few minutes effort would net you $10 million of someone else's money. Can you be sure that you wouldn't consider that at all tempting?
That reminded me of a Twilight Zone(?) episode where the following dialog takes place (stolen from a website):
"...a dark stranger brings a box to a man's door, promising wealth if he only presses a button on the top. As he is about to do just that, the dark stranger says, "if you press the button, someone you don't know will die."
The man debates it for a while, and then presses the dark stranger's button. The dark stranger hands the man his reward, and turns to leave, box in hand. As he leaves the man asks, "Where is the box headed now?"
The dark stranger replies, "Oh, I'm just taking it to someone you don't know."
Re:Dobbs racist? Please stop irrational accusation (Score:1, Interesting)
If you are willing to lick shoes to immigrate to America and others are not, thats your problem. (You wearing an american flag for a tshirt doesnt change the fact that you jumped through hoops to achieve immigrant status and everyone knows it.) Whether you like it or not, outsourcing will stay, because thats the way capitalism works. If you dont like it, go back to where you came from - you might find a job. Your opinion doesnt matter unless you are ultra rich.
Finally: Welcome to America. Land of Opportunity. And Lou Dobbs is a pretty pathetic attempt at covering up racism.