How a hacker's typo helped stop a billion dollar bank heist

<a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=11262177" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=11262177</a>

I worked at a very large company that had a email virus move quickly through the ranks...<p>The subject of the email was &quot;Please see attached documens&quot; in which a PDF was attached that upon opening would hijack your email account and send the same. Over the first day, I had about 100 emails from coworkers in my inbox. After our &quot;IT Security&quot; team sent out an email claiming they stopped the threat, the following day more emails came from coworkers that was a slight variant but had more typos.<p>I still wonder what sort of breach occurred and whether our internal teams performed a true investigation... obviously a foreign intrusion and they managed to at least gain control of quite a few internal machines.<p>I still get a laugh out of using the same subject in an occasional email to coworkers...

Why can&#x27;t we escrow these say 10 million plus wire transfers for long enough to seek some form of two factor authentication? Fax a random code to the head office or something? Seems like a pretty weak system.

Does the misspelling of &quot;foundation&quot; as &quot;fandation&quot; suggest the first language of an attacker(s)?

I think the real moral of the story is why is the Fed even part of these transactions without any actual security.

What&#x27;s the point of transferring to a bank account? Wouldn&#x27;t a bank account have an address associated with it? and some kind of ID proof of the account holder?

&quot;They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money&quot;

Crime pays. They still got away with $80m.

Moral of the story for techies: learn to spell! It could cost you dearly! &#x2F;smirk