STRATEGIC PARTNERS
July 2, 2002
OKLAHOMA CITY, Oklahoma -- Home National Bank on June 27 admitted that its computers were cracked by a foreign hacker who stole confidential information such as bank statements and Social Security numbers, according to a report in the Daily Oklahoman.
The incident, which took place in June of 2001, resulted in no financial losses at Arkansas City, Kan.-based Home National Bank, said Michael Walker, senior vice president.
After the culprit boasted of his break-in to MSNBClast week, the bank notified 18,000 customers about the hacking incident.
"We sent out letters to our customers not because any accounts have been compromised," Walker said, "but so that customers could pay more attention to their accounts."
Home National has 11 branches in Kansas, Oklahoma and Arizona. Walker said Home National was first e-mailed by the hacker -- a Ukrainian individual or group called "Mr. Zilterio" -- in December. The hacker demanded hush money or he'd publicize the information he had stolen from the bank's online banking site.
"He claimed to have hacked upward of a dozen banks within a very short time period of having contacted us," Walker said. "His intent is to create fear so that people will fork over big bucks in the hope he won't go public."
Instead, Home National contacted the FBI and the U.S. Comptroller of the Currency, the regulator of national banks.
The bank also brought in two computer-security firms that determined there had been a June 2001 break-in through the bank's online banking Web site.
Walker said Home National at first decided not notify customers of the break-in. He said the culprits furnished the bank no proof they had stolen anything, and the bank didn't want to compromise the FBI investigation.
Zilterio recently sent confidential Home National customer data to MSNBC, to show off his computer-cracking expertise.
According to a June 22 MSNBCstory, an e-mail from Zilterio contained "thousands of customer bank statements" along with Social Security numbers, account numbers, balance information and even lists of ATM withdrawals and cleared checks.
Home National said that the e-mail was its first proof Zilterio really had stolen confidential information. "I believe he singled us out (to MSNBC.com) because we were one of the banks that refused to pay him," Walker said.
The MSNBC story also detailed four other apparent extortion attempts which have been made public since October. In those attempts, Zilterio demanded close to $100,000. None of the victims paid.
Zilterio sent an e-mail to many of the 350,000 customers at online shopping service Webcertificate.com last fall. Just a month ago, people who shopped at electronics retailer TheNerds.net were contacted by Zilterio. He's still threatening to release data taken from LinkLine, a small Internet service provider. And in April, he sent e-mails to reporters announcing he had stolen data from Fahnestock & Co. a stock brokerage.
Zilterio boasted to MSNBC that he has extorted $150,000 in hush money from the businesses he's hacked. He claimed to have stolen data from 15 companies, and said nine have paid him rather than have their data made public.
There's no proof Zilterio has ever received any payment.
Home National reassured its customers that the cyber-risk "is no greater than a lost checkbook," Walker said. "You're protected if there's a loss."
Walker added that the bank is keeping a close eye on account activity, especially automatic withdrawals.
