Somebody tried to rip off my IB account and wire money to New Zealand
- Thread starter Trajan
- Start date
- Status
IMHO, firewalls at home are pretty useless. The people who have firewalls are usually the ones who open e-mail attachments or have Outlook Express configured so it opens them automatically for them, they download and install programs or things like flash presentations without ever scanning them, most of the time without even knowing they are executing code from the internet. A firewall won't protect you against any of those hazards. Actually, the first time when a firewall in every household, if configured correctly, would have been of any use was this summer when the msblast.exe type viriii attacked.
Should I be scanning flash webpages? How can I do that? I use Norton in active mode and it alerts me to anything malicious, but as far as I know it does not scan each webpage or the code that may be on it. What do you security gurus suggest as the best way to protect against all of this? I ran the probes from the links that were posted and the only port showing that is not in stealth mode is port 80 (the web port). Its showing up as closed but there.
I thought I had protected myself, but all this talk has me a little worried.
I thought I had protected myself, but all this talk has me a little worried.
even if the user unwittingly installs malicious content on their pc, if the firewall is set to only enable outgoing data on a case by case permission only basis, i would expect this to block 99% of all keystroke logs, do you agree?
dont give outgoing permission to anything the slightest bit questionable, including media player, system32 generic host process, windows explorer, etc.
When it comes to security, here are some steps to follow:
1. Never surf the web or open email when logged in as adminstrator. This makes it harder for unwanted programes to get on to your system
2. Use a hardware firewall, they are generally more secure than software firewalls. And not that expensive. Also regularly check the traffic in and out using the software that comes with your firewall.
3. Regularly run Adaware by Lavasoft, as well as Spybot. They pick up different types of spyware.
4. Surf the net using Morzilla, not IE. You can choose the sites that are allowed to set cookies on your hard drive. Only allow cookies from sites you trust. You can also add PGP encryption to the Morzilla email program.
5. If you have to store your passwords in electronic format, use coded descriptions that others will not be able to identify, or encrypt them using a product like this www.invisiblesecrets.com
6. Consider an encrypted webmail sevice such as www.hushmail.com
7. Run a quality virus checking program and update it regularly
8. Do not use the same password for all your email, broking and banking
9. Never download file sharing software onto a computer connected to your network. These are well known for having inbuilt spyware.
10. Do not tell the world where you live, who you bank with or how much you make trading over the internet. You make yourself an easy target for identity theft.
11. And never ever ever ever use your real name on a message board.
Runningbear
1. Never surf the web or open email when logged in as adminstrator. This makes it harder for unwanted programes to get on to your system
2. Use a hardware firewall, they are generally more secure than software firewalls. And not that expensive. Also regularly check the traffic in and out using the software that comes with your firewall.
3. Regularly run Adaware by Lavasoft, as well as Spybot. They pick up different types of spyware.
4. Surf the net using Morzilla, not IE. You can choose the sites that are allowed to set cookies on your hard drive. Only allow cookies from sites you trust. You can also add PGP encryption to the Morzilla email program.
5. If you have to store your passwords in electronic format, use coded descriptions that others will not be able to identify, or encrypt them using a product like this www.invisiblesecrets.com
6. Consider an encrypted webmail sevice such as www.hushmail.com
7. Run a quality virus checking program and update it regularly
8. Do not use the same password for all your email, broking and banking
9. Never download file sharing software onto a computer connected to your network. These are well known for having inbuilt spyware.
10. Do not tell the world where you live, who you bank with or how much you make trading over the internet. You make yourself an easy target for identity theft.
11. And never ever ever ever use your real name on a message board.
Runningbear
Quote from version77:
IF someone rips your cash out of your account at IB who's
fault would it be? I thought IB had upped it's security. Now
I wonder if they have or not. I know they changed the way
they used to send your account info through email like it was
everybody's business. Now you have a choice whether you
want the world to see your account info. Nice... Now they
have a loophole and can blame it on you... (they must of
gotten your account info from your email that WE sent you),,,
by mistake... sorry... since it is under 100K the FBI or us
or nobody will help you get your money back... too bad...
and we do not confirm wire transfers.... we just send them
out all over the planet because, ah we get paid to do it..
We will never know how many times someone has tried to
rip $$$ from IB because they will never tell us...
If they did, everyone would probably close their account ASAP.
If thier servers go down, why cannot their security measures
also fail 2 or 3 times a week? This is really scary...
Before we focus on the rumor-mill rather than facts, would the customer who started the thread and believes there is/was a security breach on the account, please do the following as soon as possible:
1.) call the Customer Service Desk in your time zone. If Asia, ask for Steve; if Europe, ask for Heinz; if America, ask for Don, Cindy, or Pam. Please explain clearly that you believe there was a security problem on the account, ask for the problem ticket number, and ask that the issue be escalated immediately to Jon in management.
2.) please provide as much detail as possible as to dates, amounts, anything else that would assist us in identifying the problem
3.) please report to the local manager (one of the above people) the name of the service rep who you reported as acting nonchalantly.
I want to be very clear and unambiguous:
IB CONSIDERS ACCOUNT SECURITY TO BE A MATTER OF HIGHEST PRIORITY.
We have one of the most sophisticated banking security schemas (a password protected digital secure ID card). Details are posted on the website. We strongly urge ANY customers who have security concerns to subscribe to this program.
We have deposit and withdrawal procedures (including various speedbumps) that, while making it sometimes inconvenient for the customer to transact normal business, add a confirmation layer to make hacks more difficult. Contrary to the assertion above, this is a confirmation process.
Remember that in the war against hackers and thieves, the defenders have to be right 100% of the time. The attackers only need to be right once. Anyone who reads the news should understand that when Microsoft, Citibank, and the D-o-D can be hacked, we (both IB and its customers) should avail ourselves of any and all measures to avoid security breaches. If you are concerned and are serious, subscribe to the secure ID program.
Jon
IB Management (Global Operations)
I am PARANOID about security and I have worked 17 years in the computer industry.
Sygate is a good firewall, used Zonealarm too but found it not as userfriendly. The Built in XP firewall does not check outgoing traffic and as such is next to useless.
Am also using a hardware based firewall that uses NAT (Network Address Translation)
PestPatrol is good for detecting spyware / trojan horses / keyloggers
Running Win2000 is far more secure than XP, in addition in standard configuration on the same hardware it runs 20% faster.
As I understand it the NSA, Dept of Defense use WIn2000 for their sensitive stuff.
If you look at www.cisecurity.org then you'll see that the XP is lacking from the list.
I do also additional things in the Local Security Policy, like unable to log on from a network, no administrator account, always requires passwords, keep logs from failed and succesfull log ins, dial up and dial out etc. etc.
Am not using Messenger etc.
You can download from grc.com a utility to switch of PNP in XP which is a security hole.
Am not allowing remote registry manipulation and monitoring and assitance in case of faults (nicely built in by MicroShit ehhh, typo, apologies: MicroSoft), send no bug reports etc.
Do not use wireless networking, monitoring it for 4 hours will give full access to your machine if you know how. You need only a PDA and you can sit in a car 100 yards away. Some nutcases drive around and scan for this. Remember those little X10 spycameras? Great fun tapping into those they are not secured at all. You would be suprised where people have those installed! There are many getting a kick out of locating those and then they tell their mates about it.
I am also having something called BestCrypt which is encryption of sensitive files. I only open that up when I need something from there. And I only do this after a restore - the way I install my machine that means that the machine is "virgin" installed: never has seen the internet. It is complicated to do but gives me an added layer of safety.
(Did not work for four years on developping systems so some nutcase can steal my ideas and blast it over the internet to all his / her friends)
Am not using web based & server based software. Too easy for some crook programmer to slip in some utility to see what is happening on your system. So no eSignal, Ensign, Quote Tracker,eASCTrend etc to name a few. No-one in partivcular targetted with that - just paranoid about all that java and not knowing what is being communicated back to the server.
I do not keep any sensitive ( = unnecessary eg banking) information on my machine and do not let IE save any passwords.
I have a backup procedure where I boot from CD, make an image of the partition onto another hard disk. (PowerQuest Disk Imager).
Whenever I do maintenance, make a change, am suspcious about some website I visited I restore the diskimage immediately and run a virus checker, pestpatrol and switch in Sygate ALL permissions off. Then whatever program that wants to communicate to the outside world has to prompt me first.
A few times I have caught trojan horse and other nasties.
And for discussion groups, emails: have several (email) accounts, each one with a different password and different from my other accounts. In that way I can check which discussion group is compromised and passes my email address on to spammers etc. I will then leave that email address and discussion group.
No internet banking.
I have recently been stung by a software vendor of trading software that I bought three years ago. I asked for some support and I was rewarded by having twice the purchase price of the software deducted from my credit card without authorisation.
Fortunately the bank that I am with takes this seriously and investigated.
I do no longer use my Credit Card on the web - if they want it then I will phone them and send them a fax.
This list is by no means exhaustive, there are many more things I do but it gives you the idea.
In addition I trade mainly on EOD information, having been stung by internet connections going down while in a daytrade. No more, I use intraday to enter a trade but timing is no longer critical, I could just as well pick up the phone and give an order.
There is a cyberwar going on, if you like it or not and most people place far too much faith in total reliance on their systems.
Hope this helps
Sygate is a good firewall, used Zonealarm too but found it not as userfriendly. The Built in XP firewall does not check outgoing traffic and as such is next to useless.
Am also using a hardware based firewall that uses NAT (Network Address Translation)
PestPatrol is good for detecting spyware / trojan horses / keyloggers
Running Win2000 is far more secure than XP, in addition in standard configuration on the same hardware it runs 20% faster.
As I understand it the NSA, Dept of Defense use WIn2000 for their sensitive stuff.
If you look at www.cisecurity.org then you'll see that the XP is lacking from the list.
I do also additional things in the Local Security Policy, like unable to log on from a network, no administrator account, always requires passwords, keep logs from failed and succesfull log ins, dial up and dial out etc. etc.
Am not using Messenger etc.
You can download from grc.com a utility to switch of PNP in XP which is a security hole.
Am not allowing remote registry manipulation and monitoring and assitance in case of faults (nicely built in by MicroShit ehhh, typo, apologies: MicroSoft), send no bug reports etc.
Do not use wireless networking, monitoring it for 4 hours will give full access to your machine if you know how. You need only a PDA and you can sit in a car 100 yards away. Some nutcases drive around and scan for this. Remember those little X10 spycameras? Great fun tapping into those they are not secured at all. You would be suprised where people have those installed! There are many getting a kick out of locating those and then they tell their mates about it.
I am also having something called BestCrypt which is encryption of sensitive files. I only open that up when I need something from there. And I only do this after a restore - the way I install my machine that means that the machine is "virgin" installed: never has seen the internet. It is complicated to do but gives me an added layer of safety.
(Did not work for four years on developping systems so some nutcase can steal my ideas and blast it over the internet to all his / her friends)
Am not using web based & server based software. Too easy for some crook programmer to slip in some utility to see what is happening on your system. So no eSignal, Ensign, Quote Tracker,eASCTrend etc to name a few. No-one in partivcular targetted with that - just paranoid about all that java and not knowing what is being communicated back to the server.
I do not keep any sensitive ( = unnecessary eg banking) information on my machine and do not let IE save any passwords.
I have a backup procedure where I boot from CD, make an image of the partition onto another hard disk. (PowerQuest Disk Imager).
Whenever I do maintenance, make a change, am suspcious about some website I visited I restore the diskimage immediately and run a virus checker, pestpatrol and switch in Sygate ALL permissions off. Then whatever program that wants to communicate to the outside world has to prompt me first.
A few times I have caught trojan horse and other nasties.
And for discussion groups, emails: have several (email) accounts, each one with a different password and different from my other accounts. In that way I can check which discussion group is compromised and passes my email address on to spammers etc. I will then leave that email address and discussion group.
No internet banking.
I have recently been stung by a software vendor of trading software that I bought three years ago. I asked for some support and I was rewarded by having twice the purchase price of the software deducted from my credit card without authorisation.
Fortunately the bank that I am with takes this seriously and investigated.
I do no longer use my Credit Card on the web - if they want it then I will phone them and send them a fax.
This list is by no means exhaustive, there are many more things I do but it gives you the idea.
In addition I trade mainly on EOD information, having been stung by internet connections going down while in a daytrade. No more, I use intraday to enter a trade but timing is no longer critical, I could just as well pick up the phone and give an order.
There is a cyberwar going on, if you like it or not and most people place far too much faith in total reliance on their systems.
Hope this helps
Did you type this from your bomb shelter filled with freeze-dried foods and gas masks for the impending nuclear holocaust?Quote from bali_survivor:
I am PARANOID about security and I have worked 17 years in the computer industry.
....
There is a cyberwar going on, if you like it or not and most people place far too much faith in total reliance on their systems.
Hope this helps
To prevent this whole thing from happening is that Inter Brok should have a system where an employee calls the account owner if he is taking money out. Just in case.
richtrader,
no not from one of those places.
If I like to go somewhere I trade from there. I may trade from Bali where they blew up my favourite hangout and just missed me. I may trade from the Philippines where I saw some daytraders being wiped out because some nutcases flew some planes in some buildings in the US.
I may trade from Hong Kong or Thailand or wherever I like to hang out.
It is called "risk assesment" and I do not like to leave things to chances. If someone decides to flog my PC because it has the value of a whole year or more of their income I want my information safe. Being lost is fine, being accessed is another matter.
Suppose you have never had the pleasure of discovering that would be kidnappers just missed you by a few hours, or having had the pleasure of living in some of the lesser off countries. It will change your outlook on life and teaches you to leave nothing to chance.
no not from one of those places.
If I like to go somewhere I trade from there. I may trade from Bali where they blew up my favourite hangout and just missed me. I may trade from the Philippines where I saw some daytraders being wiped out because some nutcases flew some planes in some buildings in the US.
I may trade from Hong Kong or Thailand or wherever I like to hang out.
It is called "risk assesment" and I do not like to leave things to chances. If someone decides to flog my PC because it has the value of a whole year or more of their income I want my information safe. Being lost is fine, being accessed is another matter.
Suppose you have never had the pleasure of discovering that would be kidnappers just missed you by a few hours, or having had the pleasure of living in some of the lesser off countries. It will change your outlook on life and teaches you to leave nothing to chance.
- Status