Hackers wreak havoc on Aussie banks

More than 20 Australian banks were hit by hackers last year, with money disappearing from at least one bank's customer accounts

The Commonwealth Bank of Australia is just one of a long list of banks that have been the target of a security breach, with one industry expert claiming there were more than 20 banks hit in Australia last year. But who is to blame, the banks or the customers?

An anonymous hacker has reportedly breached the security of the Commonwealth Bank of Australia's Quickline Internet service and taken money from customers' accounts.

Ajoy Ghosh, Unisys Australia architecture director, IT security consulting services, told ZDNet that this is not the first time Australian banks have been the subject of a security attack, saying that more than 20 banks were hacked into last year.

"...the issue is that it's not new, it's been done to other e-commerce sites and banks," he said.

"It's not just the Commonwealth Bank, all banks are susceptible to attacks on the clients' end."

According to Ghosh, the problem that exists for e-commerce and Internet banking Web sites is that the security breach occurs on the end-user's computer.

The Commonwealth Bank's banking solution software, which keeps information about the client on a database, needs to be downloaded onto a personal computer to activate the Internet banking service. Ghosh claims hackers can decrypt code and obtain passwords by cracking into the downloaded software on the end-user's computer.

Once the hacker obtains a user's ID and password, he or she can then log onto the Internet banking service and redirect money from their accounts.

"The attack happens at the end-user's terminal, all banks are aware of this but it's a trade-off between having a system that's useable or totally secure," Ghosh said.

Ghosh claims attacks have nothing to do with the bank's security.

Another way for a hacker to gain secure information from a user's computer is through the browser which pops up asking the user if they require the use of the remember password option.

This tool is attached to a user profile on the laptop or PC, which a hacker can easily gain access to and decrypt the password, according to Ghosh.

"People need to be more security aware and consciously weigh up the risks of transacting on the Internet and decide for themselves if they are willing to take the risk between security and convenience," Ghosh said.

If the banks aren't to blame, are they liable?

According to Ghosh, in all previous hacking incidents the banks have refunded customers' money.

"The tragedy of this situation is that people will stop using the Commonwealth Bank's Internet banking service, but the reality is it's applicable to any e-commerce and bank Web site," he said.

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.