A global ATM heist targeting two Middle Eastern banks that came to light last week is an example of how easily financial crimes can be committed and coordinated in cyberspace, U.S. Homeland Security Secretary Janet Napolitano said on Tuesday.
"It demonstrates the kind and scope of financial crimes that are enabled in a network-connected world, particularly by those who have some skill although not necessarily the highest level of skill, quite frankly, but who can coordinate timing and the like," Napolitano told the Reuters Cybersecurity Summit in Washington.
Hackers in December stole a combined $45 million from two banks through coordinated ATM withdrawals around the world. They broke into two unnamed bank card processing companies, raised the balances and withdrawal limits on accounts, then withdrew the money.
The prosecutors did not name the two companies but said one was based in India and the other in the United States.
Napolitano, who declined to discuss details of the investigation, said the growing number of cyberattacks on banks has resulted in a closer relationship between the government and financial institutions to tackle potential threats.
"There is urgency and this is a big problem and legislation certainly would assist us in our efforts," she said, referring to cybersecurity legislation that has been mired in a divided Congress.
Napolitano said the legislation, the Cyber Intelligence Sharing and Protection Act, was vital to improve the flow of information in real time to help ensure companies know about possible cyberthreats.
The House of Representatives easily passed CISPA legislation on April 18, with majority Republicans getting some support from Democrats.
She said she hoped the Senate and the House could come together to agree on legislation to improve cyber sharing that is supported by the White House. She said officials were working on it behind the scenes.
While proposed legislation failed to get through the Senate last year, Napolitano said lawmakers had made some progress since then.
"One of the things that happened last year was the education of many members about this field. They didn't know very much, to be truthful," she said.
More congressional hearings on the issue are likely this summer, Napolitano said, but timing for action on the legislation is uncertain. "It's Congress, and they have their own measure of time," she added.
Napolitano also said the government was studying ways to use its purchasing power to induce software makers to sell more secure products.
"What we are looking at is what kind of incentives could be used to attract companies to use best practices, including in the software arena, and whether there could be procurement preferences," she said.