Two groups of computer hackers say they are joining forces to steal credit card numbers from major banks and use the cards to charge donations to charities, protest groups and "those who have been cheated by our system."
The groups, Anonymous and TeaMp0isoN (Team Poison), are apparently each made up of a loose confederation of hackers who have claimed responsibility in recent months for cyberattacks on financial and political targets including the United Nations, PayPal and MasterCard. Their latest collaboration, known as "Operation Robin Hood," taps into the Occupy Wall Street sentiment that believes that banks and the wealthy have prospered at the expense of the poor and the middle class.
The project's manifesto can be found on an 8-minute YouTube video, which opens with scenes from the 1991 Kevin Costner movie "Robin Hood: Prince of Thieves" before switching to a digitized voice set to ominous music.
"When the poor steal, it's considered violence," the video says. "But when the banks steal from us, it is called 'business.' We have already taken Chase, Bank of America and Citibank credit cards, with big breaches across the map. We have returned it to the poor, which is the 99 percent who deserve it."
The video claims the hackers have already used the cards to donate thousands of dollars to protests, the homeless and charities. It says banks will lose money by repaying consumers whose cards were used.
In a subsequent written comment on the YouTube video, someone claiming to be one of the organizers clarifies that the operation will go after only cards held by "the rich": "Those Platinum/Corporate/Amex cards are going to be the targets in this Operation, nobody needs tons of money ... NOBODY needs to own several cars and homes."
No banks react No banks have announced data breaches, so it's unclear if the attacks have actually succeeded or whether they're just bluster designed to frighten consumers away from big banks. (The video also urged people to move their money to credit unions.) A Bank of America spokeswoman said Wednesday that her bank is unaware of any security breach. A Chase spokesman declined to comment. Citi did not immediately return a phone call.
Targeting consumers' personal financial information is a new tactic for the hackers. Until now, most of their maliciousness has consisted of so-called denial-of-service attacks, in which hackers overwhelm a website and render it unable to work. Members of the group Anonymous have claimed credit for such attacks on police departments that have cracked down on Occupy protestors and on financial companies such as PayPal and MasterCard, after they cut off funding to WikiLeaks. This week, Team Poison said it hacked into the United Nations and posted user names and passwords for more than 100 U.N. workers.
Phil Blank, managing director of security, risk and fraud for Javelin Strategy & Research, says most banks are well-prepared for cyberattacks and have sophisticated fraud-detection systems, but they're not impervious to breaches. He recommends consumers set up email or text alerts to tell them when charges are processed. Using identity-theft protection services such as LifeLock can also offer peace of mind.
Under federal law, consumers are not responsible for fraudulent credit card charges totaling more than $50. But there are different rules for debit cards and other consumer accounts.
Typically, banks go beyond legal requirements and don't charge their customers for unauthorized transactions, says Ryan Zagone, a spokesman with the American Bankers Association.
"Customer trust is paramount for banks," he says. "It's our most valuable asset."
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.