Fallen Citadel: Malware Attack on Bank of India

Story URL: http://www.theregister.co.uk/2007/09/01/bank_of_india_website_takeover/ 

The recent, crippling, malware attack on the website of Bank of India (http://www.bankofindia.com) is a stark reminder of how far away are the banks from offering secure net banking facilities. Obviously, BoI is not the only bank to suffer from a security lapse; more, high profile, banks have also suffered security breaches of varying criticality in the past.

So, why is that in spite of so much media attention and corporate focus on information security (and especially internet security), the attackers continue to get away with their exploits?

I believe that one of the weakest links in the financial security chain - users / consumers / customers - are still not attuned to the idea of security, vulnerabilities. Average users are simply ignorant and they also get intidimated by the jargons being bandied around by the vendors & the sites.

The problem is compounded by developers who are not well versed with the principles of secure design. It is only ironic that the front page of the website of the Bank of India has a link (currently non-functional) titled "Security Tips"!!

From whatever little I have learnt about design, most website designers develop the sites and then try to make them secure rather than integrating security in the design itself. Hopefully, this attack will prod all banks to audit their sites and ensure that they are safe to be used.