Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Latvian "Robin Hood" Hacker Leaks Bank Details 170

eldavojohn writes "Move over Russell Crowe, an anonymous hacker in Latvia is being hailed as a real life modern Robin Hood. The hacker refers to himself as 'Neo,' claims allegiance with the Fourth Awakening People's Army, and is outing banks that are capitalizing off of the horrible economic status Latvia is currently suffering from. No word on how he is acquiring the information but it is slowly being leaked to TV sources via Twitter and the common people love him. The hacker is thought to be based in Britain but a TV reporter pointed out the fine line Neo is walking, 'On the one hand of course he has stolen confidential data ... and he actually has committed a crime. But at the same time there is value for the public in the sense that now a lot of information gets disclosed and the whole system maybe becomes a little more transparent.' An example of a juicy tidbit he revealed is that managers of a Latvian bank did not take the salary cuts they promised they would after the government bailed them out of economic trouble. You can imagine that taxpayers were upset and thankful they knew this information."
This discussion has been archived. No new comments can be posted.

Latvian "Robin Hood" Hacker Leaks Bank Details

Comments Filter:
  • by sopssa ( 1498795 ) * <sopssa@email.com> on Wednesday February 24, 2010 @03:11PM (#31263772) Journal

    Million Reasons Why Latvia Is The Best Country In The World [miljons.com]

    Be warned, you'll lose productivity for rest of the day.

    • Re: (Score:3, Informative)

      by jayme0227 ( 1558821 )

      I suppose it would be better if I could actually read what was written in the pictures, but really, I only lost about 38 seconds of productivity. Without a sense of context, the humor in most of those was lost on me.

    • by copponex ( 13876 ) on Wednesday February 24, 2010 @04:52PM (#31265188) Homepage

      Be warned, you'll lose productivity for rest of the day.

      Sir, we are already reading slashdot.

      • +1 Insightful Sad Truth
    • by Rufty ( 37223 )
      Thanks for that!
    • by luder ( 923306 ) *

      Be warned, you'll lose productivity for rest of the day.

      That's nothing, compared to English Russia [englishrussia.com].

    • I'm afraid there's at least one reason [youtube.com] neighbouring Estonia is better.

  • ahh (Score:4, Funny)

    by Anonymous Coward on Wednesday February 24, 2010 @03:15PM (#31263830)
    i saw a guy walking down the street just today - in a long black coat wearing sunglasses talking on his nokia. i thought "i bet that guys a leet hacker" probably him. he was scowling.
    • Re:ahh (Score:5, Funny)

      by grcumb ( 781340 ) on Wednesday February 24, 2010 @03:48PM (#31264272) Homepage Journal

      i saw a guy walking down the street just today - in a long black coat wearing sunglasses talking on his nokia. i thought "i bet that guys a leet hacker" probably him. he was scowling.

      You're wrong. The person you saw:

      • Was stylish;
      • Outdoors;
      • Had at least one friend.

      If this was a real hacker, he was disguised as a n00b.

      • It was 4am so there was no sun and he's not stylish. And he's was sshing into his voice controlled server.
      • Neo was the Chuck Norris of hacking. While his brain was sending l33t commands to a r00ted server, the manifestation in the virtual round was roundhouse kicks all the way.

        Oh, and some flying.
  • by JoshuaZ ( 1134087 ) on Wednesday February 24, 2010 @03:17PM (#31263866) Homepage
    Ok. Clearly the fact that the pay cuts for the executives didn't occur is something that this individual should have leaked and was the right thing to do. ( Why didn't the government insist on minimal transparency about the salaries in the first place? Because apparently corruption and lobbying is the same everywhere). Frankly, in TFA I don't see any information listed that shouldn't have become public. It doesn't look like they leaked anything that allowed people to take money from accounts or to steal identities or to create damage to the banks' computer networks. If there's any indication that Neo has done anything bad (other than choosing a really pretentious and unoriginal alias) I don't see it in TFA.
    • by Danse ( 1026 ) on Wednesday February 24, 2010 @03:24PM (#31263948)
      I think it's a good thing that he's doing this. Of course if he gets caught he'll face at least some sort of punishment. He's not being malicious or destructive, so I'd consider it a form of civil disobedience. What I'd like to hear is what kind of punishment the bankers are going to get for essentially lying and stealing from the taxpayers. I bet they get a slap on the wrist at best.
      • by fuzzyfuzzyfungus ( 1223518 ) on Wednesday February 24, 2010 @03:30PM (#31264024) Journal
        Slap on the Wrist?

        How dare you openly endorse such uncivil class warfare! It is everyone's obligation to understand that bankers are simply special. It would be an insult to apply rules made for common men to them.
      • by Bloopie ( 991306 ) on Wednesday February 24, 2010 @03:45PM (#31264220)

        I don't know anything about Latvia. Here in the U.S., though, you don't fuck with the big banks. They have money and power--which they will throw at your political opponents [nytimes.com] if you become too much of a "problem."

        From the article I just linked to:

        Republicans are rushing to capitalize on what they call Wall Street's "buyer's remorse" with the Democrats. And industry executives and lobbyists are warning Democrats that if Mr. Obama keeps attacking Wall Street "fat cats," they may fight back by withholding their cash.

        "If the president doesn't become a little more balanced and centrist in his approach, then he will likely lose that support," said Kelly S. King, the chairman and chief executive of BB&T.

        Balanced and centrist? I guess that just about sums it up.

        • by sricetx ( 806767 )
          The solution is for everyone to pull money out of Chase bank and cancel their accounts. Granted, like any boycott is may not be very effective, but that's about all the individual can do. See the website move your money for more information http://moveyourmoney.info/ [moveyourmoney.info]
          • What about all the people that have debt owed to Chase? Probably quite a large portion of people who do business with them actually.
            • If they owe money and Chase isn't properly capitalized (by massive pull out of money as grand parent suggests) then Chase will have to sell that debt to another bank (similar to how people have their mortgages sold) and probably go bankrupt in the process through discounts in the buy out. Or another bail out could possibly save them - I'd like to see how well that goes over.
        • by Lord Ender ( 156273 ) on Wednesday February 24, 2010 @05:20PM (#31265606) Homepage

          I can see those conversations:

          Bank chairmen: "Mr. Obama and Congress, give us billions of dollars of the Public's money, no strings attached."

          Politicians: "If we don't do this, your banks will close, the FDIC will go bankrupt, and we will have a terrible deflationary depression, is that right?"

          Bank chairmen: "You are correct. Billions of dollars, please. Hand 'em over."

          Politicians: "Well we must prevent a depression, but you don't exactly deserve billions of the Public's money. So here's the cash, but there will be strings attached..."

          Bank chairmen: "Whatever; thanks for the cash! PS: buy these defaulting mortgages from us too, please. At twice their real value. Good! Bye!" ... one year later ...

          Politicians: "Here are the strings we told you about..."

          Bank chairmen: "What? Regulation? Penalties? You radicals! We thought you were balanced centrists, not commies! After all our payouts, we still have a few billion of the Public's money left. If you try to force any penalties on us, that money will be used to make sure you never get elected again. Checkmate."

          Politicians: "Oh fuck--pwned."

        • by sjames ( 1099 )

          What really makes me wonder is that they cannot have put things more plainly. They are not only offering their cash to have the leaders of our nation act in their personal interest (and so against the best interests of the country) but they fully expect their offer to be accepted. All that and nobody even blinks.

          Truly, they should be lined up and shot as traitors, and so should anybody who accepts their offer.

          Perhaps it should be televised as an example to others.

        • In the Baltic states, the banks have less power than the retailers. But more money does not always result in victories in these countries. Let alone, companies are not allowed to contribute, only individuals are allowed. Last time I checked, there is a law prohibiting the type of funding that is usual in US. And all funding is 100% public - meaning anyone can check who contributed how much.
        • It's the same everywhere. Here in Belgium the boards of banks are loaded with past and current politicians just to make sure they know where their bread is buttered. The only exception may be China where even top officials are afraid of the partyvan (coincidentally the only place where banks are still lending money in significant amounts because politicians told them so.)

      • by Anonymous Coward on Wednesday February 24, 2010 @03:47PM (#31264246)

        what kind of punishment the bankers are going to get for essentially lying and stealing from the taxpayers

        A bonus?

        They won't stop until bankers get lynched in the streets.

        • by umghhh ( 965931 )
          you had an excellent idea - I mean the lynching one. I guess at some point the only thing good men can do.
      • Re: (Score:2, Insightful)

        by cdrguru ( 88047 )

        Let's see... the information that this guy is posting came from government tax documents. Meaning, pretty clearly that the government knew all about this and it is no surprise to anyone there.

        Some bankers made promises that didn't come true. Boo-hoo. As far as I am aware, unless there is some sort of "contract" involved promises mean, well, nothing. No criminal act, no wrongdoing whatsoever. For example, Obama promised to close Guantanamo Bay within one year. Where is his comeuppance? See, promises d

        • Re: (Score:3, Insightful)

          by Danse ( 1026 )

          There was no lying and no stealing from anyone. Get over it. People make lots of promises every day and they are effectively meaningless.

          Seriously? You don't see telling the government that you will take pay cuts in exchange for financial assistance and then not doing it as lying? This isn't even at all like Gitmo. At least there they've been making significant efforts even though they didn't meet their goal. The bankers just flat out lied because there's no effort involved in taking a pay cut. Lying in order to get money is generally considered fraud, yes?

        • Let me correct you - This is not in the context of the American legal system we are talking about. It's not even a common legal system. So they may be held to account for their public promises.
    • It seems to me that this could be the work of a whistleblower, but then I don't see why he/she would claim to be a hacker--unless Latvia does not protect against retaliation toward whistleblowers.

    • by Rary ( 566291 ) on Wednesday February 24, 2010 @03:35PM (#31264080)

      If there's any indication that Neo has done anything bad (other than choosing a really pretentious and unoriginal alias) I don't see it in TFA.

      Then you must not have read this sentence, found in both TFA and TFS: "On the one hand of course he has stolen confidential data... and he actually has committed a crime."

      Just because some of the information in some of the stolen documents should be made public doesn't change the fact that he stole the documents. Having a good reason to commit a crime doesn't make it not a crime. It might, in some circumstances, get you leniency in sentencing, but it's still a crime.

      • by GoCoGi ( 716063 ) on Wednesday February 24, 2010 @03:43PM (#31264194)
        A "crime" is not necessarily "bad".
      • by Danse ( 1026 )

        If there's any indication that Neo has done anything bad (other than choosing a really pretentious and unoriginal alias) I don't see it in TFA.

        Then you must not have read this sentence, found in both TFA and TFS: "On the one hand of course he has stolen confidential data... and he actually has committed a crime."

        Just because some of the information in some of the stolen documents should be made public doesn't change the fact that he stole the documents. Having a good reason to commit a crime doesn't make it not a crime. It might, in some circumstances, get you leniency in sentencing, but it's still a crime.

        The fact that the crime was committed against those who were themselves engaged in criminal acts may cause the courts to consider it a justified act committed to prevent a much greater crime (i.e. the theft of large amounts of taxpayer money).

        • >> the theft of large amounts of taxpayer money

          I don't think that's officially a crime anywhere anymore

        • The fact that the crime was committed against those who were themselves engaged in criminal acts may cause the courts to consider it a justified act committed to prevent a much greater crime (i.e. the theft of large amounts of taxpayer money).

          I really hope so, but I don't have much faith in the court system anywhere after reading about what happened to the Google Executives in Italy.

      • by JoshuaZ ( 1134087 ) on Wednesday February 24, 2010 @03:47PM (#31264248) Homepage
        Committed a crime and did something bad are not the same thing always. Sometimes the moral or ethical act is against the law. It doesn't take much effort to give historic or current examples. Just a few people off the top of my head who've committed crimes that are morally either ok or the right thing to do: off the top of my head: abolitionists in the pre-Civil War US, protestors in Iran, and whoever gave Wikileaks their leaked documents about Guantanamo.
      • Having a good reason to commit a crime doesn't make it not a crime. It might, in some circumstances, get you leniency in sentencing, but it's still a crime.

        Not going to disagree with you there, but willingness to commit crime can sometimes be the moral action when the law protects the immoral. There are few people that are so brave, and their actions should be lauded regardless of their criminality. One man's villain is another man's hero. Of course, the only positive thing that can be said about moral, criminal acts is that you get to be self-righteous. If you get caught, you still go to jail. On the other hand, King Richard eventually pardoned Robin Hood. Go

      • Of course, "stealing confidential data" (from a non-government source), where the confidentiality is self-defined by the owner, is exactly the kind of DMCA type violation we regularly decry here. What you (and TFA) are suggesting is that the act of acquiring the data is a crime in and of itself, rather than the criminal use of the data.
        • by Rary ( 566291 )

          The DMCA is about copyright protection and reverse engineering. It has nothing to do with hacking into information systems to obtain data.

          • It was exactly the "act of attempting it is a crime itself" aspect of the reverse engineering provisions that I was referring to.
            • by Rary ( 566291 )

              But breaking into computer systems was a crime before the DMCA, and will continue to be a crime even if the DMCA disappears tomorrow.

        • by cduffy ( 652 )

          Of course, "stealing confidential data" (from a non-government source), where the confidentiality is self-defined by the owner, is exactly the kind of DMCA type violation we regularly decry here. What you (and TFA) are suggesting is that the act of acquiring the data is a crime in and of itself, rather than the criminal use of the data.

          These are trivially distinguishable, even in concept.

          In the case of hacking into an external system, one is (a) making false representations to a third party (via their compu

      • "I can beat up anyone I want as long as I am doing it for the public good"

        I am not saying Batman or this guy isn't doing good work, but he is steeping on allot of toes here. The banks are going to want to throw the book at him and the politician are going to be mad that their corruption/indifference is shown. Even if the "people" are on his side, its going to be hard to argue in a democracy he shouldn't be punished.

        Also, he has to have some strong ethical guidelines here. Joker gets away with murder beca

      • by umghhh ( 965931 )
        Here in Germany stealing data from banks is ok.

        At least as long as banks in question are in Switzerland and stolen data can help in 'fixing' the budget deficit or so their propaganda says.

      • by Arker ( 91948 )

        That is a bald assertion however.

        Just because someone *wrote* that he committed a crime, and someone else repeated it, does not mean it is true. I would like to see it explained exactly what crime he committed here. It appears all he did was increment and decrement urls. A system that calls that a crime would be criminally insane.

    • Well do you want people poking around your accounts even if they are not giving information that will lead to identity thief.

      Say for example the following...
      They see a bunch of sales at a liquor store. Then they have an idea that you are a drinker/partier and give this information to your health insurance company so they can deny coverage.

      Or How much porn you actually buy, say you were running for politics or put on the impression you are of strong moral values.

      Or lets just say you are spending a little ext

      • by Arker ( 91948 )

        Well do you want people poking around your accounts even if they are not giving information that will lead to identity thief.

        Whether I want it to happen or not and whether it amounts to a crime or not are two entirely different questions. As also is, if a crime was committed, who specifically committed it?

        From what I can tell this guy just decremented and/or incremented URLs and the server sent him the information. If there was a crime committed, it would seem to have been commmitted by whomever had respon

    • by richlv ( 778496 )

      for the record, from the currently publicly available information.

      1. information was obtained from a very simple and (supposedly) obvious software vulnerability;

      2. software in question was developed by exigen services latvia (http://www.exigenservices.lv/ [exigenservices.lv]);

      3. an audit was conducted on the local irs (vid) it systems by kmpg and ernst & young, totalling at 1 million lats (~ 2 million usd);

      4. data leaked includes full wage information on majority of companies in latvia.

      a lot of factors are being disputed (

  • Bunch of Fapa's.
  • " An example of a juicy tidbit he revealed is that managers of a Latvian bank did not take the salary cuts they promised they would after the government bailed them out of economic trouble."

    Are you sure he's actually talking about Latvia and not the US?

    Oh wait, AIG's execs had the balls to promise nothing and actually give themselves *bonuses* for running their company so far into the ground that it needed a bailout.

  • by JackPepper ( 1603563 ) on Wednesday February 24, 2010 @03:31PM (#31264032)
    stole from the government and gave to the overtaxed. This guy is copying from the government and pasting to the people. He's more like a "Neo the Document Liberator?"
  • Latvia has banks? :) sry.

  • How original.
  • If he is from Britain, maybe it is angle-grinder man who has been reborn with new super-powers. http://www.zimbio.com/10+Real+Life+Superheroes+Who+Have+Actually+Made+a+Difference/articles/KK4rSsSTgOq/2+Angle+Grinder+Man [zimbio.com]
    • Whoever designs a website with a 10-part, ad-laden article which OPENS A NEW WINDOW EVERY TIME YOU CLICK ON THE " GO TO PART N+1" needs his head violently pressed against a cheese grater until he fixes it.
    • Re: (Score:3, Insightful)

      by Idiomatick ( 976696 )
      #5 succcks, she basically stops stupid people that put themselves in bad situations from learning any lessons. Stopping drunk chicks from leaving with guys is stupid. To top it off she's sexist:
      "I protect the single girl living in the big city," Terrifica told ABC in 2002. "I do this because women are weak. They are easily manipulated, and they need to be protected from themselves and most certainly from men and their ill intentions toward them."
  • ...than investigative reporters going through people's trash. Now, releasing those bank account numbers so individuals who so wished could withdraw what they like, that would be Robin Hood-style.
  • by greymond ( 539980 ) on Wednesday February 24, 2010 @03:42PM (#31264176) Homepage Journal

    I'd like to see someone give out information on the financial businesses that received bailout funds, but rather than just hearing about executives at bankrupt companies getting paid millions in bonuses, how about we just be told their bank account numbers, routing numbers, and other personal information so we can bail ourselves out of their mess?

  • by DigitalReverend ( 901909 ) on Wednesday February 24, 2010 @03:44PM (#31264206)
    FAP Army.
    • by Ltap ( 1572175 )
      Which makes you wonder about what it would be like for people to cheer for them. "fap fap fap fap fap!"?
  • Danger (Score:3, Interesting)

    by Elektroschock ( 659467 ) on Wednesday February 24, 2010 @03:45PM (#31264222)

    I mean, when you think of international conferences, most ^evil^ lobbyists use the wi-fi in the conference hotel. The presentation is boring, so 60% of them read their mails during the conference. Of course a criminal could just monitor their traffic, read their mails and grab their access passwords, then sent their mails and stuff to wikileaks. It is a danger to our national security because it is technically feasible but no one does. So the protection against criminal action is actually ethics not technology. The real danger is that Robin Hack gets famous and popular, and these pratices get spread by kiddies who enjoy to "Hack the Banksters". Or maybe the Chinese do, no idea.

  • What does Russell Crowe have to do with this again? Maybe you mean Kevin Costner?

  • by BJ_Covert_Action ( 1499847 ) on Wednesday February 24, 2010 @03:48PM (#31264264) Homepage Journal
    I don't recall who, or on what thread, but someone posted a comment a couple days back that said something along the lines of, "People used to cheer for bank robbers. It will happen again." I figure this was a reference to John DIllinger [wikipedia.org] and the like. It appears that whoever it was that said that has some decent predictive powers...or at least a good bit of luck every once in awhile.
    • by tool462 ( 677306 )

      It appears that whoever it was that said that has some decent predictive powers...or at least a good bit of luck every once in awhile.

      Or it's the guy who leaked the data ;)

    • Cheering for bank robbers depends on whether or not your money was in said bank... :P
    • by mirix ( 1649853 )

      I always liked how Woody Guthrie put it in his song about "Pretty boy" Floyd (same era...)

      "Some will rob you with a six-gun, and some with a fountain pen."

  • by pacbowl ( 1653493 ) on Wednesday February 24, 2010 @03:59PM (#31264390)
    If the First, Second and Third Awakening People's Army didn't rattle enough cages effectively, what makes them think the Fourth will prevail?
  • Hacker? Not really (Score:4, Informative)

    by hammeraxe ( 1635169 ) on Wednesday February 24, 2010 @04:04PM (#31264482)
    I think calling the guy a hacker is a bit over the top. Basically what he did was change the document id numbers in the URL. The information he was accessing was not secured in any sensible way: the login page could be bypassed by simply entering an address by hand. It's pretty much an epic fail of the company that made the system (unless the flaw was introduced intentionally for some reason). Source: http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&layout=1&eotf=1&u=http%3A%2F%2Fwww.diena.lv%2Flat%2Fpolitics%2Fhot%2Fneo-no-4ata-mes-bijam-parsteigti-ka-mums-tik-ilgi-lava-datus-kopet&sl=auto&tl=en [google.com]
    • by ACS Solver ( 1068112 ) on Wednesday February 24, 2010 @05:49PM (#31266008)

      The BBC article doesn't entirely reflect the situation. I live in Latvia and do know better ;)

      The main thing they're not mentioning is the origin of that data. It wasn't just "downloaded" from the State Revenue Service via a hack or somesuch. This part has made headlines here - it turned out that the Revenue Service's internal system that contains information on all tax payers had no security, at all. You could view the confidential info by accessing an unsecured URL. And just by changing the entry id parameter in the URL, you could get to information about different tax payers, as the parent says. Any moron could get that data and apparently the "hackers"/whistleblowers in question downloaded it over the course of a couple months.

      Latvia is no US and of course the organizations here don't have the same kind of security experience that organizations from big countries. Still, this is an important governmental organization we're talking about and the security hole in question is blatant and obvious. As such, many here have doubts that it was accidental, it's quite possible that the Revenue Service was sabotaged.

      This Neo guy and his organization are apparently planning now to release information about the financial activities of a bunch of organizations, including governmental ones, as allegedly they believe it will help the society here, create more responsibility, etc. They have, banks aside, so far released information about the salaries of police and public transportation employees. The bank is a separate story really, it got bailed out when the recession hit hard here, and this bailout has in itself been a subject of much contention.

  • Not a Hack (Score:4, Informative)

    by MrTripps ( 1306469 ) on Wednesday February 24, 2010 @04:04PM (#31264492)
    "The nation's security council discussed the breach and expressed concern that only 50 percent of the country's 175 state-run data systems have security oversight. President Valdis Zatlers called for immediate action to install proper security on all systems. Computer experts concluded that the breach did not constitute a cyber-attack and was the result of poorly developed software and systems management." http://www.kansascity.com/2010/02/24/1770170/cyber-whistleblower-stuns-latvia.html [kansascity.com] I'd hate to be that CIO.
  • by karuna ( 187401 ) on Wednesday February 24, 2010 @04:15PM (#31264650) Homepage
    The summary is completely wrong. The actual history in short is as follows: Latvian Neo claims that the anonymous group 4ATA has downloaded about 7.4 million tax statements from the Latvian tax authority website that is used by businesses to submit their tax declarations electronically. It was done over 3 months period before the IT department realized that something is wrong. The stolen data includes practically full information about salaries and payments received by employees of all Latvian public and private enterprises.

    4ATA is now periodically releasing the detailed pay information of certain public companies one at a time. He is careful to remove actual names of employees and for many this data seems trivial. But with this he is trying to prove that the claimed austerity measures undertaken by the government to fight the economic crisis is a big lie. However, the periodic release is annoying politicians who can't find a way to stop this leak.

    As for Neo walking the fine line, he downloaded the data without circumventing any security measures as he claims that the website was open to everyone. The hole was one specific URL normally used by an authorized user to review his own statements. Each document in the total database is assigned an ID number and by sequentially changing the ID number in the said URL, everyone could download the whole database as no authorization was checked by the script on the server. After some time the tax department notice irregularities and noticed the developer of the system but they were rather slow to fix the breach. When they finally managed to get the act together, Neo had already downloaded about 98% of the database.
  • Neo?? (Score:2, Funny)

    by stonedcat ( 80201 )

    How has this not been tagged "thematrix" yet?

  • Cracking the IRS d-base :)

  • I didn't do it.

As of next Thursday, UNIX will be flushed in favor of TOPS-10. Please update your programs.

Working...