How I ‘Stole’ $14 Million From A Bank: A Security Tester’s Tale

by Steve Hargreaves @hargreavesCNN

In early 2010, Nish Bhalla sat down at his computer with one objective: steal a huge amount of money from a bank.

It wasn’t a typical heist. Bhalla is the chief executive of Security Compass, a company that tests security systems at banks, retailers, energy companies and other organizations with sensitive data. His clients — including the bank branch in the United States that he targeted in his 2010 attack — pay him to break into their systems.

It can be easier than most people think. The alleged thieves who made headlines last week for their $45 million bank heist used a similar type of attack that “created” money out of nowhere.

Bhalla talked CNNMoney through his caper. Here, in four easy steps, is how he made himself into a millionaire.

Step one, get access. Bhalla had one big advantage on actual thieves: His client gave him access to the bank’s internal network. For real-world crooks, there are some surprisingly easy ways to get in.

continue reading »