How I 'stole' $14 million from a bank: A security tester's tale
Click here to post a comment for How I 'stole' $14 million from a bank: A security tester's tale on our message forum
3dPlayer
Holy moly.Where do i start?! :banana:
sverek
Internet protocol suite
2) Knowledge of linux distributions (CentOS / Debian)
3) Can freely use MySQL / PostgreSQL / Microsoft SQL
With knowledge of Internet protocol suite, you should be flexible at finding servers within and outside of network.
2 and 3 is needed when you got access to the server. It will be about gaining access to Database and insert / update records.
1) Overall knowledge and weaknesses of scatman839
Story is slightly cut off, here's the rest.
VultureX
So all dutch banks that got attacked recently now probably all have new unknown bank accounts with millions of euro's on them 😛
I knew there was a reason for those seemingly pointless attacks.
phill1978
hacking, not from the outside but the 'near' side is super easy.
also its not hard to imagine money being stolen by banks / bankers / top level organisations under the guise of a hacker, or even pay a hacker to take a fall with a get out of jail free card.
some wireless systems still use LEAP and WEP ?! no LAN port blocking, no USB port blocking etc..
Its quite safe to assume most admins use simple or default passwords on their network servers and don't apply broadcast storm control on switches.
a tip* find a quiet spot in an organisation near a lan socket, identity / mac spoof, hide a 900mhz transmitter under a table or plant pot, steal data beyond the eye of any wi-fi monitoring @ 2.4 or 5ghz .. all this stuff be it illegal or not is easy if you want.
makes me wonder why any criminal bothers with a shotgun and a mask these days
sverek
alanm
This article will just encourage would be hackers whom otherwise would never have known about it to have a go at it.
Speed Weed
Want to learn how that's done?
Buy the Syngress series of books entitled ' Stealing The Network.'
There are loads of ideas on how to carry out a caper like this in real-time, without ever being caught. 😉
iamcreasy
airbud7
Chouji
Sprig
If that had been in NZ, he would have been arrested regardless of his intentions. Probably in the States too.
alanm
Even if someone hacked a bank and created a $14 mil account as this guy did, he wouldnt be able to get away with it. He would need valid ID credentials to cash it in. He can probably transfer or move the amount around to other accounts for a while, but sooner or later a real ID at an end point when any cash is withdrawn will be required. Then its only a short matter of time before he's busted.
Corrupt^
iamcreasy
Chouji
I figured it was just early protocols still in place. Still, no matter how sure you are, it should still be encrypted. Even if it's strictly internal, infranet etc.
iamcreasy
Yea...