Information Security News mailing list archives
Re: Forbes ASAP: How to Hack a Bank
From: Matt Caston <mcaston () INSNET COM>
Date: Sat, 20 May 2000 12:55:57 -0500
This article should be re-titled: "How to write a Screenplay for a movie that is about hacking a bank" I always find it amusing when Forbes-like magazines do write-ups on hacking/cracking et al...because they rarely shed any new light on the subject at hand. They repackage the story with a sexy title get some experts to validate it and push it our the door...two days later I get calls from my clients (banks included) asking me to validate/comment on the article... To which I reply: replace "bank" with any other (large) industry title...preferably one with lots of cash or valuable information, and the same problems hold true...this amusing article has simply wrapped a taxonomy of corporate espionage techniques, added the "Entrapment" sex-appeal (Zeta-Jones), capitalized on the issue-selling hacker phenom and basically added little value to the discussion of security concerns on corporate America/Global... If you really want to access large sums of money without getting caught look to the retail (large stores like Niemen, Home-Depot, Marshall Fields etc)It would be far easier to crack/hack a retailers internal credit systems than it would a Banks - many of these companies run internal processing facilities, similar to a banks, and/or are hard wired into their own banks network. For those of you looking more some more excellent resources on hacking/cracking to steal, allow me to point you to the following: Superman III - Excellent techniques here...simply brilliant! OfficeSpace - Although the concepts are admittedly plagiarized (from Superman III), the methodologies are quite different and certainly ground breaking. Both of these superb resources can be found at your local BlockBuster - I would recommend that you use a friends' account to rent these underground hacking resources, however, as the Feds are most certainly monitoring and tracking renters of these titles! Don't get me wrong, the article was interesting, not professionally thou gh...mainly because I kept thinking of Catherine Zeta-Jones in a body-suite snaking her way through a matrix of Lasers ;-) Regards, Matt -----Original Message----- From: William Knowles [SMTP:wk () C4I ORG] Sent: Friday, May 19, 2000 12:00 PM To: ISN () SECURITYFOCUS COM Subject: [ISN] Forbes ASAP: How to Hack a Bank http://www.forbes.com/asap/00/0403/056.htm How to Hack a Bank Electronically knocking over a financial institution isn't easy, but it's probably not as hard as you think.[1] let's get to work By David H. Freedman STEP ONE: THE SETUP First, we'll pull our core team together. We'll need at least half a dozen software whizzes to do our hacking,[2] including specialists in banking application software, wire transfer networks, IBM MVS, Unix, Sun Microsystems Solaris, or Windows NT (depending on which is controlling the bank's servers), Windows 95 and 98, and security software.[3] We'll also want at least one inside person at the bank.[4] This could be a mid- to low-level employee, a teller, assistant manager in data processing, or a wire transfer clerk. We should have someone experienced in physical security, too, as well as a talented "social engineer" capable of charm and fast talk. Next, we'll pick our target, avoiding top-tier banks because they're too well protected. We don't want small community or Internet-only banks, either, because their limited money supply makes it likely that managers would instantly notice millions of dollars flying out the electronic doors. So we target a nice midsize bank.[5] Finally, like any other business endeavor, we'll need time to get set up and some seed money-for equipment, living expenses, advances, bribes, and so on.[6] Two million dollars should do it.[7] Our goal will be to steal between $10 million and $100 million.[8] [...] *-------------------------------------------------* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *-------------------------------------------------* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN". ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Forbes ASAP: How to Hack a Bank William Knowles (May 19)
- <Possible follow-ups>
- Re: Forbes ASAP: How to Hack a Bank Matt Caston (May 21)
- Re: Forbes ASAP: How to Hack a Bank Michael Bitow (May 22)