Re: Forbes ASAP: How to Hack a Bank

[Matt Caston <mcaston () INSNET COM>]

This article should be re-titled:

"How to write a Screenplay for a movie that is about hacking a bank"

I always find it amusing when Forbes-like magazines do write-ups on
hacking/cracking et al...because they rarely shed any new light on the
subject at hand.  They repackage the story with a sexy title get some
experts to validate it and push it our the door...two days later I get
calls from my clients (banks included) asking me to validate/comment on the
article...

To which I reply:  replace "bank" with any other (large) industry
title...preferably one with lots of cash or valuable information, and the
same problems hold true...this amusing article has simply wrapped a
taxonomy of corporate espionage techniques, added the "Entrapment"
sex-appeal (Zeta-Jones), capitalized on the issue-selling hacker phenom and
basically added little value to the discussion of security concerns on
corporate America/Global...

If you really want to access large sums of money without getting caught
look to the retail (large stores like Niemen, Home-Depot, Marshall Fields
etc)It would be far easier to crack/hack a retailers internal credit
systems than it would a Banks - many of these companies run internal
processing facilities, similar to a banks, and/or are hard wired into their
own banks network.

For those of you looking more some more excellent resources on
hacking/cracking to steal, allow me to point you to the following:

Superman III - Excellent techniques here...simply brilliant!
OfficeSpace - Although the concepts are admittedly plagiarized (from
Superman III), the methodologies are quite different and certainly ground
breaking.

Both of these superb resources can be found at your local BlockBuster - I
would recommend that you use a friends' account to rent these underground
hacking resources, however,  as the Feds are most certainly monitoring and
tracking renters of these titles!

Don't get me wrong, the article was interesting, not professionally thou
gh...mainly because I kept thinking of Catherine Zeta-Jones  in a
body-suite snaking her way  through a matrix of Lasers ;-)

Regards,
Matt

-----Original Message-----
From:   William Knowles [SMTP:wk () C4I ORG]
Sent:   Friday, May 19, 2000 12:00 PM
To:     ISN () SECURITYFOCUS COM
Subject:        [ISN] Forbes ASAP: How to Hack a Bank

http://www.forbes.com/asap/00/0403/056.htm

How to Hack a Bank

Electronically knocking over a financial institution isn't easy,
but it's probably not as hard as you think.[1] let's get to work

By David H. Freedman


STEP ONE: THE SETUP

First, we'll pull our core team together. We'll need at least half a
dozen software whizzes to do our hacking,[2] including specialists in
banking application software, wire transfer networks, IBM MVS, Unix,
Sun Microsystems Solaris, or Windows NT (depending on which is
controlling the bank's servers), Windows 95 and 98, and security
software.[3] We'll also want at least one inside person at the
bank.[4] This could be a mid- to low-level employee, a teller,
assistant manager in data processing, or a wire transfer clerk. We
should have someone experienced in physical security, too, as well as
a talented "social engineer" capable of charm and fast talk.

Next, we'll pick our target, avoiding top-tier banks because they're
too well protected. We don't want small community or Internet-only
banks, either, because their limited money supply makes it likely that
managers would instantly notice millions of dollars flying out the
electronic doors. So we target a nice midsize bank.[5]

Finally, like any other business endeavor, we'll need time to get set
up and some seed money-for equipment, living expenses, advances,
bribes, and so on.[6] Two million dollars should do it.[7] Our goal
will be to steal between $10 million and $100 million.[8]

[...]


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".