Re: SWIFT: A Security Researcher Gets Offered The Big Score

["Dennis Henderson" <hendomatic () gmail com>]

On 2/10/07, Fergie <fergdawg () netzero net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Via InformationWeek.
>
> [snip]
>
> The stakes can get pretty high in the hacker economy.
>
> A few years ago, a security researcher living overseas was contacted by a
> man with an intriguing offer: The researcher would get 2.2 million euros
> (more than $2.8 million) for each financial services firm he helped the
> man
> and his group of cybercriminals infiltrate. All the researcher had to do
> was provide the group with Windows Terminal Services access with
> administrative privileges for each bank, which the thieves would then
> penetrate via the Swift network. Swift, the Society for Worldwide
> Interbank
> Financial Telecommunication, manages a network owned by about 8,000 banks
> in 206 countries and territories to facilitate electronic transfers.
>
> The thieves seemed to have deep knowledge of the Swift system and how it
> could be manipulated. After pilfering funds from a number of banks, the
> thieves planned to create a shell game that would transfer the money from
> one financial institution to another until they could shake the trail of
> anyone investigating the theft and access the money. Cracking into the
> Swift systems was made easier, the researcher claims, by the presence of a
> critical Microsoft bug that at the time left vulnerable Internet
> Information Services servers running Secure Sockets Layer transactions.



Unless this "researcher" was a swift employee, I'm not sure how this would
have worked.

Access to swift just doesnt work that way, at least at my bank...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.