Information Security News mailing list archives

Re: Forbes ASAP: How to Hack a Bank

From: Michael Bitow <mbitow () HARBORBANK NET>
Date: Mon, 22 May 2000 12:38:35 -0700

  It's too bad there are people out there that will read this article and
believe it.  The author seems to take a lot of thing for granted, as if it's
really not that hard to custom craft virus like programs to intercept all
data transferred around a network, interpret the data, then react to data.
I'm not much of a programmer, but that doesn't seem like a few lines of perl
and or a stock lib to me.

 In defense of the author, I also thought Sneakers was a pretty neat movie.
I can understand why he'd want to pay homage to it.

 Too bad the author didn't have an e-mail address or means of contact.  I
would like to ask him who or what his sources were.  I would also like to
know if he really believes what he wrote, or was just placating an editor
and churning something out to meet a deadline.


Michael Bitow
Network Administrator
Harbor Bank
(253)853-3500


-----Original Message-----
From:   William Knowles [SMTP:wk () C4I ORG]
Sent:   Friday, May 19, 2000 12:00 PM
To:     ISN () SECURITYFOCUS COM
Subject:        [ISN] Forbes ASAP: How to Hack a Bank

http://www.forbes.com/asap/00/0403/056.htm

How to Hack a Bank

Electronically knocking over a financial institution isn't easy,
but it's probably not as hard as you think.[1] let's get to work

By David H. Freedman


STEP ONE: THE SETUP

First, we'll pull our core team together. We'll need at least half a
dozen software whizzes to do our hacking,[2] including specialists in
banking application software, wire transfer networks, IBM MVS, Unix,
Sun Microsystems Solaris, or Windows NT (depending on which is
controlling the bank's servers), Windows 95 and 98, and security
software.[3] We'll also want at least one inside person at the
bank.[4] This could be a mid- to low-level employee, a teller,
assistant manager in data processing, or a wire transfer clerk. We
should have someone experienced in physical security, too, as well as
a talented "social engineer" capable of charm and fast talk.

Next, we'll pick our target, avoiding top-tier banks because they're
too well protected. We don't want small community or Internet-only
banks, either, because their limited money supply makes it likely that
managers would instantly notice millions of dollars flying out the
electronic doors. So we target a nice midsize bank.[5]

Finally, like any other business endeavor, we'll need time to get set
up and some seed money-for equipment, living expenses, advances,
bribes, and so on.[6] Two million dollars should do it.[7] Our goal
will be to steal between $10 million and $100 million.[8]

[...]


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".

Current thread:

Forbes ASAP: How to Hack a Bank William Knowles (May 19)
- <Possible follow-ups>
- Re: Forbes ASAP: How to Hack a Bank Matt Caston (May 21)
- Re: Forbes ASAP: How to Hack a Bank Michael Bitow (May 22)