Information Security News mailing list archives
Re: Forbes ASAP: How to Hack a Bank
From: Michael Bitow <mbitow () HARBORBANK NET>
Date: Mon, 22 May 2000 12:38:35 -0700
It's too bad there are people out there that will read this article and believe it. The author seems to take a lot of thing for granted, as if it's really not that hard to custom craft virus like programs to intercept all data transferred around a network, interpret the data, then react to data. I'm not much of a programmer, but that doesn't seem like a few lines of perl and or a stock lib to me. In defense of the author, I also thought Sneakers was a pretty neat movie. I can understand why he'd want to pay homage to it. Too bad the author didn't have an e-mail address or means of contact. I would like to ask him who or what his sources were. I would also like to know if he really believes what he wrote, or was just placating an editor and churning something out to meet a deadline. Michael Bitow Network Administrator Harbor Bank (253)853-3500 -----Original Message----- From: William Knowles [SMTP:wk () C4I ORG] Sent: Friday, May 19, 2000 12:00 PM To: ISN () SECURITYFOCUS COM Subject: [ISN] Forbes ASAP: How to Hack a Bank http://www.forbes.com/asap/00/0403/056.htm How to Hack a Bank Electronically knocking over a financial institution isn't easy, but it's probably not as hard as you think.[1] let's get to work By David H. Freedman STEP ONE: THE SETUP First, we'll pull our core team together. We'll need at least half a dozen software whizzes to do our hacking,[2] including specialists in banking application software, wire transfer networks, IBM MVS, Unix, Sun Microsystems Solaris, or Windows NT (depending on which is controlling the bank's servers), Windows 95 and 98, and security software.[3] We'll also want at least one inside person at the bank.[4] This could be a mid- to low-level employee, a teller, assistant manager in data processing, or a wire transfer clerk. We should have someone experienced in physical security, too, as well as a talented "social engineer" capable of charm and fast talk. Next, we'll pick our target, avoiding top-tier banks because they're too well protected. We don't want small community or Internet-only banks, either, because their limited money supply makes it likely that managers would instantly notice millions of dollars flying out the electronic doors. So we target a nice midsize bank.[5] Finally, like any other business endeavor, we'll need time to get set up and some seed money-for equipment, living expenses, advances, bribes, and so on.[6] Two million dollars should do it.[7] Our goal will be to steal between $10 million and $100 million.[8] [...] *-------------------------------------------------* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *-------------------------------------------------* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN". ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN". ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Forbes ASAP: How to Hack a Bank William Knowles (May 19)
- <Possible follow-ups>
- Re: Forbes ASAP: How to Hack a Bank Matt Caston (May 21)
- Re: Forbes ASAP: How to Hack a Bank Michael Bitow (May 22)