May 15, 2013|
1. Step one, get access. Bhalla had one big advantage on actual thieves: His client gave him access to the bank's internal network. For real-world crooks, there are some surprisingly easy ways to get in.
It's possible, Bhalla said, to gain access in some places simply by logging on to the bank's wireless network -- an amenity more and more banks are providing as a service to customers. Once you're on the bank's Wi-Fi, the internal and external networks are frequently not segregated enough. It can be possible to fool the bank's other computers into thinking that your computer is a bank computer, a process known as "arp spoofing."
Another on-ramp: Someone posing as a janitor could insert a thumb drive into a teller's system and reboot it using a new operating system, which would enable them to access the hard drive of the teller's system. From there, user names and passwords are often readable.
Because he could simply log straight into his client's network, Bhalla and his assistants skipped the "get physical access" step and dove straight into finding the money.
2. Step two, start exploring. Bhalla used "sniffer" software, available online for free, to map out which of the bank's systems were connected to each other.
Then he "flooded" switches -- small boxes that direct data traffic -- to overwhelm the bank's internal network with data. That kind of attack turns the switch into a "hub" that broadcasts data out indiscriminately.
The machines that the tellers use quickly became Bhalla's prime target. Again, the sniffer software was deployed to look for login information and passwords in the data flood. Eventually, one hit. He was inside a teller's machine.
3. Step three, move up the ranks. Amazingly, the information being sent between the tellers' computers and the branch's main database was not encrypted. This meant passwords and bank account numbers were all out in the open.
4. Step four, cash in. Rather than steal money from depositors' accounts, Bhalla just invented a new account for himself.
"We went into the database where the accounts are and set up an account with $14 million," Bhalla explained. "We just created $14 million out of thin air."
If he wanted to, he could have walked into any bank branch, transferred the money to an offshore account, and never have had to work again.
Instead, he went to an ATM to print out a record of his ill-gotten wealth.
"The bank executives were extremely surprised," Bhalla said. "Their faces were shocked."
Тэги: May2013 Общество Полезные сведенья
May2022 Apr2022 Mar2022 Feb2022 Jan2022 Dec2021 Nov2021 Oct2021 Sep2021 Aug2021 Jul2021 Jun2021 May2021 Apr2021 Mar2021 Feb2021 Jan2021 Dec2020 Nov2020 Oct2020 Sep2020 Aug2020 Jul2020 Jun2020 May2020 Apr2020 Mar2020 Feb2020 Jan2020 Dec2019 Nov2019 Oct2019 Sep2019 Aug2019 Jul2019 Jun2019 May2019 Apr2019 Mar2019 Feb2019 Jan2019 Dec2018 Nov2018 Oct2018 Sep2018 Aug2018 Jul2018 Jun2018 May2018 Apr2018 Mar2018 Feb2018 Jan2018 Dec2017 Nov2017 Oct2017 Sep2017 Aug2017 Jul2017 Jun2017 May2017 Apr2017 Mar2017 Feb2017 Jan2017 Dec2016 Nov2016 Oct2016 Sep2016 Aug2016 Jul2016 Jun2016 May2016 Apr2016 Mar2016 Feb2016 Jan2016 Dec2015 Nov2015 Oct2015 Sep2015 Aug2015 Jul2015 Jun2015 May2015 Apr2015 Mar2015 Feb2015 Jan2015 Dec2014 Nov2014 Oct2014 Sep2014 Aug2014 Jul2014 Jun2014 May2014 Apr2014 Mar2014 Feb2014 Jan2014 Dec2013 Nov2013 Oct2013 Sep2013 Aug2013 Jul2013 Jun2013 May2013 Apr2013 Mar2013 Feb2013 Jan2013 Dec2012 Nov2012 Oct2012 Sep2012 Aug2012 Jul2012 Jun2012 May2012 Apr2012 Mar2012 Feb2012 Jan2012 Dec2011 Nov2011 Oct2011 Sep2011 Aug2011 Jul2011 Jun2011 May2011 Apr2011 Mar2011 Feb2011 Jan2011 Dec2010 Nov2010 Oct2010 Sep2010 Aug2010 Jul2010 Jun2010 May2010 Apr2010 Mar2010 Feb2010 Jan2010 Dec2009 Nov2009 Oct2009 Sep2009 Aug2009 Jul2009 Jun2009 May2009 Apr2009 Mar2009 Feb2009 Jan2009 Dec2008 Nov2008 Oct2008 Sep2008 Aug2008 Jul2008 Jun2008 May2008 Apr2008 Mar2008 Feb2008 Jan2008 Dec2007 Nov2007 Oct2007 Sep2007 Aug2007 Jul2007 Jun2007 May2007 Apr2007 Mar2007 Feb2007 Jan2007 Dec2006 Nov2006 Oct2006 Sep2006 Aug2006 Jul2006 Jun2006 May2006