Pix: From Yahoo Money
I read this up on Yahoo and found it telling. Considering that Nigeria is gearing up for a Nation-wide adoption of cash-less banking stakeholders, especially banks should be wary about this. This was narrated by a man paid by banks to actually break into their security code. He spoke to CNN Money
By the way Nish Bhalla is the subject of the matter. You can skip to the link below to get the full story from YahooFinance or just read through below for the summary
Step one, get access. Bhalla had one big advantage on actual thieves: His client gave him access to the bank’s internal network. For real-world crooks, there are some surprisingly easy ways to get in. It’s possible, Bhalla said, to gain access in some places simply by logging on to the bank’s wireless network — an amenity more and more banks are providing as a service to customers. Once you’re on the bank’s Wi-Fi, the internal and external networks are frequently not segregated enough. It can be possible to fool the bank’s other computers into thinking that your computer is a bank computer, a process known as “arp spoofing.”
Step two, start exploring. Bhalla used “sniffer” software, available online for free, to map out which of the bank’s systems were connected to each other. Then he “flooded” switches — small boxes that direct data traffic — to overwhelm the bank’s internal network with data. That kind of attack turns the switch into a “hub” that broadcasts data out indiscriminately. The machines that the tellers use quickly became Bhalla’s prime target. Again, the sniffer software was deployed to look for login information and passwords in the data flood. Eventually, one hit. He was inside a teller’s machine.
Step three, move up the ranks. Amazingly, the information being sent between the tellers’ computers and the branch’s main database was not encrypted. This meant passwords and bank account numbers were all out in the open.
Step four, cash in. Rather than steal money from depositors’ accounts, Bhalla just invented a new account for himself. “We went into the database where the accounts are and set up an account with $14 million,” Bhalla explained. “We just created $14 million out of thin air.” If he wanted to, he could have walked into any bank branch, transferred the money to an offshore account, and never have had to work again. Instead, he went to an ATM to print out a record of his ill-gotten wealth.”The bank executives were extremely surprised,” Bhalla said. “Their faces were shocked.”
Follow the link below for the full story
