Internet Banking And The Threat From Within

By | March 23, 2005

Saw a chilling presentation today from Fabrice A Marie of FMA-RMS at the Bellua Cyber Security Asia 2005 conference in Jakarta. Fabrice talked about Hacking Intenet Banking Applications, something he does for a living on behalf of banks around the region. Bottom line: They’re easy to hack.

Of 15 banks’ application assessments he worked on in the past 18 months he found 258 vulnerabilities, 429 beta quality scripts, 339 unnecessary files, averaging 17 vulnerabilities per application.

He didn’t go into detail about what kind of vulnerabilities he found, but his presentation explored a dozen different ways of getting past banks’ security measures, including spying on competitors’ transcation histories, stealing money using fund transfer functionality, purchasing insurance for free and buying discounted shares. All you need is an account.

His parting words were: “Nobody will be using Internet banking anymore. If you do just make sure you don’t have much money online.” He told me later he was just joking, and that banks, particularly in Singapore, are safe. But nobody laughed.

He didn’t mention phishing, but a thought struck me: How many phishing attacks are not to clear out an account but to gain access to a bank as part of a broader, longer term attack?

2 thoughts on “Internet Banking And The Threat From Within

  1. Pingback: Bleeding Edge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.