Your SlideShare is downloading. ×
0
THE
21 ST CENTURY
     BANK JOB
           @GEOVEDI
EVER THOUGHT ABOUT
   ROBBING A BANK?
JOHN DILLINGER   KUSNI KASDUT



OLD SCHOOL
HACKING A BANK
        IS EASY


     ..OR MAYBE NOT!!
CASE STUDIES
MODERN BANK JOBS
CREDIT CARD FRAUD
ATM SKIMMING
SOCIAL ENGINEERING
WHY TARGETING THE USERS?


         &
IT’S EASIER   THEY ARE CLUELESS
                [MOST OF THE TIME]
HOW ABOUT HACKING?
Swordfish (2001)
INSIDE
THE BANK’S
 IT SYSTEM
TRADE FINANCE                     TREASURY
DATA WAREHOUSING

    REMITTANCE            ANTI MONEY LAUNDRING
              ...
EMPLOYEES


                              MANAGEMENT



VENDORS

           NETWORK OF TRUST




  GOVERNMENT
            ...
STORYTELLING SESSION
  HOW WE COMPROMISED BANKS
       ON SOME PENTEST ENGAGEMENT
COMMON PROBLEMS



PEOPLE PROBLEMS       SYSTEM PROBLEMS
   WEAK PASSWORDS          OUTDATED SYSTEMS
  LACK OF AWARENESS  ...
MANAGEMENT PROBLEMS
MERCHANTS
ATM COMPROMISE
WTFKTHXBYE
WHO’S RESPONSIBLE?
SECURITY RESPONSIBILITY
 BANK                SIBLE
                             BANK            SIBLE
            RE   SPO...
BANKS’ EFFORTS TO INCREASE THE SECURITY LEVEL
ENCRYPTION
TWO-FACTOR AUTHENTICATIONS
TWO-FACTOR AUTHENTICATIONS
REGULATION COMPLIANCE
REGULAR SECURITY ASSESSMENT
WHAT’S NEXT?
WHAT’S NEXT?
THANKS!
CREDITS:
 Photos:
 •   [Page 01] http://www.flickr.com/photos/reddogfever/4580710899/
 •   [Page 02] http://www.flickr.com...
@GEOVEDI



          CHECKOUT:
http://slideshare.net/geovedi
The 21st Century Bank Job
The 21st Century Bank Job
Upcoming SlideShare
Loading in...5
×

The 21st Century Bank Job

3,975

Published on

presented at IDSecConf2010 (Indonesia Security Conference 2010).

1 Comment
7 Likes
Statistics
Notes
No Downloads
Views
Total Views
3,975
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
214
Comments
1
Likes
7
Embeds 0
No embeds

No notes for slide

Transcript of "The 21st Century Bank Job"

  1. 1. THE 21 ST CENTURY BANK JOB @GEOVEDI
  2. 2. EVER THOUGHT ABOUT ROBBING A BANK?
  3. 3. JOHN DILLINGER KUSNI KASDUT OLD SCHOOL
  4. 4. HACKING A BANK IS EASY ..OR MAYBE NOT!!
  5. 5. CASE STUDIES MODERN BANK JOBS
  6. 6. CREDIT CARD FRAUD
  7. 7. ATM SKIMMING
  8. 8. SOCIAL ENGINEERING
  9. 9. WHY TARGETING THE USERS? & IT’S EASIER THEY ARE CLUELESS [MOST OF THE TIME]
  10. 10. HOW ABOUT HACKING?
  11. 11. Swordfish (2001)
  12. 12. INSIDE THE BANK’S IT SYSTEM
  13. 13. TRADE FINANCE TREASURY DATA WAREHOUSING REMITTANCE ANTI MONEY LAUNDRING CRM CORE ATM SWITCH COLLECTION SYSTEM INTERNET BANKING MOBILE BANKING ISLAMIC BANKING CARD MANAGEMENT
  14. 14. EMPLOYEES MANAGEMENT VENDORS NETWORK OF TRUST GOVERNMENT CUSTOMERS
  15. 15. STORYTELLING SESSION HOW WE COMPROMISED BANKS ON SOME PENTEST ENGAGEMENT
  16. 16. COMMON PROBLEMS PEOPLE PROBLEMS SYSTEM PROBLEMS WEAK PASSWORDS OUTDATED SYSTEMS LACK OF AWARENESS INSECURE CONFIGURATIONS LACK OF SKILLS INSECURE PROTOCOLS
  17. 17. MANAGEMENT PROBLEMS
  18. 18. MERCHANTS
  19. 19. ATM COMPROMISE
  20. 20. WTFKTHXBYE
  21. 21. WHO’S RESPONSIBLE?
  22. 22. SECURITY RESPONSIBILITY BANK SIBLE BANK SIBLE RE SPON RESPON SIBLE RESPON CUSTOMER CUSTOMER According to Customer According to Bank
  23. 23. BANKS’ EFFORTS TO INCREASE THE SECURITY LEVEL
  24. 24. ENCRYPTION
  25. 25. TWO-FACTOR AUTHENTICATIONS
  26. 26. TWO-FACTOR AUTHENTICATIONS
  27. 27. REGULATION COMPLIANCE
  28. 28. REGULAR SECURITY ASSESSMENT
  29. 29. WHAT’S NEXT?
  30. 30. WHAT’S NEXT?
  31. 31. THANKS!
  32. 32. CREDITS: Photos: • [Page 01] http://www.flickr.com/photos/reddogfever/4580710899/ • [Page 02] http://www.flickr.com/photos/lanuiop/226760877/ • [Page 04] http://www.flickr.com/photos/deepblue66/132439533/ • [Page 05] http://www.flickr.com/photos/marcelnicolai/4600107436/ • [Page 09] http://www.flickr.com/photos/paulwatson/411792788/ • [Page 10] http://www.flickr.com/photos/jliba/3696592874/ • [Page 11] Swordfish Hack — http://www.youtube.com/watch?v=zfy5dFhw3ik • [Page 12] http://www.flickr.com/photos/skreuzer/354316778/ • [Page 13] http://www.flickr.com/photos/tim_d/184018928/ • [Page 14] http://www.flickr.com/photos/eskimoblood/2111672366/ • [Page 15] http://www.flickr.com/photos/beneathourfeet/2502755729/ • [Page 16] http://www.flickr.com/photos/formalfallacy/2057169454/ • [Page 16] http://www.flickr.com/photos/dolor_ipsum/3262262008/ • [Page 17] http://www.flickr.com/photos/24443965@N08/3460357646/ • [Page 23] http://www.flickr.com/photos/kk/4191131924/ • [Page 25] http://www.flickr.com/photos/ari/2347593532/ • [Page 27] http://www.infosurhoy.com/cocoon/saii/images/2010/03/01/photo4.jpg • [Page 28] http://en.wikipedia.org/wiki/File:CryptoCard_two_factor.jpg • [Page 29] http://blogs.ft.com/gapperblog/files/2008/03/bank-regulation.jpg • [Page 30] http://www.flickr.com/photos/dfarrell07/5013882149/ • [Page 31] http://www.flickr.com/photos/joshmt/2526552173/
  33. 33. @GEOVEDI CHECKOUT: http://slideshare.net/geovedi
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×