Search This Blog

Showing posts with label Bank Hacking. Show all posts

Vulnerabilities in bank chatbots allow hackers to steal money

Awillix specialists discovered vulnerabilities in bank chatbots that could allow fraudsters to transfer money without the knowledge of customers. Positive Technologies confirmed the risks. The largest banks reported that they limit the functionality of chatbots in messengers. 

It should be noted that about 10% of Russian banks use chatbots: they can be used in messengers, mobile applications, social networks, on the website and in the contact center.

Alexander Gerasimov, Director of Information Security at Awillix, said that chatbots in messengers, which are used for individual account transactions, may be vulnerable to malicious attacks.

The company's specialists checked the security of chatbots in two Russian credit organizations and found similar logical vulnerabilities. They allow obtaining the number and expiration date of cards, as well as finding out the account balance and cell phone number of the client.

"During the pentests, it was possible to log into the test client's account and perform a money transfer operation," Alexander Gerasimov said.

Maxim Kostikov, head of the banking systems security research group at Positive Technologies, confirmed that chatbots can be subject to various vulnerabilities, which depend on their functionality. For example, security problems can allow you to get customer data, get into their personal accounts in the chatbot, and find out the card balance.

According to him, the most popular scenarios of deception are changing the functionality of the chatbot to collect information about the person who uses it, sending malicious software on behalf of a credit institution, replacing the robot with a fraudster during communication, creating fake chatbots of banks. 

"If a person uses a bank chatbot, which is able to make money transfers in the messenger, two-factor authentication can be configured to log into the application to protect funds," stressed Infosystems Jet expert, adding that there is also a danger in cases when an attacker gained direct access to the victim's device physically or as a result of a malicious attack.

United States Issues Alert on North Korean Threat Actors Finding Better Ways to Rob Banks

The Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Treasury Department, the FBI, and U.S. Cyber Command issued a joint warning on August 26th, alerting that North Korean hackers have reopened their campaign of targeting banks across the globe by making fraudulent transactions and ATM cash-outs.

The threat actors have made a systematic effort to attack financial institutions worldwide. They employ bold methods that do not guarantee a 100% success rate. However, these North Korean hackers have manipulated the ways in which some of the largest financial institutions interact with the international banking system. They dupe components of the system into making their hackers seem to be legitimate users; it allows them to transfer tens of millions of dollars into their accounts.

As these hackers continually intruded into bank transaction records and log files, financial institutions were prompted to release security alerts and necessary upgrades to counter and hence limit the threat. In haste to acquire valuable user data for ransom, these hackers have tampered hundreds of thousands of machines across the globe.

Notably, the attackers derived value from their failures and have amended their modus operandi in order to be more effective in their operations and fraudulent campaigns which can be seen in the $81 dollar theft from a Bangladeshi bank carried out by them in 2016. Other instances of their most profitable operations include attacking 30 countries in one single incident of fraudulent ATM cash-outs.

The alert came up with an “overview of North Korea’s extensive, global cyber-enabled bank robbery scheme, a short profile of the group responsible for this activity, in-depth technical analysis, and detection and mitigation recommendations to counter this ongoing threat to the Financial Services sector.”

These attackers’ “international robbery scheme” poses a “severe operational risk” for individual banks beyond reputational harm and financial losses. A robbery directed at one bank may implicate multiple banks “in both the theft and the flow of illicit funds back to North Korea,” as per the alert.

They “initially targeted switch applications at individual banks with FASTCash malware but, more recently, have targeted at least two regional interbank payment processors,” the alert states, cautioning that this suggests the hackers “are exploring upstream opportunities in the payments ecosystem.” The alert further warned.

Kaspersky Lab recorded an increase in attacks by Russian hackers on banks in Africa

Kaspersky Lab recorded a wave of targeted attacks on major banks in several Tropical African countries in 2020. It is assumed that the attacks are made by the Russian-speaking hacker group Silence.

According to the company's leading anti-virus expert, Sergey Golovanov, "hundreds and sometimes thousands of attempts to attack the infrastructure of banks in Africa are blocked every day."
According to Kaspersky Lab, the hacker group Silence has already penetrated the internal network of

African financial organizations, and the attacks are "in the final stages".
During the attack, hackers could gain access to a large amount of confidential data that can be used in the future, said Golovanov.

At the end of August 2019, Group IB calculated the amount of theft from banks by the group of Russian-speaking hackers The Silence. From June 2016 to June 2019, the amount of damage amounted to about 272 million rubles ($4.2 million). Hackers infected financial institutions in more than 30 countries in Asia, Europe and the CIS.

According to Kaspersky Lab, Silence attacks financial organizations around the world with phishing emails containing malicious files, often on behalf of real employees of organizations. Viruses use administrative tools, study the internal infrastructure of banks, and then attackers steal money (including through ATMs).

The director of the Positive Technologies security expert center, Alexei Novikov believes that Silence did not increase activity at the beginning of 2020, and attacks outside of Russia and the CIS countries are uncharacteristic for them.

Recall that in October, Group-IB reported five hacker groups that threaten Russian banks: Cobalt, Silence, MoneyTaker, Lazarus and SilentCards. According to the founder of Group-IB, "it is curious that three of the five groups (Cobalt, Silence, MoneyTaker) are Russian-speaking, but over the last year Cobalt and Silence began to attack banks mainly outside Russia".

Hackers sell data of 80 thousand cards of customers of the Bank of Kazakhstan

An announcement about the sale of an archive of stolen data from 80,000 Halyk Bank credit cards appeared on the Darknet's site

It should be noted that Halyk Bank of Kazakhstan is the first Bank in the country in terms of the number of clients and accumulated assets. This is not the first time for a Bank when data has been compromised.

The fact that the archive consists only of Halyk Bank cards suggests that the cards were stolen inside the structure.

Typically, identifiers of stolen cards are obtained using MitM attacks (Man in the middle). While the victim believes that he is working directly, for example, with the website of his Bank, the traffic passes through the smart host of the attacker, which thus receives all the data sent by the user (username, password, PIN, etc.).

It is possible that the archive is not real. This may be a bait for potential carders created by the Bank, the so-called honey pot. This trap for hackers creates an alleged vulnerability in the server which can attract the attention of attackers and inspire them to attack. And the honeypot will see how they work, write down the information and pass it to the cybersecurity department.

Although, such actions are risky for the image of a financial institution, as any Bank tries to avoid such negative publicity.

It is important to note that all data leaks from the Bank is the personal fault of the owners, managers of the Bank. In Russia and in Kazakhstan, in case of data leakage, the bank at best publishes a press release stating that "the situation is under control". However, banks in the US and Europe in the same situation receive a huge fine.

Insider Threat : Employees of Russian banks are massively recruited to get data

In Russia, there are 73 services that recruit insiders in Russian banks. This information was shared by Darknet researcher Anton Staver.

"Many groups providing such services is due to the amount of work that falls on them," explained Staver. According to the researcher, services that recruit Bank employees receive up to 50 orders a day, which is enough for the existence of an entire industry.

The expert said that customers of such data are usually competitors of banks, jealous spouses of customers, as well as hackers and scammers. Scammers often asked to choose a list of victims with the big account balance. At the same time, according to Staver, recruitment is most often “carried out by specialized structures”.

The expert noted that recruiters receive from customers about 15 thousand rubles ($240) for one employee of the Bank. During the work, the recruiter receives the search criteria, after which the client receives the contacts of the necessary person in Telegram or Jabber. It takes about 5-7 days to search for an insider.

Pavel Krylov, who runs a company specializing in the investigation of cybercrime, agrees with the research data. "Fraudulent schemes using personal data are now successful and effective, so attackers are actively looking for insiders in banks," said the expert. He also noted that various criminal groups taking advantage of theft and withdrawal options use schemes with recruitment for monetization.

The cost of recruitment ranges from 7 thousand to 100 thousand rubles ($112-$1600) and depends on the complexity of the task. If the security service of the Bank works effectively, the price will be much higher. Employees are usually hired through social networks, instant messengers, personal contacts, LinkedIn.

Capital One Data Breach, Hacker gets Access to 100 Million Accounts

A massive data breach to Capital One servers compromised the personal details of an estimated 106 million bank customers and applicants across Canada and the US.

The suspected hacker, Paige Thompson, 33, has been arrested by FBI on Monday. She has shared details about the data breach on a GitHub page earlier in April, according to the criminal complaints.

Thompson broke into a Capital One server and illegally acquired access to customers' names, addresses, credit limit, contact numbers, balances, credit score, and other related data.

According to the documents, the 33-year-old, Seattle resident gained access to 80,000 bank account numbers, 1 million Canadian Social Insurance numbers, and 140,000 Social Security numbers.

Thompson who had previously worked with Amazon Web Services as a software engineer was able to access the data by exploiting a misconfigured web application firewall in company's infrastructure, as per a court filing.

Despite the magnitude of the breach, "no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised," the company told.

Expressing concern over the matter, Chairman Richard Fairbank, said, "While I am grateful that he perpetrator has been aught, I am deeply sorry for what has happened.

"I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right," he assured.

Meanwhile, the company is notifying the victims and aiding them with identity protection and free credit monitoring.

Hackers made Bank clients debtors - Large-scale data breach occurred in Russia

On June 8-9, Alfa-Bank was attacked for several hours, as a result of which the stolen funds appeared on the accounts of random customers of the credit institution.

Some clients of the Bank received amounts from 10 to 15 thousand rubles ($ 155-235). Many of them quickly spent this easy money.

However, immediately after the payment, Alfa-Bank clients were charged amounts two to three times more than the fraudsters sent. They formed an overdraft or a short-term loan.

Alfa-Bank solved the problem with hacking within a few hours, and clients of Bank are obliged to return the money that came from hackers in full amount. However, there were no official comments from Alfa-Bank.

Experts said that such a fraud can be done only with access to the Bank's system. Therefore, the security service is looking for fraud among its employees.

It is worth noting that on June 9, the Russian newspaper Kommersant reported the leakage of personal data of 900 thousand clients of Alfa-Bank, OTP Bank and Home Credit Bank in Russia. According to the published material, the names, phone numbers (mobile, home and work), address and place of works, passport data of almost 900 thousand Russians including 55 thousand customers of Alfa-Bank were publicly available on the Internet, as well as balances on the accounts of clients of Alfa-Bank limited to a range of 130-160 thousand rubles.

The company DevicеLock found the leaks. They occurred at the end of May, the data were collected a few years ago, but a significant part of the information is still relevant. Moreover, DeviceLock discovered two customer databases of Alfa-Bank: one contains data on more than 55 thousand customers from 2014-2015, the second contains 504 records from 2018-2019.

An interesting fact is that one of the databases of clients of Alfa-Bank contains data on about 500 employees of the Ministry of Internal Affairs and about 40 people from the FSB (the Federal Security Service).

The Press Service of Alfa Bank said that at the moment they are checking the accuracy and relevance of information.

Russian hacker convicted of hacking a payment system and stealing from ATMs

The court of the Saratov region found guilty a local resident who hacked and gained access to the website of the Omsk company collecting utility payments.

A 19-year-old hacker was accused under the article "unauthorized access to computer information." Employees of the Federal Security Service of Russia in the Omsk region found and detained him.

Omsk investigators found that in the autumn of 2017 the defendant hacked into the payment system using special software from his home computer. The system was intended to make online payment of utilities.

As a result, the hacker was able to gain access to user personal accounts. After copying all the information, he contacted representatives of the Service and offered for a fee to provide information about the way to fix the vulnerability in the security system.

The court found him guilty and sentenced him to twelve months for unauthorized access to computer information.

At the same time in Krasnoyarsk, it turned out that the hacker group hacked the management system of ATMs using special devices.

According to Irina Volk, the official representative of the Ministry of Internal Affairs of Russia, a criminal group of three men aged 24 to 57 years committed 27 crimes from October 2017 to February 2018. However, at the time of the arrest, the defendants were involved in 8 similar crimes, the total amount of damage was 15 million rubles. So, the number of crimes and damage has doubled for today.

Hackers worked at night, used software to disable the security system then opened payment terminals.

Criminals were detained by the police when committing another theft. During searches, police seized the computer equipment, tools and two expensive cars bought on the stolen money.

Hackers are waiting in custody the verdict of the court. They are charged under six articles.

25 million rubles disappeared from the IT Bank, again hacker group Silence?

On February 12, it became known that on February 7 a hacker attack was committed on the IT Bank of the Russian city Omsk. Hackers stole 25 million rubles. Experts suggest that this may be the group Silence.

Recall that Silence is a group of Russian-speaking hackers, the first activity was recorded in 2016. Hackers specialize in targeted attacks on Banks, sending phishing emails with malicious attachments.

The experts were not surprised that the Bank could not withstand the attack, as The Bank's management allocated too little money for security. According to the Bank's reports on the official website of the Central Bank, the annual spending on communication services, telecommunications and information systems for three years amounted to about 2 million rubles.

According to Alexey Novikov, the Director of the expert center for security at Positive Technologies, hacking is small and for an insufficiently protected organization can be an intermediate step before an attack on another, larger company.

The Central Bank commented that they were working on the problem of information security in credit and financial institutions.
The management of IT Bank refused to comment but assured that the customers did not suffer.

Two financial institutions investigating hacks, customer data may have been leaked

Bank of Montreal (BMO) and CIBC-owned Simplii Financial on Monday revealed that data of thousands of customers may have been breached in recent hacks on Canada’s two of the largest financial institutions.

The banks warned that “fraudsters” may have accessed some customer accounts.

Simplii Financial, which is CIBC’s direct banking brand, revealed that data from 40,000 client accounts may have been electronically accessed by fraudsters. BMO similarly said that it received a tip on Sunday that claimed the confidential information of “a limited number of customers” had been accessed.

Simplii said that it has “implemented additional online security measures”, which include online fraud monitoring and online banking security measures.

“We’re taking this claim seriously and have taken action to further enhance our monitoring and security procedures,” said Michael Martin, senior vice president of Simplii Financial, in a statement. “We feel that it is important to inform clients so that they can also take additional steps to safeguard their information.”

BMO said the hack appeared to have originated outside Canada. The tipsters, in BMO’s case, were reportedly the hackers themselves.

"We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off," BMO said. "We have notified and are working with relevant authorities as we continue to assess the situation. We are proactively contacting those customers that may have been impacted and we will support and stand by them."

"If a client is a victim of fraud because of this issue, we will return 100 per cent of the money lost from the affected bank account," a press release by Simplii said, adding that there is no indication that clients who bank through CIBC have been affected.

The bank also told customers to send any suspicious correspondence to

Dutch Tax Authority and Banks Face DDoS Attacks

The national tax office in the Netherlands and several of the country’s largest banks were hit by a distributed denial-of-service (DDoS) attack on Monday.

The tax office said that its website had gone down for 5-10 minutes after the attack.

ABM Amro, ING, and Rabobank are some of the major banks affected by the DDoS attack which disrupted online and mobile banking services over the weekend.

The attacks led to banks’ services being down for hours at a time.

"We are now working on an alternative access route to the site, it is not yet possible to say how long this will take," Rabobank said.

"Since the big DDoS attack on ING in 2013, everything seemed to be in order. There is now clearly something we need to respond to, and we are discussing this with the banks," a spokesperson from the Dutch central bank, DNB, had to say.

Spokesperson for the Tax Authority, André Karels said that no data had been leaked and that the attack is under investigation by the National Cybersecurity Services.

DDoS attacks work to bring down websites by sending a lot of traffic to one server at the same time. While such attacks itself cannot cause a breach in networks or data to be leaked, they are often used as distractions by hackers trying to penetrate a network.

DDOS, APT attacks on Corporate and Banks

With spate of Distributed denial of service attacks and APT attacks on Banks and corporates, Anti DDOS mitigation vendors and ISP are joining together to fight the menace of DDOS attacks.

A few vendors work with ISP to mitigate the threat, working on putting up monitoring agents on every ISP(hardware box) which is connected to mitigation cloud.
A Bank official told on conditions of anonymity "ISP quickly responds to DDOS attack and mitigates for the customer. But comes to them with a Fat Proposal. Customers need to pay a standard amount ever year to get a protection.  In addition to this amount, they have to pay extra money every time they get hit.  The billing can run into lakhs for banks/corporate who take DDOS mitigation."
Another bank official confided that they have asked for a standard quote per year(ISPs are yet to respond).

Smaller vendors cannot tackle DDOS attacks. It has to be anti ddos companies with ISP which can handle this.

Some corporate and Banks are going in for a solution - They place their main websites and Mobile portal behind a Cloud Based WAF/Anti DDOS mitigation service. At the corporate end, they have a firewall and IPS making sure that no direct connection from the Internet is possible to their ISP Pipe. Does this solve the problem is yet to be seen.

"Advanced Persistent threat are followed by DDOS attacks, this is done to to erase any tracks of compromise on firewall, router, Intrusion Prevention Systems" says J Prasanna, Director, Cyber Security & Privacy Foundation Pte Ltd, a singapore based Cyber security certification organization.

The corporate/Banks are seeing only the DDOS and putting DDOS mitigation in place. It has to be checked to see if there is any compromise on data, criminal compromise from banks/corporate. The criminals could have gained access to the data or network and remain stealth for a long time", says Mr. Sreeram, Director, AVS Labs Pte Ltd, Singapore(organization which does consulting and services on cyber security).

The main problem for organizations is there are many vulnerabilities on systems which are undetected for a long period of time. The vulnerabilities could remain on the application software code written by software programmers or it could be in operating system, networks and other critical system level application. The black hat hackers(APT attackers) could exploits these vulnerabilities generally called 0-day vulnerability which could be used to enter into the systems.

Most of these organization need a "0-Day Vulnerability Assessment & Penetration Testing" and "APT Analysis" to find any Security breach". Normally not every one can do this because you need the best talents on board like "bounty hunters" who do vulnerability finding for fortune 500 companies. But that is no it - " Most bug bounty hunters cant find beyond web vulnerabilities", These auditors/assessors need the 0 day exploits and also knowledge of how APT attacks work. Most organization which perform regular Vulnerability Assessment and Penetration testing and even who do ISO 270001 certification implementation don't have capability to handle Zero-day or APT assessments.

Is a corporate with ISO 270001 standard implementation safe? A quite survey taken for 25 organizations show that almost all had standards implemented and they all experienced data theft. Some of corporate CISOs don't want to accept APT attacks, most of this information of compromise never reaches the management.

All the attacks happened at technical level, because of poor technical controls or products like antivirus/firewall/intrusion prevention not doing what they said they will do.

Do we still trust the ISO270001 implemented in corporate or the products they are using inside to save our data!

Distributed Denial of Service(DDOS) attacks

A well-known Indian security news portal was targeted on May 21st morning by a DDOS attack. 2 hours before the attack the company tweeted "NSA planned to hijack Google App Store and plant malware on all Android Apps" and provided a news link. Whether the DDoS attack and this tweet are connected is an interesting speculation.

But the larger and more critical question is the vulnerability of digital assets. One would naturally assume that they had a robust defensive strategy in place. But, the DDoS attack which has brought down the portal suggests otherwise.

There has been series of hack and DDOS attacks on major corporate, Telecommunication and net banking portals.

“Today the digital assets of a knowledge or service based company has more value than its tangible physical assets. It’s imperative that they think beyond ready made security tools from the market and move towards employing security professionals who can provide customized security audit. “ says J.Prasanna of Cyber Security and Privacy Foundation.

"Even going to the police will be of not much help since these attacks are sophisticated and originate from different geographies. Very few have the forensics capability to make a credible case in a court." says SreeRam, the Police KravMaga instructor who is also part of a singapore based security company.

Both agree that … “with India's increasing clout in world trade and balance of power tilting gradually towards Asia, asymmetric warfare tactics like cyber terrorism will be relied more frequently to dent the credibility of the nation. As on date, India does not seem to have the aggressive posture as a deterrent.”

Hackers steal $450K from City of Gold Bar Bank Accounts

security breach

Over the past year, Hackers have managed to break into bank accounts belong to the City of Gold Bar and stole $450,000.

According to HeraldNet's report, the city has recovered about $230,000 of the $450,000 taken. They’re currently working with the Bank to recover the rest of it.

The security breach came to light on November 2011 when someone tried unsuccessfully to pass fake checks from city accounts.They immediately contacted law enforcement and the state Auditor's Office.

At the time, they closed out that bank account and opened others, but hackers managed to gain access to the new account as well.

"It was a very knowledgeable group of people," Mayor Joe Beavers said. "They really whacked up on us hard."

Nigeria Bank Finbank Site Hacked and defaced By Hitcher

Nigeria Bank Finbank Site Hacked and defaced By Hitcher. He just upload a newhitcher.html file to the Website.

About FinBank:
Offers a wide range of banking products and financial services to corporate and retail customers through a variety of delivery channels, specialized subsidiaries and affiliates in the areas of Investment Banking, Retail Banking and Private Banking. We provide services covering financial institutions, sovereign and multinational organizations by originating, selling, structuring debt instruments, foreign exchange and money market products

Hacked Site:

Mirror of Defacement:

Hackers steal credit data: Hackers break into two computer stations of Vacationland Vendors

Hackers breached two computer stations owned by Vacationland Vendors of Wisconsin Dells, placing about 40,000 credit or debit card users at risk of theft.

The computers were at the Wilderness Resorts in Lake Delton and Sevierville, Tenn, where Vacationland Vendors operates the arcades. The company owns and operates 11 arcades and has been in operation 30 years. Vacationland Vendors is one of the Gussel family's businesses, which also include Holiday Wholesale as well as convenience stores and Dunkin Donut franchises.

A notice on the Vacationland Vendors web site says, "Based upon its investigation to date, Vacationland Vendors reasonably believes that a computer hacker improperly acquired credit card and debit information. This incident did not involve an internal security issue within the Wilderness Resort. Vacationland Vendors has learned that other businesses just like its own have been affected by this computer hacker."

Evan N. Zeppos, of the public relations firm, Zeppos & Associates, which is handling publicity about the breach, said the company was alerted to the breach by calls from one or two customers. The breach occurred on March 22.

No other computer systems in the Vacationland Vendors system with credit card information have been breached by hackers, Zeppos said.

Zeppos said when Vacationland learned of the breach, it called in forensic experts to look at the rdata in the system.

"Once we became aware of the breach, we immediately shut down the credit card system and took it offline April 1," Zeppos said.

Since then, the company has upgraded its security on the computer system. "We . . . believe we now have the highest level of security."

Although 40,000 credit or debit card users data was stored, Zeppos said it is believed that fewer than 20 individuals were impacted.

He suggested that anyone who used who used credit or debit cards at one of the affected arcades from Dec. 12, 2008 to May 25, 2011 should check their credit card statements for any unusual activity. Paying close attention to credit and debit card statements is a good thing to do. Saying he does not want to make excuses for the company, he encouraged customers to be diligent and vigilant for illegal use of their cards.

Heidi Fendos, public relations director for Sprecher Bertalot of Milwaukee, which handles public relations for the Wilderness resorts, said customers who used credit or debit cards at the resorts are being asked to carefully check their credit card statements.

"When they made our resort aware of the breach to one of their credit card stations in our Wild West Mega Arcade, we had them immediately cease all credit card activity in their leased area," Fendos said.

"Our resort wants to make it clear that the Wilderness Resort's credit card system was never compromised at any time during this situation with Vacationland Vendors' credit card station," Fendos said.

Vacationland Vendors continues to lease and operate the arcades at Wilderness, but the area is cash-only now. Credit cards are no longer accepted.

Zeppos said Vacationland is trying for broad dissemination of the information about the threat and has information on its web site, about what to do. The site says to do the following:

■ Watch for any unusual activity on your bank statements, credit card account or suspicious items on your bills.

■ Contact any of your credit card issuers, banks or credit unions, and inform them of this incident.

■ Place a fraud alert on your consumer credit file. A fraud alert instructs creditor to watch for unusual or suspicious activity in your accounts, and provides creditors with notice to contact you separately before approving an extension of credit. To place a fraud alert, free of charge, contact one of the three national credit reporting agencies listed below. You do not need to contact all three; rather, the agency that you contact will forward the fraud alert to the other two agencies on your behalf.

The national credit reporting agencies are Equifax Information Services LLC, P.O. Box 105069, Atlanta, GA 30348-5069, 1-800-525-6285,; Experian, 1-888-397-3742,; and TransUnion, Fraud Victim Assistance Dept, P.O. Box 6790, Fullerton, CA 92834, 1-800-680-7289,,

Information about personal identity theft and fraud may be obtained from the Federal Trade Commission at or by calling 1-877-ID-THEFT

Zeppos said if individuals have additional questions they can send an e-mail to


Computer hackers targeting Richmond households in sophisticated new scam

A new breed of sophisticated hackers have been targeting households in the borough, trading standards officials have warned.

The conmen’s cyber attacks mark a disturbing development in internet crime because they gained access to a victim’s computer while talking to her on the phone.

The fraudsters, who posed as Microsoft engineers, managed to persuade a 63-year-old woman, from Hampton, to come within a few clicks of giving them her bank account details.

The victim, who asked not to be named, said she knew more than three other people who had been targeted.

She said: “It is a very good scam. I had error messages coming up on my screen three times before and then I had a call from Microsoft care support. I thought about it but then I just felt ‘would a hacker really phone me?’.

“The man said he needed to check my software, so I let him have access to the computer. I was a bit worried but the Microsoft logo came up and it looked authentic.”

The hacker told the woman her software had expired and she needed to pay £99 to renew it for one year and £149 for two.

She said: “I said I needed to think about it, and asked for his phone number, but he got angry and refused to give it to me. He told me I would be blacklisted and then my screen started to go wrong and froze.

“I was really worried by then so I didn’t give him anything and I shut my computer down. I knew there were bank account details on there because I had downloaded a statement.

“I’ve had to reset all my passwords for online banking now. I’m going to have to watch everything for a long time now. I’ll have to be very wary.”

Trading Standards has warned householders in Richmond to be vigilant and not give out bank details or allow anyone to access their computer unless they are sure the person is genuine.

Councillor Virginia Morris, who has responsibility for consumer protection at Richmond Council, said: “Once they’re in, it’s easy to search through files and emails for bank details and tricksters like these will have no compunction in bleeding you dry.”

Anyone concerned about computer hacking should call Consumer Direct on 08454 040506.


SQL Injection Vulnerability in HDFC Bank site,discovered by zSecure Team

zSecurte Team discovered Critical SQL injection Vulnerability in HDFC Bank website. Last month, they discovered the SQL Injection Vulnerability in Idea Cellular Website.

zsecure team and HDFC Bank:
The aforesaid vulnerability was discovered on 15-July-2011 and was reported on 17-July-2011 (reminder sent on 24-July-2011). After 22 days(On 8,August,2011) the HDFC Bank responded to zSecure Team mail with the following Message:
Thank you for sending us this information on the critical vulnerability. We have remediated the same.

After zSecure Team received this email, they checked whether the vulnerability is still there or not. Unfortunately, the vulnerability was still active in web portal. At once, zSecure Team contacted HDFC Bank with the proof of vulnerability.

This time HDFC responds faster(after 2 days) with following message:
We have remediated all the vulnerability reported on our website. Also we have got the application vulnerability assessment performed through one of our third party service provider and they confirmed that there are no more SQL Injection vulnerability.

zSecure Team surprised about the response of HDFC Bank. They are not able to find the vulnerability after informed with proof by zSecure Team.

Thereafter, zSecure sent complete inputs about the vulnerability to their security team and finally the vulnerable file was removed from HDFC’s web-server.

Vulnerability Information:

  • Website:
  • Vulnerability Type: Hidden SQL Injection Vulnerability
  • Database Type: MSSQL with Error
  • Vulnerability Discovered: 15-July-2011
  • Alert Level: Critical
  • Threats: Complete Database Access, Database Dump, Shell Uploading
  • STATUS: Fixed

About HDFC Bank:
The Housing Development Finance Corporation Limited (HDFC) was amongst the first to receive an ‘in principle’ approval from the Reserve Bank of India (RBI) to set up a bank in the private sector, as part of the RBI’s liberalization of the Indian Banking Industry in 1994. The bank was incorporated in August 1994 in the name of ‘HDFC Bank Limited’, with its registered office in Mumbai, India. HDFC Bank commenced operations as a Scheduled Commercial Bank in January 1995.

HDFC Bank deals with three key business segments. – Wholesale Banking Services, Retail Banking Services, Treasury. It has entered the banking consortia of over 50 corporates for providing working capital finance, trade services, corporate finance and merchant banking. It is also providing sophisticated product structures in areas of foreign exchange and derivatives, money markets and debt trading and equity research.

Proof of Vulnerability:


Zsecure Team ended the post with the following Message:
Finally we would like to say that, since even after conducting the vulnerability assessment from a third party they were not able to discover this critical flaw that existed in their web portal since a long time then how can they assure themselves that there’s no more additional vulnerability exists in their web-portal. HDFC Bank’s Security team needs to think on this!

HDFC Bank must hire Best Pen Testers. Banking sectors must concerned about the Security.

Cyber crime gang Hacked ATM and steals $13 million in a day

A coordinated cyber criminal network pulled off one of the largest and most complex banking heists ever, withdrawing $13 million in one day from ATMs in six countries.

The massive breach hit Fidelity National Information Services Inc. (FIS), a Jacksonville, Fla.-based firm that processes prepaid debit cards. FIS disclosed the breach on May 5, but security researcher Brian Krebs dug deeper and found out the true scope of the devastating crime, which he reported in his KrebsonSecurity blog.

According to Krebs’ sources, the attackers first broke into FIS’ network and gained unauthorized access to the company’s database, where each debit card customer’s balances are stored.

FIS’ prepaid debit cards include a fraud protection policy that limits the amount cardholders can withdraw from an ATM with a 24-hour period. Furthermore, once the balance on the cards is reached, the cards cannot be used until their owners put more money back onto the cards.

Here’s where the criminals got crafty: they obtained 22 legitimate cards, eliminated each card’s withdrawal limit, and cloned them, sending copies to conspirators in Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom. When the prepaid limit on each card got too low, the hackers simply reloaded the fraudulent cards remotely.

At the close of the business day on Saturday, March 5, the criminals began taking out money from ATMs. By Sunday evening, the scam was over, and the attackers had stolen $13 million.

Krebs said it is not clear who is behind the attack on FIS, although the characteristics of the scheme put it in line with similar crimes perpetrated by cyber criminals in Estonia and Russia.