Information Security In Banking: The Illusion Of Safety presented at SyScan 2004

by Anthony Zboralski,

Tags: Security Wireless Testing

Summary : This presentation will focus on ways to defeat a bank's security by ways of deception,
taking advantage of specific subtleties in human behavior and the bank's network of trust.
This session will include three real-life case studies:Penetration testing major Asian banks; the speaker will show why most security mechanisms
can give a false of safety and demonstrate how an attacker can ensure "rapid ownership" of
the most "up to date", "patched" and "secure" systems without using a single 0 day exploits.Auditing the security of core banking systems. The speaker will give real examples of
insider hacking and fraud (erasure of loan files, manipulation of interest rate and foreign
exchange data, vendor tempering with production environment, ATM backdoors, bypassing
AS/400 security, etc.Finally, the speaker will present the results of his Jakarta/RI Wireless Security Survey 2003
and 2004 including disturbing screenshots of ATM transactions and multi-million dollar wire
transfers which broadcasted in clear text over wireless networks without the bank's knowledge.