Sunday, February 17, 2008
How to Hack a Bank's Server.............?
Yeah, I can 1.
Get a Voice Analyser Cost: 5000c Size: 4Gq 2. Go to the corporations Public Access Server 3. Press the + button in the Admins name or there 4. Ready the Voice Analyser 5. Call the Admin, then use the Voice analyser and record his voice 6. DO NOT SHUT THE VOICE ANALYSER! 7. Go to the place where you need to use it (a bank if im correct) 8. Go to the admin section, then select the Voice regicnition or that 9. Rewind the message you recorded and play it 10. Have fun EDIT: Heres a bank hacking guide:
ORIGINAL: The Ultimate Uplink Guide 6.1 - Bank Hacking Despite the risks involved, hacking a Bank is relatively easy. As long as you are fast, by following this guide you should have no problems. Before you start, you will need to know an Account Number at the bank you want to hack, your Uplink Bank Account number, and the IP of Uplink International Bank. 1. Connect to the bank, with InterNIC as your first bounce, and bypass the monitor and proxy with Level 5 Bypassers. 2. Break into the account you want to steal from, using the account number as the user name, and the password breaker to get the password. You should not have a trace on you because of the monitor bypass. 3. Enter the transfer screen and transfer money to your Uplink bank account 4. Delete the Statement logs from the account you stole from saying you just transferred money. 5. Connect to Uplink bank, log into your account, bypass monitor and proxy then delete the log saying you received money 6. Connect to InterNIC and delete the bounce logs. 7. Start Spending. You don't have to wait before you can spend the money you just stole. Note that once you have a password of an account, you don't need the monitor bypass to access it, the bank doesn't trace normal account entries.
By Carsten Albrecht, November 24th, 2006, 20:02
As Germany’s famous technology website heise online conveys today, two security experts named Omer Berkmann and Odelia Moshe Ostrovsky of the “School of Computer Science” in Tel Aviv have published a couple of attack scenarios against Bank Card PINs (ATM PINs) which require only only two guesses for a successful hack of the PIN of a certain account.
Abstract. We describe new attacks on the financial PIN processing API. The attacks apply to switches as well as to verification facilities. The attacks are extremely severe allowing an attacker to expose customer PINs by executing only one or two API calls per exposed PIN. One of the attacks uses only the translate function which is a required function in every switch. The other attacks abuse functions that are used to allow customers to select their PINs online. Some of the attacks can be applied on a switch even though the attacked functions require issuer’s keys which do not exist on a switch. This is particularly disturbing as it was widely believed that functions requiring issuer’s keys cannot do any harm if the respective keys are unavailable.
The problem with these attacks is the fact that this just requires access to (or an insider inside of) one of the forwarding switches between the bank terminal used and the data center of the issuing bank. As Bruce Schneier names it in his blog, this renders the complete PIN authentication process as weak/insecure as the least trusted element in this chain. He continues
Instead of just having to trust your own issuer bank that they have good security against insider fraud, you have to trust every other financial institution on the network as well. An insider at another bank can crack your ATM PIN if you withdraw money from any of the other bank’s ATMs.
The reason for this security hole in the process can be found in the distance between bank terminal and bank data center, especially if you access your bank account from out of a foreign country. This involves so-called Switches, other data centers, which decrypt and re-encrypt the submitted data packets with the help of so-called Hardware Security Modules. If an employee of these Switches is corrupt and has access to these HSMs he can easily hack the PIN, just by using some API methods of the Financial PIN Processing API.
The problem is severe in that way that you as a customer have been able to recognize a manipulated terminal easily, but these attacks do not require any hardware modifications to a bank terminal, so you can no longer recognize whether there is some bad guy waiting for a Man in the Middle attack to duplicate your bank card including your PIN. For this reason Berkmann and Ostrovsky didn’t want to disclose their findings, but due to a lack of response of the international banks they contacted they did not see any chance other than disclosing these severe security issues.