The 21st Century Bank Job

Preview:

Click to see full reader

DESCRIPTION

presented at IDSecConf2010 (Indonesia Security Conference 2010).

Citation preview

THE21ST CENTURY

BANK JOB@GEOVEDI

EVER THOUGHT ABOUTROBBING A BANK?

JOHN DILLINGER KUSNI KASDUT

OLD SCHOOL

HACKING A BANKIS EASY

..OR MAYBE NOT!!

MODERN BANK JOBSCASE STUDIES

CREDIT CARD FRAUD

ATM SKIMMING

SOCIAL ENGINEERING

&IT’S EASIER THEY ARE CLUELESS

WHY TARGETING THE USERS?

[MOST OF THE TIME]

HOW ABOUT HACKING?

Swordfish (2001)

INSIDE THE BANK’SIT SYSTEM

CORE

TRADE FINANCE TREASURY

DATA WAREHOUSING

ANTI MONEY LAUNDRINGREMITTANCECRM

COLLECTION SYSTEMATM SWITCH

INTERNET BANKING

ISLAMIC BANKING

MOBILE BANKING

CARD MANAGEMENT

NETWORK OF TRUST

EMPLOYEES

MANAGEMENT

GOVERNMENT

VENDORS

CUSTOMERS

STORYTELLING SESSIONHOW WE COMPROMISED BANKS

ON SOME PENTEST ENGAGEMENT

COMMON PROBLEMS

PEOPLE PROBLEMSWEAK PASSWORDS

LACK OF AWARENESSLACK OF SKILLS

SYSTEM PROBLEMSOUTDATED SYSTEMS

INSECURE CONFIGURATIONSINSECURE PROTOCOLS

MANAGEMENT PROBLEMS

MERCHANTS

ATM COMPROMISE

WTFKTHXBYE

WHO’S RESPONSIBLE?

BANK

CUSTOMERAccording to Customer

BANK

CUSTOMERAccording to Bank

RESPONSIBL

ERESPO

NSIBLE

RESPONSIBL

E

SECURITY RESPONSIBILITY

BANKS’ EFFORTS TO INCREASE THE SECURITY LEVEL

ENCRYPTION

TWO-FACTOR AUTHENTICATIONS

TWO-FACTOR AUTHENTICATIONS

REGULATION COMPLIANCE

REGULAR SECURITY ASSESSMENT

WHAT’S NEXT?

WHAT’S NEXT?

THANKS!

CREDITS:Photos:• [Page 01] http://www.flickr.com/photos/reddogfever/4580710899/• [Page 02] http://www.flickr.com/photos/lanuiop/226760877/• [Page 04] http://www.flickr.com/photos/deepblue66/132439533/• [Page 05] http://www.flickr.com/photos/marcelnicolai/4600107436/• [Page 09] http://www.flickr.com/photos/paulwatson/411792788/• [Page 10] http://www.flickr.com/photos/jliba/3696592874/• [Page 11] Swordfish Hack — http://www.youtube.com/watch?v=zfy5dFhw3ik• [Page 12] http://www.flickr.com/photos/skreuzer/354316778/• [Page 13] http://www.flickr.com/photos/tim_d/184018928/• [Page 14] http://www.flickr.com/photos/eskimoblood/2111672366/• [Page 15] http://www.flickr.com/photos/beneathourfeet/2502755729/• [Page 16] http://www.flickr.com/photos/formalfallacy/2057169454/• [Page 16] http://www.flickr.com/photos/dolor_ipsum/3262262008/• [Page 17] http://www.flickr.com/photos/24443965@N08/3460357646/• [Page 23] http://www.flickr.com/photos/kk/4191131924/• [Page 25] http://www.flickr.com/photos/ari/2347593532/• [Page 27] http://www.infosurhoy.com/cocoon/saii/images/2010/03/01/photo4.jpg• [Page 28] http://en.wikipedia.org/wiki/File:CryptoCard_two_factor.jpg• [Page 29] http://blogs.ft.com/gapperblog/files/2008/03/bank-regulation.jpg• [Page 30] http://www.flickr.com/photos/dfarrell07/5013882149/• [Page 31] http://www.flickr.com/photos/joshmt/2526552173/

@GEOVEDI

CHECKOUT:http://slideshare.net/geovedi

Recommended

Data Scientist: the Sexiest Job of the 21st Century
Data & Analytics
21st Century Networking: Accelerate Your Job Search
Documents
data scientist the sexiest job of the 21st century
Data & Analytics
“Data scientist – the sexiest job of the 21st century” · 4/17/2018 1 “Data scientist –the sexiest job of the 21st century” Sanjay Mazumdar CEO, D2D CRC Data Scientist:
Documents
Is Data Scientist still the sexiest job of 21st century? Find Out!
Technology
Data Scientist: Sexiest Job of the 21st Century › archive › Forum5 › Franklin.pdf · Data Scientist: Sexiest Job of the 21st Century! •Harvard Business Review! MAA – 1923:
Documents
21st century job hunting
Education
21st Century Job Hunting - Power Building Resumes with Pre-Writing Research
Career
Data Scientist: The Sexiest Job of the 21st Century · DATA Data Scientist: The Sexiest Job of the 21st Century by Thomas H. Davenport and D.J. Patil FROM THE OCTOBER 2012 ISSUE W
Documents
Data Scientist: The Sexiest Job of the 21st Centuryusers.telenet.be/martialluyts/datascience_filii.pdf · Data Scientist: The Sexiest Job of the 21st Century Martial Luyts ... 2.Try
Documents
Using 21st Century Tools to Teach 21st Century Skills
Documents
21st century operational procedure automation with … · 21st century operational procedure automation with ... 21st century operational procedure automation ... 21st century operational
Documents
21st Century - Jobs.ac.uk · 2017-07-06 · 21st Century Job Skills to Improve Your Resume Social Skills Complex Problem Solving Skills Resource Management Technical Skills Systems
Documents
A job for everyone: What should full employment mean in 21st century Britain?
Documents
Is Data Scientist the Sexiest Job of the 21st century?
Technology
The Sexiest Job of the 21st Century OR How Analytics Professionals
Documents
21st Century Leadership for a 21st Century Workforceconvention.jamaicaemployers.com/pdfs/2010/saturday/21st century... · 21st Century Leadership for a 21st Century Workforce Presented
Documents
NSC / 2019 / FVTRS / Souvenir€¦ · Skilling in the 21st century Aptly labeled '21st century skills', these are intended to help students stay relevant in a changing job market
Documents
Enriching 21st Century Higher Education Students' Job Creation
Documents
The University in the 21st Century The Academic Job Market ...€¦ · 21st Century The Academic Job Market Research and Innovation Perspectives on Access RTR CLLEGE NOR RPRT . ACKNOWLEDGEMENT
Documents