Hackers penetrate mid-level bank IT network

SNOsoft, a research team at  cyber-security specialists Netragard specializing in anti-hacking have penetrated a medium-level bank by ascertaining relevant information from popular social media websites.

Despite banks' best efforts, IT hacking is still prevalent, and it seems with the right know-how, gaining inside access to files and personal details is not as difficult as hoped. In 2009, Israeli bank hacker Ehud Tenenbaum was arrested in Canada and charged in the US with allegedly stealing roughly $1.5 million in a bank hacking scheme.

Also in January of 2009, experts had warned banks at the World Economic Forum in Davos, Switzerland, how the threat of cyber-crime was rising sharply, and a new anti-fraud system should be implemented globally to tackle well organized hacking gangs.

Clearly this has not been the case, as SNOsoft were able to penetrate a mid-level bank with relative ease. In a blog, the firm's boss, Adriel Desautels, explains that SNOsoft gathered valuable information from social networking sites like Facebook, essentially mapping relationships between employees, vendors, friends and family. The social networking site also helped identify key people in accounts receivable/accounts payable (AR/AP) at the bank.

Facebook wasn't the only site to expose the type of information hackers would need, as SNOsoft also paid sites like LinkedIn and job sites such as Monster and Dice - where IT positions at the bank were advertised - a visit. SNOsoft claims the sites provided "interesting and useful technical information" on things such as intrusion detection technologies and operating systems for desktops and servers.

"In addition to Facebook, we focused on websites like Monster, Dice, Hot Jobs, LinkedIn, etc. We identified a few interesting IT related job openings that disclosed interesting and useful technical information about the bank," the blog says.

To get further inside the IT system, SNOsoft applied for an IT security job and used the subsequent screening call to pump the bank for details on its anti-virus technologies and policies on controlling outbound network traffic.

To get complete control of a the bank's IT infrastructure, SNOsoft sent an embedded PDF file to a bank workers system from a trusted IT service provider. As a result the PDF slid unnoticed through the bank's anti-virus software and once opened by the employee, Snosoft could install its own back-door technology and deployed a suite of tools before scoping out the internal network. Eventually the team cracked the bank's passwords and gained access to desktops, servers and Cisco devices used by the bank.

"In summary, we were able to penetrate into our customers IT Infrastructure and effectively take control of the entire infrastructure without being detected," said Desautels.

It seems that IT security has a long way to go before our money is truly safe.

Related articles:

Financially motivated hacking: the non-vulnerability challenge | Are hacker-schemes on the rise? | DOJ moves in on bank hacking rings

Like this article? Get the RSS feed: