In this post i m gonna talk about Bank hacking , just wait i m not gonna tell you the phenomenon that how to hack a bank but its all about which mechanism are used by a hacker to hack a bank.
STEP ONE: THE SETUP
First, we'll pull our core team together. We'll need at least half a dozen software whizzes to do our hacking, including specialists in banking application software, wire transfer networks, IBM MVS, Unix, Sun Microsystems Solaris, or Windows NT (depending on which is controlling the bank's servers), Windows 95 and 98, and security software. We'll also want at least one inside person at the bank. This could be a mid- to low-level employee, a teller, assistant manager in data processing, or a wire transferclerk. We should have someone experienced in physical security, too, as well as a talented "social
engineer" capable of charm and fast talk. Next, we'll pick our target, avoiding top-tier banks because they're too well protected. We don't want small community or Internet-only banks, either, because their limited money supply makes it likely that managers would instantly notice millions of dollars flying out the
electronic doors. So we target a nice midsize bank. Finally, like any other business endeavor, we'll need time to get set up and some seed money-for equipment, living expenses, advances, bribes, and so on. Two million dollars should do it. Our goal will be to steal between $10 million and $100 million.
STEP TWO: THE GROUND WORK
Our physical-security pro and his or her associates will get themselves hired by the target bank as janitors, electricians, plumbers, or other contractors. Once inside, they'll plant bugs throughout the bank. They'll also filch useful hard-copy information from desks, filing cabinets, and closets. At the same time, our social engineer and hired cohorts will run a number of small scams designed to yield insights into how the bank sets up, accesses, modifies, and pays out its accounts. For instance, they'll pose as retail and commercial
customers, making friends with bank employees outside of work, and impersonating bank employees over the phone in an effort to get information from employees, customers, software vendors, computer professionals, and other banks. Meanwhile, of course, our main insider will be learning everything he or she can about the bank's network, software, processes, and employees.
The actual hacking will be cautious and low-level for the first several weeks-better to peel an onion than boldly drill for oil. We won't go near the money systems at this point. Instead, we'll focus on finding various ways to get onto the network from the outside. One approach will be "war-dialing," which involves setting up a computer to automatically dial every phone line in the bank in search of an answering modem. Another approach is to set up an online account with the bank, then jump from the online banking server to the bank's main network.Yet another avenue is provided by bank managers who take laptops home and hook up to their banks via cable Internet services (particularly easy to
penetrate). If the bank has overseas branches, we may decide to come in through one of them because computer security tends to be more lax offshore.
Whatever route we take, we won't be able to get in without employee passwords, preferably several-to avoid raising suspicion by running up one person's computer time. But there are lots of ways of getting
them. Our inside people should be able to spot some scribbled down on desktops; our social engineers will talk employees and the IT department out of others; we'll run widely available freeware automated password-guessing programs such as Crack; we'll steal them from employees' accounts at e-commerce sites like Amazon.com, because people tend to use the same passwords in different applications; and in many cases we'll be able to quickly guess them off the tops of our heads because people often use passwords such as their last names, "hello," or "password."
Once on the network, we'll search for ways to jump into different computers and software programs. We may need new passwords at each step-no big deal. At this point, we'll log on only for short periods and avoid touching sensitive systems, to keep from attracting attention. We'll also have our social engineers open several dozen accounts of various types at the bank under false identities. They'll keep mostly modest but occasionally large sums of money flowing into, out of, and among them.
STEP THREE: THE CODE WORK
Once we get a feeling for the network, we'll start to obtain "root access" on some of the servers. That is, to get a server to give us all the rights and privileges normally afforded only to the server's systems administrator, or sysadmin. All it takes is the right password. With root access, we can start rolling out the hacker heavy artillery. We'll create new computer accounts, install back doors and Trojan horses,
and set up "sniffers" to monitor traffic and break into email archives. In this way, we'll learn the formats and codes that the bank uses to move money around. We'll also break into files storing hundreds of passwords, which will come in handy. And we'll run remote network analyzers-freely available programs
such as Satan, Saint, and Sara-that relentlessly probe a network looking for security weaknesses. At this point, we'll now be able to cover our tracks by altering the computer logs that keep track of who accesses
what on the network, so we can stay on for longer periods and penetrate more deeply.
On another front, we'll try getting our hands on a copy of the application software that the bank uses to manage money and accounts because we'd like to figure out a way to secretly modify it to our benefit. Theversion the bank is running won't do us any good because working software, or "machine code," is nothingbut an unintelligible string of 1s and 0s. We'll need the "source code"-the version written in a standard programming language. Software companies guard source code jealously, but we might be able to hack a copy from the vendor. Alternatively, if we're lucky, the bank may have modified the software on its own, in which case it will have a copy somewhere. If we can't find it on the network, we may be able to get it by bribing or extorting one of the bank's IT consultants. Or we might have better luck lifting a copy from an overseas bank or vendor that modified the software to suit local requirements. If we can get the program, we'll look for ways to usefully alter one of its components, then we'll "compile it"-convert it to machine code ready for running. Later, we'll hack into the system and swap our modified component for the real thing. Either way, eventually we will learn how to move money internally among accounts-essentially the level of control of a teller-and how to control wire transfers, in which money is transferred to another bank. We'll know what sorts of checks and verifications are run on every transaction of a given type and size, when audits take place, and what sorts of actions cause the computer systems to alert sysadmins or other managers. But we still won't take any money.
While we're getting to know how the bank's systems operate, we'll also be gathering the latest in nuisance hackerware-viruses, autospammers, and other goodies designed for "denial of service" attacks-that is,
attacks intended to bring a system to its knees without necessarily taking anything (the kind of attacks leveled recently at e-commerce sites like Amazon). We'll put these tools into position, but we won't
activate anything yet. Finally, we'll set up numbered bank accounts in Jamaica, Cyprus, and several other countries that provide maximum banking privacy and minimal cooperation with international law enforcement agencies. We'll also set up accounts at several other U.S. banks, with detailed instructions for quickly moving money in and out of each of these banks.
Read more on Hack Freak