Criminal Minds Case.1-Final

Continued from.

https://forums.comodo.com/general_discussion_off_topic_anything_and_everything/criminal_minds_case1-t37250.0.html

https://forums.comodo.com/general_discussion_off_topic_anything_and_everything/criminal_minds_case12-t37306.0.html

Let’s see following pics.

<Pic 1.>

You can see 2 cards on the website.
A: made by hacker.
B: made by bank.

Now, let’s see another pic.

<pic 2.>

You can see 2cards on the website but card B’s opacity is low(0%).

A: the hacker can see but the victim can’t see it.
B: victim can only see it.

If you fail to type over 3times, the bank account is closed automatically.
Then you should visit the bank to renew the secrete card again.

  1. She fills in the blanks.
  2. There will be an error message ‘wrong number’
  3. Then the website shows her other blanks where she should type
    Again with other numbers.
  4. Now there is a message ‘right number’.
  5. She does not feel anything suspicious.

The hacker had been repeated the job for a long period.
(a week or a month)
Finally the hacker got all of Security card numbers.
How nice…
What was the technique to cheat her in this scene?
It was [Pishing + Clickjacking].

The hacker was waiting for more deposit balance of her account
for a few days.
Now he tried to connect her PC for make sure.
She was not online. Her PC was turned off.
He can’t wait anymore. So he tried to transfer the money.
Uh~Oh~
Her Certification had been expired.
lol

But there is always the way we can survive!
He connected to another Zombie PC from the other country.
Then he typed a wrong password via the Zombie PC intentionally.
If somebody does this, the bank online security team gets
an alarm for hacking attempt.
This was what he wanted to be happened.
The bank made a phone call to her immediately, then
tell her about hacking attempt.
The bank recommended her ‘renew your Certification right now’.
lol

Now she turned on her PC and connected to her banking account
then renew her Certification. The hacker took the Certification again.

Now! THE SHOW TIME.
The hacker transferred $21000 from her bank account and
disappeared right away.

The hacker will go to the hell.
How can he steal somebody’s money.
Easy come, Easy go.

[attachment deleted by admin]

hehe too advanced for me. :smiley:

Also Iam not sure that my bank’s solution function the same… :o

Are you suggesting that the banks has a wide gap in their security structure?

=)

A lot of banks cheat people with those security systems.
They always say online banking is safe.
But experts ask about the baking security , they always avoid to talk about it.
It’s related with the security companies.
Most of banking security solutions are from the outsourcing soulutions. If the security companies say ‘our product are not always safe’, any of banks will not buy their solutions. So, most of security companies cheat bank with their tongues, PPT files, comparative reports, brochures etc.
And then the banks cheat people with their mouth.
If the online banking is safe, why there are lots of protections?
Also the banks hire the maintenance team from the security companies, how stupid.
The security and maintenance team cheat people who are employees of the bank.
Most of stupid employees don’t know about security details, that’s why The security and maintenance team can cheat the employees easly.
It’s a vicious circle.

■■■■…

{Sorry.
I don’t mean to spam the thread.
But, it’s the only word crossed my mind after reading the post…}