Criminal Minds Case.1

I will show you Why you MUST have CIS on your PC.

JAN 5.2009 pm 3:39~3:44 in 5min.

The victim was a woman who doesn’t know about any security.
She lost about $21000.
The hacker drew out total $21000 ,$7000 per withdrawal. It was $21000 of money.
It means the hacker accessed her bank account to take out at least 3 times.

How did it happen and what did the hackers?

There are keyboard encryption tool, Encrypted Certification,
Security card(providing security code), Antivirus tool, Firewall tool in the banking website.
The bank provides customers the tools above with ActiveX installation.

The bank provides customers following protections.

1. Log-in ID/PASSWORD for banking website(encrypted with SSL) 2. Keyboard encryption tool 3. Antivirus tool.(ActiveX installation) 4. Firewall tool.(ActiveX installation) 5. Provided Security card for customers.(sending to the home) 6. Trying to log in failed 5 times, your bank account will be closed and stopped automatically. (Bank attendance required) 1. Encrypted Certification.(can be saved in FDD,HDD,USB,CD,DVD etc any removable media) 2. Password for transferring money(different from log-in password) 3. Security card

When you transfer money, the banking website generates random positions
and requires you each 2 digit numbers of 2 blue number positions on your Security Card.
So you should type total 4 digit numbers followed by each position.

1. Keyboard encryption tool was useless. (it's possible to hack, many experts agree with it) 2. Encrypted Certification was useless. (there is the way we can hack it) 3. Security card was useless. 4. Antivirus tool was useless. (the antivirus tool which the bank providing is horribly bad, it's true) 5. Firewall tool was useless. (the firewall tool which the bank providing is terribly bad, it's true)

To be continued.

You will see almost all techniques in the Real World.

[attachment deleted by admin]

OOPS.

No. You are wrong.
It’s not that simple and easy.
That link is not related with my topic.
Don’t worry, I’m not talking about the worm and virus things.
Please do not guess.
You don’t know what I’m gonna talk about yet.

Oops! :-[

Interesting story… Looking forward to what really happened… ;D :slight_smile:

But I think Johs says something interesting… Does SSL encrypted sites load if SSL/TLS is disabled (in the browser)… And if so, would they be unencrypted? :o :o

Also Could a malware add a FAKE certificate authority to the browser?

IDK so I ask… =) (guessing the first case would result in some error when loading the page…)

I replying partly so I can be kept updated with this topic. :slight_smile:

I once read something like that there is a database of “correct” certificates on your PC, and if the certificate on the website didn’t match that database…something happens. ;D