On Sat, 10 Feb 2007, Dennis Henderson wrote: > On 2/10/07, Fergie <[EMAIL PROTECTED]> wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Via InformationWeek. > > > > [snip] > > > > The stakes can get pretty high in the hacker economy. > > > > A few years ago, a security researcher living overseas was contacted by a > > man with an intriguing offer: The researcher would get 2.2 million euros > > (more than $2.8 million) for each financial services firm he helped the > > man > > and his group of cybercriminals infiltrate. All the researcher had to do > > was provide the group with Windows Terminal Services access with > > administrative privileges for each bank, which the thieves would then > > penetrate via the Swift network. Swift, the Society for Worldwide > > Interbank > > Financial Telecommunication, manages a network owned by about 8,000 banks > > in 206 countries and territories to facilitate electronic transfers. > > > > The thieves seemed to have deep knowledge of the Swift system and how it > > could be manipulated. After pilfering funds from a number of banks, the > > thieves planned to create a shell game that would transfer the money from > > one financial institution to another until they could shake the trail of > > anyone investigating the theft and access the money. Cracking into the > > Swift systems was made easier, the researcher claims, by the presence of a > > critical Microsoft bug that at the time left vulnerable Internet > > Information Services servers running Secure Sockets Layer transactions. > > > > Unless this "researcher" was a swift employee, I'm not sure how this would > have worked. > > Access to swift just doesnt work that way, at least at my bank... >
What if you have a device connected somewhere that has access? Thet story says the contractor had the access. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
