It's a physical token generator so I'll assume that's a regular hard token.
James. From: [email protected] [mailto:[email protected]] On Behalf Of Ziots, Edward Sent: Thursday, 26 September 2013 10:11 PM To: [email protected] Subject: [NTSysADM] RE: Bank funds stolen without access to rsa token, anyone heard of that? Where these soft tokens, or regular hard tokens? What Ken speaks of is true I have not seen a hack of hardware tokens, I have heard of some malware that had the capability to steal soft tokens. Also as another treat, it looks like Lexis-Nexis and others got hit again by a data-stealing botnet: http://nakedsecurity.sophos.com/2013/09/26/data-stealing-botnets-found-in-major-public-record-holders-servers/?utm_source=Naked+Security+-+Sophos+List&utm_medium=email&utm_campaign=6ddbed2680-naked%252Bsecurity&utm_term=0_31623bb782-6ddbed2680-454838729 Sincerely, EZ Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ken Schaefer Sent: Thursday, September 26, 2013 4:02 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Bank funds stolen without access to rsa token, anyone heard of that? If so, then potentially it could be done via, say, session hijacking (accessing the account after authentication). Alternatively, malware might have stolen enough information to make a social engineering attack possible, and the funds were transferred via telephone banking or even in-person in a branch. I'd have the bank do an investigation to find out how the funds were transferred. FWIW we have a lot of these tokens issued (in the hundreds of thousands), and whilst I don't work in the area, I'm not aware of any vulnerability that allows such a bypass (e.g. token collision). Don't take my word as gospel, but I suspect if there was a vulnerability as you described earlier, a lot of organisations would be scrambling. Cheers Ken From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of James Hill Sent: Thursday, 26 September 2013 5:38 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Bank funds stolen without access to rsa token, anyone heard of that? No I'm not. The suspicion is malicious software on the computer that was normally used. James. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ken Schaefer Sent: Thursday, 26 September 2013 5:32 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Bank funds stolen without access to rsa token, anyone heard of that? Are you 100% sure this was done via the internet banking site? Cheers Ken From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of James Hill Sent: Thursday, 26 September 2013 5:24 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Bank funds stolen without access to rsa token, anyone heard of that? I've recently been in discussion with someone who has had money stolen from their bank account. I have seen examples of this in the past when the only authentication in place was a password. But in this case they had two factor authentication. A password and an RSA token. They had funds transferred to an overseas bank account. For this to occur it would normally require logging on to the internet banking system with the password and token code. Then enter the external transfer area, enter the details then enter in the current token code. Has anyone ever heard of this occurring? James.
<<inline: image001.jpg>>
