Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The 21st Century Bank Job

Jim Geovedi
October 14, 2011
Technology
0
130

The 21st Century Bank Job

Yes, I'm talking about how to hack a Bank!

Jim Geovedi

October 14, 2011
Tweet

More Decks by Jim Geovedi

See All by Jim Geovedi
Who's Smarter Than Machine?
geovedi
0
110
Unstructured Data is the New Gold: ML + NLP is the New Shiz!
geovedi
5
900
Machine Learning for Cybersecurity
geovedi
5
2.5k
Waluku: Answering Astronomy Questions through Social Media
geovedi
0
170
@begobet
geovedi
0
280
Satellite Telephony Security
geovedi
0
80
Hacking a Bird in the Sky: The Revenge of Angry Birds
geovedi
0
120
Cloud Security - Security Aspects of Cloud Computing
geovedi
0
69
Professional Hackers
geovedi
0
110

Other Decks in Technology

See All in Technology
ウェブアクセシビリティとは
lycorptech_jp
PRO
0
320
日本MySQLユーザ会ができるまで / making MyNA
tmtms
1
370
モンテカルロ木探索のパフォーマンスを予測する Kaggleコンペ解説 〜生成AIによる未知のゲーム生成〜
rist
4
1.2k
OPENLOGI Company Profile
hr01
0
61k
技術好きなエンジニアが _リーダーへの進化_ によって得たものと失ったもの / The Gains and Losses of a Tech-Enthusiast Engineer’s “Evolution into Leadership”
kaminashi
0
210
どっちの API SHOW?SharePoint 開発における SharePoint REST API Microsoft Graph API の違い / Which API show? Differences between Microsoft Graph API and SharePoint REST API
karamem0
0
110
小さく始めるDevOps 内製化支援から見えたDevOpsの始め方 / 20250317 Ken Takayanagi
shift_evolve
1
110
一人QA時代が終わり、​ QAチームが立ち上がった話​
ma_cho29
0
290
お問い合わせ対応の改善取り組みとその進め方
masartz
1
420
パスキー導入の課題と ベストプラクティス、今後の展望
ritou
7
1.2k
AWS CDK コントリビュート はじめの一歩
yendoooo
1
120
近年の PyCon 情勢から見た PyCon APAC のまとめ
terapyon
0
110

Featured

See All Featured
How to Ace a Technical Interview
jacobian
276
23k
Fontdeck: Realign not Redesign
paulrobertlloyd
83
5.5k
A Philosophy of Restraint
colly
203
16k
Mobile First: as difficult as doing things right
swwweet
223
9.5k
Done Done
chrislema
183
16k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
135
33k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Git: the NoSQL Database
bkeepers
PRO
429
65k
Building Your Own Lightsaber
phodgson
104
6.3k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
227
22k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
320
Being A Developer After 40
akosma
90
590k

Transcript

  1. THE 21ST CENTURY BANK JOB @GEOVEDI

  2. EVER THOUGHT ABOUT ROBBING A BANK?

  3. JOHN DILLINGER KUSNI KASDUT OLD SCHOOL

  4. HACKING A BANK IS EASY ..OR MAYBE NOT!!

  5. MODERN BANK JOBS CASE STUDIES

  6. CREDIT CARD FRAUD

  7. ATM SKIMMING

  8. SOCIAL ENGINEERING

  9. & IT’S EASIER THEY ARE CLUELESS WHY TARGETING THE USERS?

    [MOST OF THE TIME]

  10. HOW ABOUT HACKING?

  11. Swordfish (2001)

  12. INSIDE THE BANK’S IT SYSTEM

  13. CORE TRADE FINANCE TREASURY DATA WAREHOUSING ANTI MONEY LAUNDRING REMITTANCE

    CRM COLLECTION SYSTEM ATM SWITCH INTERNET BANKING ISLAMIC BANKING MOBILE BANKING CARD MANAGEMENT

  14. NETWORK OF TRUST EMPLOYEES MANAGEMENT GOVERNMENT VENDORS CUSTOMERS

  15. STORYTELLING SESSION HOW WE COMPROMISED BANKS ON SOME PENTEST ENGAGEMENT

  16. COMMON PROBLEMS PEOPLE PROBLEMS WEAK PASSWORDS LACK OF AWARENESS LACK

    OF SKILLS SYSTEM PROBLEMS OUTDATED SYSTEMS INSECURE CONFIGURATIONS INSECURE PROTOCOLS

  17. MANAGEMENT PROBLEMS

  18. None

  19. MERCHANTS

  20. ATM COMPROMISE

  21. WTFKTHXBYE

  22. None

  23. WHO’S RESPONSIBLE?

  24. BANK CUSTOMER According to Customer BANK CUSTOMER According to Bank

    RESPONSIBLE RESPONSIBLE RESPONSIBLE SECURITY RESPONSIBILITY

  25. BANKS’ EFFORTS TO INCREASE THE SECURITY LEVEL

  26. ENCRYPTION

  27. TWO-FACTOR AUTHENTICATIONS

  28. TWO-FACTOR AUTHENTICATIONS

  29. REGULATION COMPLIANCE

  30. REGULAR SECURITY ASSESSMENT

  31. WHAT’S NEXT?

  32. WHAT’S NEXT?

  33. THANKS!

  34. CREDITS: Photos: • [Page 01] http://www.flickr.com/photos/reddogfever/4580710899/ • [Page 02] http://www.flickr.com/photos/lanuiop/226760877/

    • [Page 04] http://www.flickr.com/photos/deepblue66/132439533/ • [Page 05] http://www.flickr.com/photos/marcelnicolai/4600107436/ • [Page 09] http://www.flickr.com/photos/paulwatson/411792788/ • [Page 10] http://www.flickr.com/photos/jliba/3696592874/ • [Page 11] Swordfish Hack — http://www.youtube.com/watch?v=zfy5dFhw3ik • [Page 12] http://www.flickr.com/photos/skreuzer/354316778/ • [Page 13] http://www.flickr.com/photos/tim_d/184018928/ • [Page 14] http://www.flickr.com/photos/eskimoblood/2111672366/ • [Page 15] http://www.flickr.com/photos/beneathourfeet/2502755729/ • [Page 16] http://www.flickr.com/photos/formalfallacy/2057169454/ • [Page 16] http://www.flickr.com/photos/dolor_ipsum/3262262008/ • [Page 17] http://www.flickr.com/photos/24443965@N08/3460357646/ • [Page 23] http://www.flickr.com/photos/kk/4191131924/ • [Page 25] http://www.flickr.com/photos/ari/2347593532/ • [Page 27] http://www.infosurhoy.com/cocoon/saii/images/2010/03/01/photo4.jpg • [Page 28] http://en.wikipedia.org/wiki/File:CryptoCard_two_factor.jpg • [Page 29] http://blogs.ft.com/gapperblog/files/2008/03/bank-regulation.jpg • [Page 30] http://www.flickr.com/photos/dfarrell07/5013882149/ • [Page 31] http://www.flickr.com/photos/joshmt/2526552173/

  35. @GEOVEDI CHECKOUT: http://slideshare.net/geovedi