[ale] OT: online banking hack

Raju mr at 4securenet.com
Mon May 12 20:34:19 EDT 2003


This looks like a similar technique used by a few blackhats in Germany
about four years ago. They were able to hijack domains of several banks (I
still think Domain resgistration and control uses poor authenitication -
at least use GPG sigs, or certs, etc for better security).  The traffic
was redirected to a different site that looked identical to the bank's and
the user was prompted for any interesting information to the blackhat.
After the information was harvested, an arbitary error message was given
and then redirected to the "real" online banking site. The unaware user
ignores the message and enters the information again ...VOLLA...it works
now :)

1. How many actually make sure that IP address matches the correct Domain
Name when we enter a URL?

2. This was an example of exploiting the weakest link in security, namely
us Humans..:-)

Regards,

--Raju.


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jim, you might want to escalate this and send the message (with headers,
>  etc) on to the FBI.gov and DHS.gov sites.  Maybe I'm being paranoid
> here, but these days, a company like the Bank of America would be an
> extremely tempting target for terrorists and the like.  If for no other
> reason than that it contains the name "America" (and Bank) - two of the
> things that terrorist freaks seem to have a distaste for.  If I'm not
> mistaken most of the airlines that were used on Sept. 11th were
> "American" Airlines.  Anyway, the point is that I think that you should
> forward the information on to DHS.gov / FBI.gov.  In fact, I'd like to
> request that you do so as a favor for me.
>
> Best Regards,
> CB
>
>
> Jim Philips wrote:
>
> |Today I got an e-mail from Bank of America requesting that I go to
> their |server and log on to online banking. The e-mail provided a link I
> could use |for calling up the logon page. The problem is that I don't
> have an account |with Bank of America. The link showed up in the e-mail
> as https, but  when you
> |click on it, you get an http page with only an IP address. This is a
> naked |attempt to fool people into giving up their logins and passwords
> for online |banking. I called Bank of America and forwarded the e-mail
> (which was  caught
> |and flagged by Spamassassin). Apparently, a whole batch of these went
> out |today about 1 o'clock.
> |_______________________________________________
> |Ale mailing list
> |Ale at ale.org
> |http://www.ale.org/mailman/listinfo/ale
> |
> |
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE+wDDSTKCy0t3zQgURAjelAJ9oHgI2icTgVYwMf5R9le39dfTVxwCg28g7
> yPyQXxsezd3+X5NZRcEDgXI=
> =MEOB
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale





_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list