How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Thursday, May 31, 2012

Once Again about Remote Banking Security

There is a specific section in the information security forum Positive Hack Days called Ways to Protect Money taking place in the Digital October Center these days, where leading experts from Russia and other countries speak about the issues of the banking security.

For the $natch competition, we have developed our own remote banking system containing common vulnerabilities detected by the experts of Positive Technologies in the course of such systems analysis.


Participants of the $natch contest were to demonstrate their knowledge and skills in exploiting typical vulnerabilities of the remote banking servers. There was a certain amount of money in our “protected” I-bank (conditions were near to the actual).

The hackers were to detect the remote banking vulnerabilities and use them to withdraw money within a limited time during the second stage of the competition. Participants were awarded with the withdrawn amounts. They could cash out their money from an ATM using the following PHDays cards:


And still there’s more to come! We are going to repeat this competition, but this time the teams of Positive Hack Days CTF will work on protection of the remote banking systems (4 hours to search and eliminate vulnerabilities), and then the Internet users will conduct attacks in the course of the Online HackQuest competition.

On May 31 at 6 p.m. the Internet users will penetrate to the CTF network via VPN and start attacking the remote banking systems.
Transferring money from the accounts of the CTF participants by exploiting remote banking vulnerabilities you can affect the final rating of the teams taking part in PHDays CTF 2012.


Please follow the links for the testing versions of the remote banking systems:
Use any of 4 accounts to withdraw money:
  • 91307430600804200281 Anonymous
  • 91307430600372200346 LulzSec
  • 91307430600128500473 Offshore of Potato
  • 91307430600296700514 International Fund for French Fries Welfare
Succeed in the competition as the $natch participants did! Enjoy the battle against the CTF teams and become even more skilled in detecting and exploiting typical vulnerabilities of the remote banking systems!

P. S. It’s worth reminding that the remote banking system has been developed by the experts of Positive Technologies for the purposes of PHDays 2012. It contains typical remote banking vulnerabilities and is not an actual bank system.

6 comments:

  1. Hello,


    These 2 links are dead:

    http://downloads.phdays.com/phdays_ibank_src.zip

    http://downloads.phdays.com/phdays_ibank_vm.zip

    Can you reupload the file please?

    ReplyDelete
  2. Well, customers only attracts when banks offers security as well as privacy with long term beneficial plans.

    ReplyDelete
  3. I install iBank on server. I try to access but It must fill username or password that I don't know

    ReplyDelete
  4. Thanks for providing the source code... Been looking into web service strengthening, so this will help a lot :)

    ReplyDelete
  5. Please provide the username and password.

    ReplyDelete
  6. Very informative article no doubt. Thanks for sharing the info!

    ReplyDelete