How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Friday, May 24, 2013

A Student Hacks a Remote Banking System at PHDays

The security of banking systems became one of the key topics at Positive Hack Days III. Discussions, contests and hands-on labs on banking systems were held during the forum.


Anatoly "heartless" Katyushin, a student from the Samara State Aerospace University (Samara, Russia), hacked a remote banking system during the $natch competition and "stole" 4,995 rubles. The contest consisted of two rounds. at first, virtual machine copies with vulnerable web services of the remote banking system (a real I-banking system analog) were provided to the participants. In the second round, the hackers needed to exploit the discovered vulnerabilities and steal as much money as it was possible.

Positive Technologies developed a test remote banking system PHDays I-Bank for the contest and included typical vulnerabilities.

The participants had one hour to exploit the security problems that were discovered during the first round of the contest and to transfer the money to their account. The system contained 20,000 rubles. The winner manages to "steal" only 4,995.

Asteros, the forum's partner, doubled the sum.

"It took about 4 hours to detect security problems in the system's image. Then we needed just to write a script to automate the vulnerability exploitation," — Anatoly Katyushin said at the end of the contest.

Omar Ganiev (beched), a student of the Department of Mathematics at the Higher school of economics, took second place "stealing" 3,277 rubles.

"I didn't win last year, because of a script error. But this time I manage to take second place," — said Omar Ganiev.


Other participants didn't get a ruble from the PHDays iBank.




2 comments:

  1. Thanks for sharing this guidelines with us, That's truly very helpful for me, Keep posting

    cheap alarm monitoring

    ReplyDelete
  2. I have read your blog. It’s very interesting, and informative. Thanks a lot for sharing a very useful and beneficial content. For more information about Russian systema please visit our website.

    ReplyDelete