Hackers that are looking to cause more chaos than financial gain are nothing new, but this article reminded me how scary it can be.
The article describes a potential scenario where a hacker gains access to a bank’s internal network using traditional methods such as a stolen password, malware infection, etc. This is followed by getting privileged access into the customer database where detailed account balances and personal information is held. Over a three month period the hacker begins to alter and manipulate the data that is linked to customer transactions. Once the banks and customers realize what has happened it could take months for the data to be manually recalculated to the correct amounts. During this time customers are are wondering if they’ll have the correct and accurate balances, when, if ever, they’ll be able to make a withdraw, and if there is a safe place to place their money besides their mattress.
This reminds me of the story line in season 1 of Mr.Robot…
It’s easy to think that the financial sector has the best network and database security but I’m sure there are vulnerabilities. The large corporations may be better protected but some of the smaller financial companies may not have the same security luxuries to prevent an attack like this. The article points out a research survey of 200 organizations (average work force of 22k) and 47 % acknowledged that no individual or functional group is responsible for monitoring databases for unauthorized activity. This is alarming considering how much critical financial data is kept in these databases.
http://www.darkreading.com/attacks-breaches/data-manipulation-an-imminent-threat-/a/d-id/1326864?
Ahmed A. Alkaysi says
This is very scary indeed. Altering the data wouldn’t only be a simple thing such as a cosmetic issue, it will also be a functional issue with potential to lose the company millions of dollars. Without getting into too much detail, where I work this type of data is used to authorize transaction made by credit cards. If any of the data is altered, the decision system might approve or decline a transaction that shouldn’t have been.
Wade Mackey says
The Pakistan Swift Hack is a good example of this. All it takes is one weak link. So, yes, I would be concerned about some of the smaller institutions.
Wade