ITACS 5211: Introduction to Ethical Hacking

Wade Mackay

Ahmed A. Alkaysi

SWIFT Moves to Combat Inter-Bank Fraud

by Leave a Comment

I posted an article about how SWIFT was going to start punishing their customer banks by disclosing the bank’s security gap in order to get them to comply. Well it looks like SWIFT is now trying to provide these banks with data reports to “supplement its customers’ existing fraud reports.” These reports include an Activity Report and Risk Reports. It will contain “a snapshot view” of the day’s “messaging activity against which to detect unusual pattern.” Basically, these reports will contain the “messaging activity” data for the bank, and it will be compared to the data currently in the bank’s system. If there is a large discrepancy between the bank’s data and the report that SWIFT sends them, their might have been a cyber attack that altered that banks data. I don’t know if these reports will be any effective, but I guess its a start. By the time the reports show any abnormal pattern, the bank could have already lost millions of dollars due to a hack.

http://www.securityweek.com/swift-moves-combat-inter-bank-fraud

 

 

SunGard Recon Assignment

by 1 Comment

Hello everyone,

I have attached my executive summary, powerpoint, and embeded the video of the presentation below. I apologize, for some reason the Webex recording did not capture my camera, so only my audio is available. If anyone is having trouble viewing any of my documents, please let me know and I will promptly resolve the issues.

Thanks!

sungard-executive-summary-word

sungard-reconnaissance-ppt

 

https://youtu.be/gX7dN4YD0Vs

Volkswagen launches new cybersecurity firm to tackle car security

by 5 Comments

Volkswagen has teamed up with an Israeli group to launch a cybersecurity company. This company is called Cymotive and will be headquarted in both Israel and Germany. The Cymotive chairman said:

“Together with Volkswagen we are building a top-notch team of cyber security experts. We are aware of the significant technological challenges that will face us in the next years in dealing with the cyber security threats facing the connected car and the development of the autonomous car.”

Now that cars are becoming ‘smarter’, security for the connected cars is becoming top priority. I wouldn’t be surprised if more car companies start some kind of cyber initiative similar to this one. I just hope that the car companies collaborate together in terms of research and development to improve the security of these cars.

link: http://www.zdnet.com/article/volkswagen-launches-new-cybersecurity-firm-to-tackle-car-security/

 

Yelp’s New Bug Bounty Program Promises $15,000 Payouts

by 2 Comments

This article talks about how Yelp is offering up to $15,000 in a new “Bug Bounty” program for security researchers. Any of the Yelp owned sites is part of this program. Yelp is particularly worried about vulnerabilities that result in ” ..sensitive data disclosure, data injection/exfiltration, insecure session management, etc,” These types of programs are very interesting. The company not only provides an incentive to researchers if they find a critical bug, but it also allows the researchers to legally try to penetrate the site, which might satisfy their desire to test out their skills. This also gives an opportunity to raise awareness for cyber security among the public. I hope more companies employ tactics like this in order to combat vulnerabilities.

 

http://www.securityweek.com/yelps-new-bug-bounty-program-promises-15000-payouts

Article: SWIFT discloses more cyber thefts, pressures banks on security

by 2 Comments

http://www.reuters.com/article/us-cyber-heist-swift-idUSKCN11600C

I found this article from this morning pretty interesting. SWIFT, which basically allows financial transactions between banks worldwide, declared that their were new cyber attacks on its member banks. They said that attacks have ramped up since the Bangladesh Bank lost $81 million dollars back in February’s cyber attack. The attackers are specifically targeting banks that lack proper security for “SWIFT-enabled transfers.” It seems like SWIFT is having trouble with their member banks complying to security procedures. The biggest issue stated in this article is that SWIFT does not have “regulatory authority over its members.” So they cannot FORCE these banks to comply to proper security controls. SWIFT is threatening to disclose security lapses for these banks, which I don’t see how it helps. Before these banks were capable of using the SWIFT transaction system, SWIFT should have sent their own IT auditors to make sure these banks had the proper IT security and controls in place. Otherwise, we will see problems like this where banks or companies in general, especially in developing countries, aren’t taking IT security seriously.