Security expert details how he nabbed millions of dollars from a bank

May 15, 2013
1

Bank heists - they're the subject of movies, books, and, in some cases, real-world news. While not every mission goes as planned, many have managed to gain ill-gotten wealth from lax security systems, prompting banks to step up their game and stay on top of ever-changing technologies. The best ways to find out you have a security vulnerability is to have someone exploit it, which is what one bank hired a security expert to do. Having successfully accomplished his mission, Nisha Bhalla has detailed how he managed to "steal" $14 million.

Bhalla is the CEO of security company Security Compass, which specializes in breaking into the security sytems of organizations and companies, exposing any vulnerabilities and issues that compromise data - or, in this case, allow someone to run off with millions of dollars. A bank located in the United States - name not provided - hired Bhalla's company to test its system.

As we noted, the system wasn't secure, and as a result Bhalla set himself up a checking account and funded it with $14 million that didn't exist - money generated on the fly, so to speak. He then went over to the ATM machine and grabbed a receipt, which you can see an image of above, confirming that he was now - temporarily, at least - a multi-millionaire. Needless to say, such a massive infiltration "shocked" the bank, and it closed down his account before sprucing up its network security.

Not stopping there, he spoke to the folks over at CNN, detailing how the process of acquiring the funds went, and, in doing so, demonstrated how other stores, banks, and organizations could potentially suffer at the hands of the technically-inclined unscrupulous. The first step, as you likely guessed, was gaining access to the bank's network, which Bhalla says it is simple to do by latching on to its wireless network - something many banks provide for its customers to use as a courtesy.

From there, it was only a matter of using freely available sniffer software to map the bank's computer network, followed by flooding the network's switches to gather data. He found log-in information for a teller's computer, which didn't use encryption when sending data to the bank's main database. As such, Bhalla had free reign, and used it to create a bank account with $14 million in funds, something that would likely go undetected until well after he transferred the funds overseas and left the country.

Such a revelation comes only days after eight individuals were charged with swiping $45 million from ATM machines.

SOURCE: CNN Money


Must Read Bits & Bytes