Latest News

How Hackers Hack Bank Accounts and Personal Information

  • Most people studying hacking have a keen interest in learning how they can hack bank accounts.
  • They become discouraged with the prevailing perception that it is almost impossible to hack credit cards, debit cards, or net banking passwords, which is true to an extent.
  • Today I will discuss with you why hacking bank account information is tough and considered to be almost impossible.
  • We will also discuss the different, contemporary methods that hackers use to hack bank accounts.
All of these online transactions involve money, meaning they’re using banking information, credit or debit card payments, or simply net banking.
Most banks use SSL (Secure Sockets Layer) connection and at least 128 or 256-bit encryption for online banking and transaction purposes.
An additional layer of security that companies are introducing is called “transaction PIN layer” which means that for each and every online transaction you have to enter your password
  • And that during transactions you have to enter a PIN, a type of password between 4 and 8 characters in length.
  • Thus, banks do a lot of work to protect your credentials from the eyes of the world that may wish to gain access to your vital information.
The attacks successfully targeted online bank account holders in Germany by using call-forwarding features built into the SS7 protocol
When mobile phone users travel abroad, the SS7 administrative data network allows local phone networks to verify that the user’s SIM card is valid,
But that SS7 functionality can also be abused. In the case of the German online bank attacks :
  • Phishing attack: 

  • Fake emails tricked victims into visiting lookalike bank websites, where they were directed to enter all login,
  • And related information required to initiate a money transfer, including their account number.
  • Account password and the mobile phone number they registered with the bank to receive a one-time mobile transaction authentication number (mTAN),
  • Which must be entered into the bank’s website to approve money transfers.

  • Call forwarding:

    Using a mobile telephony network located abroad, attackers instruct it – via SS7 – to forward all calls and SMS messages
  • Sent to a victim’s mobile phone number to an attacker-controlled number.
  • Fraudsters can then log into a victim’s account, initiate a money transfer and then receive the mTAN required to approve the transfer.
In other criteria, it appears that the telcos are “effectively modifying how SS7 works,” says Woodward, who’s also a cybersecurity adviser to the EU’s law enforcement intelligence agency, Europol.

That’s good. We can only hope that other telcos follow suit.”

“Mounting Security Concerns“

  • The SS7 protocol dates from the 1970s and its authors assumed that only a closed group – comprising large telecommunications firms
  • Would be able to provide telephony services, Woodward says.
  • Then the internet and voice over IP communications came along, creating all sorts of inexpensive telephony networks.
  • Could accessed and legitimate features potentially used for unintended purposes.
  • Ways in which SS7 could exploit began coming to light in 2008 when German researcher Tobias Engel demonstrated.
  • Related research appears to have surged after 2013 when former National Security Agency contractor
  • Edward Snowden leaked information showing that the intelligence agency was using SS7 to help spy on targets.

SOME USEFUL LAWS IN INDIA AGAINST HACKERS 

More specifically, Does the Indian law protect us like the law in developed nations does?

What action can we take against data theft?

It is reassuring to know that our law actually does protect us.
The Information Technology Act contains two sections relevant to us.
We have decided to extract the sections here because it is important that we all know what the law says:

Section 43 of the Information Technology Act: Penalty for damage to the computer, computer system, etc.-
  • If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network- accesses,
  • Secures access to such computer, computer system or computer network downloads, copies or extracts any data,
  • Computer database information from such computer, computer system or computer network including information
  • Data held or stored in any removable storage medium.
Damages or causes to  damaged any computer, computer system or computer network, data,
Computer database or any other programmes residing in such computer, computer system or computer network;
Denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means;
Provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder

1 comment: