Question about banks and hackers

L

Leolo

Beta member
Messages
3
Location
Canada
Hello,

New to the forum, not sure if this the right place to post.

I was hoping to get some more information on hackers and banks.

There was an article in the Telegraph recently claiming that the major banks are under attack by hackers literally "every second of every day." According to Symantec, these attacks are up 42% from last year. One operation netted a 2.5 billion dollar score.

Every minute of every day, a bank is under cyber attack - Telegraph

Do banks create "air gaps" to separate their own sensitive data from the net?

For example, I read in James Bamford's book on the NSA that they have their own separate internet-style-system called "Interlink."

At the time the book was written it was apparently accessible by 50,000 people from about 100 different locations with security clearance. Mostly the alphabet agencies -- CIA, NSA, FBI etc. They call it top Secret--SCI, standing for "sensitive compartmented information." Judging from the Snowden affair I'm assuming a lot of this stuff is now more widely accessible to so-called "security" and "military" contractors. Do banks have their own "Interlinks" for the really sensitive data?
Finally, would such a system still be accessible to hackers using new wireless methods?

Thanks!
 
Well, every major business and organization has its own intranet that is separated from the internet, although there are usually tightly controlled ways of accessing it from the internet. All the major banking corps certainly have their own corporate intranets - if you are asking if there's a giant private network that all the banks share, then probably not. Independent entities typically communicate with each other over the internet.

Any system can be compromised. Wireless is simply one method of accessing a system and no single method is completely secure. Have you heard of the Stuxnet worm that sabotaged Iran's nuclear program? Those Iranian systems aren't even directly connected to the internet - it was spread through the use of infected USB drives by hapless individuals.
 
Agreed, from a security standpoint you want as few links between your system and the outside world as possible. Having a shared intranet between all banks would be foolish because you would be making the assumption the guy next door is safe. You can't make that assumption, so you make YOUR network as secure as possible. The biggest step in doing this is to make your attack surface as small as possible with as few member servers pointing to the public as possible.

Encryption, good business practices and constant auditing of security infrastructure are the fundamental steps in securing a network.
 
DistraughtSysop said:
Well, every major business and organization has its own intranet that is separated from the internet, although there are usually tightly controlled ways of accessing it from the internet. All the major banking corps certainly have their own corporate intranets - if you are asking if there's a giant private network that all the banks share, then probably not. Independent entities typically communicate with each other over the internet.

Any system can be compromised. Wireless is simply one method of accessing a system and no single method is completely secure. Have you heard of the Stuxnet worm that sabotaged Iran's nuclear program? Those Iranian systems aren't even directly connected to the internet - it was spread through the use of infected USB drives by hapless individuals.
Click to expand...

Thanks for the reply. I have little or no understanding of wireless/hacking. In the case of an intranet system that had NO links to the internet, would it still be possible to hack the system using some sort of wireless method? Or would you have to gain access to the system internally?
 
DistraughtSysop said:
Well, every major business and organization has its own intranet that is separated from the internet, although there are usually tightly controlled ways of accessing it from the internet. All the major banking corps certainly have their own corporate intranets - if you are asking if there's a giant private network that all the banks share, then probably not. Independent entities typically communicate with each other over the internet.

Any system can be compromised. Wireless is simply one method of accessing a system and no single method is completely secure. Have you heard of the Stuxnet worm that sabotaged Iran's nuclear program? Those Iranian systems aren't even directly connected to the internet - it was spread through the use of infected USB drives by hapless individuals.
Click to expand...

Can you elaborate?
 
Leolo said:
Thanks for the reply. I have little or no understanding of wireless/hacking. In the case of an intranet system that had NO links to the internet, would it still be possible to hack the system using some sort of wireless method? Or would you have to gain access to the system internally?
Click to expand...

No problem. I was in the infosec program in school and it's something I'm working towards, so I like talking about it. Now, the thing to remember is that wireless doesn't really have anything to do with the internet in and of itself. It's just a transmission medium, like ethernet cable.

If you want to gain access to a system that is walled off from the internet then you can only do it from within. It's possible to sit across the street with a laptop and try to crack a company's business wifi network, but again - remember that it's a transmission medium. In principle it would be the same thing as walking into the building and connecting your laptop to an ethernet port in the office.

My point is that wireless or not has nothing to do with internal or external access. Whether you are coming in from the inside or the outside depends on which side of the firewall you are coming from, that's all. Wireless is simply one of several ways of establishing the connection and communication through the network.
 
Leolo said:
Can you elaborate?
Click to expand...

In short, Virtual Private Networks, or VPNs. Unencrypted traffic that passes through the open internet can possibly be intercepted by a third party, and that's a security risk that no organization wants to take - however, it's often necessary for employees to telecommute and work remotely while accessing internal resources. A VPN protects these connections by encrypting traffic from one point to the other.
 
As said above for maximum online security it would be smart to have a VPN provider.

I have tried numerous VPN providers and from my experience I can only recommend one, if you want to see the page immediately click here.

The reason I like them so much are as follows:
1. 24/7 live support including e-mail and lice chat and soon to be telephone support
2. 30 day moneyback guarantee no questions asked
3. They are completely transparent about the logs they keep and they keep them for 3 months-every legitimate VPN provider keeps logs! They keep:
· a time stamp when you connect and disconnect to their VPN service;
· the amount data transmitted (upload and download) during your session;
· the IP address used by you to connect to theVPN; and
· the IP address of the individual VPN server used by you.
They do not disclose logs with anyone and they enforce OpenDNS so that your ISP can't see what you are doing online nor can he ban any sites for you !
4. They do not have any usage or bandwidth limitations so you can connect to any of the 500+ servers they have as much as you want

If you have any questions about the services please do ask. :)
 
Last edited by a moderator:
You must log in or register to reply here.

Similar threads

P
I. T. Industry Boom
Replies
0
Views
736
phantom555
P
P
5G has arrived
Replies
1
Views
629
ShayWacky
ShayWacky
D
Who needs SSL security software?
Replies
3
Views
2K
markanderson
markanderson
S
Why Resident Evil went downhill...
Replies
2
Views
1K
Scissorman
S
J
Licensed money lender IT solution
Replies
0
Views
926
jrsml
J
Back
Top Bottom