Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Banks Blackmailed by Crackers

Posted by Roblimo on from the pay-up-now-or-pay-up-later dept.

Palin Majere writes "This story from USAToday reports on how banks in the UK are finding it cheaper (and easier) to pay off cracker groups rather than try and defend themselves properly."

2 of 98 comments (clear)

  1. Been happening for a long time by Anonymous Coward · · Score: 5
    As someone who's been involved with various information warfare efforts over the years (hence the AC posting) this has been a well known fact for at least the last 10 years that I know of.

    The methods of blackmail are very simple as most of the systems run over standard high bandwidth lines. It's a simple enough problem to get into these systems by going through the exchange points rather than walking through the front door of a bank (just like breaking into most company networks is actually much easier to break the PABX system and then jump across into the data stream that contains the network link rather than trying to attack the firewall directly).

    Most of the time, the banks don't even bother with varifying the cracker's claims. They just pay up the cash and be done with it. You'd be surprised as just how lax most banks are with thier internal security. Oh, this system is inside the network so we don't even have to worry about encrypting the comms between our two mainframes even though their located at two different sites 50Km apart.

    Another interesting whole to watch out for in the future will be the increasing use of direct fibre channel connections. Some of the setups that I've seen put the mainframe connection in one site and the drives and backdrives in two separate sites. The drives are hooked up using fibre channel as though they were local hard drives to the machine. If you know what you're doing, getting inside one of these links can be quite easy.

    Despite repeated demonstrations of how easy some of these systems are to break, the banks just don't seem to be interested in trying to make it more secure. They don't want to spend the extra money because it eats into the profit margin. Security through obscurity seems to be their favourite mantra. Fscking idiots!

  2. It's Ungoed-Thomas by rafial · · Score: 5

    As I suspected when I saw the reference to the Sunday Times, the original article that was cited in USA today was authored by Jon Ungoes-Thomas. Readers of ntk.net will be familiar with Ungoed-Thomas as a journalist who is long on unsubstantiated sensation, and very short on fact checking, and who is building a career out of predicting the collapse of civilization as a result of the Internet.

    I'd take this particular article with a few large and tasty grains of salt.