22 May 2017

NEW THREAT TO ONLINE BANKING: HACKERS EXPLOITING SS7 PROTOCOL SECURITY FLAW TO STEAL MONEY FROM BANK ACCOUNTS


Jahanzaib Hassan has an article by the title above on the cyber security website, HackRead.com. Mr. Hassan writes that customers who had mobile banking accounts with Telefonica Bank in Germany, recently had their accounts raided by hackers. Mr. Hassan notes that the cyber thieves “exploited a vulnerability that has long persisted in the global mobile signaling system.”

What Was Stolen?

According to the German newspaper, Suddeutsche Zeitung, – O-2 Telefonica, “hackers stole funds [amount not specified] from some of its clients’ bank accounts, by redirecting incoming SMS messages to themselves, that were meant to be received by certain mobile numbers.” The bank told Mr. Hassan/HackRead that “a foreign network was responsible for committing the act;” although they acknowledged they weren’t sure who the ‘foreign network was,’ or at least Telefonica wasn’t saying so publicly. 

The SS7 Protocol

“Created in the early 1970s, the SS7 Protocol, otherwise known as the Signaling System 7, is the primary medium through which networks all across the world can interoperate,” Mr. Hassan wrote. “Last year,” he noted, “that hackers exploited the SS7 flaw to hack [a] FaceBook account by simply knowing the victim’s phone number.” The hackers gained access to a network’s operating system — either through hacking, or a trusted insider. Once inside the bank’s enterprise network, the cyber thieves easily maneuvered to “reach the network’s back-end system,” and ultimately access to customer’s bank accounts.

This particular flaw/vulnerability is not new; and, has been known about since at least 2014, when it was publicly displayed at the Chaos Communication Congress, an annual gathering of white hat hackers, and sponsored by the Germany-based, Computer Chaos Club. But, Mr. Hassan writes that despite being warned about this vulnerability, “no network company took the issue seriously.” Mr. Hassan writes that “one reason no network company has taken the issue seriously [enough] is [perhaps] the telecommunications industry is not ready to believe that hackers can use the SS7 Protocol to gain access to their back-end systems.” He adds “this is quite ironic, because according to [cyber] security expert[s], people can buy access for as little as 1,000 Euros [well under $1,000].”

Online Bank Robbers A Growing Threat

Willie Sutton, one of the most famous, and infamous bank robbers in American history said when asked during questioning why he kept robbing banks, he famously remarked: “Because that’s where the money is.” So, it is no surprise that cyber thieves have been increasingly targeting online banking, especially the mobile piece, as well as the Swift, the cross-border messaging system owned and used by 9,000 member financial institutions, including the U.S. Federal Reserve, which processes in excess of $6 trillion in transactions daily.

As the May 6, 2016 edition of the Financial Times noted, “hackers’ have forced their way into member banks’ systems; and, covertly gathered Swift passwords and other authenticating protocols. They then used this access to transfer large sums from the victim banks’ foreign accounts, via the network to [financial] institutions in third countries. Once successfully transferred, the money is then either withdrawn, or made to disappear,:” the publication noted.

“The most startling case,” involving a breach of the Swift system, the Financial Times noted, “involved the Bank of Bangladesh, [who’s money were being held at the U.S. Federal Reserve Bank of New York], where in February 2016, hackers made off with more than $80M. Swift has logged a number of other incidents — believed to be up to 10 [at the time] — all involving similar breaches. Intruders used access codes and malware that tampered with the bank’s own [security] systems, to sweep [delete or disguise] their digital traces.”

“What was particularly concerning,” the Financial Times reported in the May 16, 2016 article, “is the ease with which hackers were able to get their hands on what is effectively a bank’s own check book. They did not after all, need to break into Swift’s own systems to purloin money. All they had to do was take control of one of the terminals giving access to Swift’s networks. To penetrate the system then, is just a case of finding its weakest cyber link.” The Bangladesh heist has since been tied to North Korea — which ironically, is banned from using Swift’s system.

The bottom line to all of this of course is that there are no sure fire things when it comes to doing anything online — except that if there is a weakness, the cyber thieves and malcontents will eventually find it — and, exploit it. Online banking is terribly convenient and something that most of us would be loathe to give up. But, we must adhere to best cyber hygiene practices, use our own device/s when conducting such a transaction, do not use public wifi to conduct such a transaction, use strong password protection, two-step authentication, and employ strong encryption where and if available. There is still on ironclad guarantee that you won’t become a victim of a cyber heist of your bank account funds; but, not utilizing best cyber hygiene practices is the equivalent to leaving your keys in your car with the window down. Make it cumbersome on the cyber thief and they will more than likely look elsewhere for a softer, more vulnerable victim. But, never, ever assume, that your network cannot be breached. V/R, RCP

No comments: