21 October 2014

Chris Pickles

Chris Pickles - Consultant

92 | posts 203,182 | views 15 | comments

Security, DoS attacks and magic tricks

21 January 2013  |  3947 views  |  0

It’s pretty frightening when I hear my colleagues who specialise in security services describe the kind of things that hackers get up to – maybe because I think that I’m pretty clever (38 years in IT, etc) but then something simple catches me out.

For example, on the Eurostar back from Paris last week an email popped up in my Blackberry from Visa, telling me that my card security had been breached and I should contact them immediately.  I remembered using my card in a ticket machine on the metro, so I very quickly clicked on the link to get things sorted out fast and saw that they wanted confirmation of my details.  ALL of my details.  In a moment of panic, the bad guys had almost had me.  Obviously the email wasn’t really from Visa – but it was a close call!

One of the tricks that hackers are using on banks now is hitting them with denial-of-service (DoS) attacks not just to jam up their systems but to distract the banks’ security staff from their real target.  They keep hitting multiple domains that a bank is running with DOS attacks so that more and more of a bank’s internal security team get dragged into fighting back. Meanwhile, the hackers breach another of the bank’s domain names and use that opening to defraud the bank and its clients while everyone in the bank is looking the other way.  Like the best magic tricks, they get you to look at one hand that is very busy while it’s really the other hand that’s doing the tricky stuff.

The hackers have caught on to some of the personnel problems that banks are facing today, as – in a do-it-yourself world - downsizing staff and IT budgets can mean downsizing security too.

TagsMobile & onlinePayments

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Chris

E-Identification is the next major crossroads

11 June 2014  |  1005 views  |  0  |  Recommends 0 TagsSecurityRisk & regulation

Customering - not Banking

10 June 2014  |  1215 views  |  1  |  Recommends 1 TagsMobile & onlineRetail banking

ESMA announces consultations on MiFID II reforms

22 May 2014  |  2467 views  |  0  |  Recommends 1 TagsTrade executionRisk & regulation

Boosting savings - how technology can help

22 May 2014  |  1675 views  |  0  |  Recommends 0 TagsMobile & onlineRetail banking

AIFMD deadline looms in July

20 May 2014  |  1535 views  |  0  |  Recommends 1 TagsRisk & regulationPost-trade & ops
name

Chris Pickles

job title

Consultant

company name

Consultant

member since

2009

location

England

Summary profile See full profile »
I help organisations that work in the financial sector around the world to understand better how ...

Chris's expertise

What Chris reads
Chris writes about

Who is commenting on Chris's posts

Tony Wenzel