30 July 2015

Chris Pickles

Chris Pickles - Consultant

96Posts 222,413Views 17Comments

Security, DoS attacks and magic tricks

21 January 2013  |  4113 views  |  0

It’s pretty frightening when I hear my colleagues who specialise in security services describe the kind of things that hackers get up to – maybe because I think that I’m pretty clever (38 years in IT, etc) but then something simple catches me out.

For example, on the Eurostar back from Paris last week an email popped up in my Blackberry from Visa, telling me that my card security had been breached and I should contact them immediately.  I remembered using my card in a ticket machine on the metro, so I very quickly clicked on the link to get things sorted out fast and saw that they wanted confirmation of my details.  ALL of my details.  In a moment of panic, the bad guys had almost had me.  Obviously the email wasn’t really from Visa – but it was a close call!

One of the tricks that hackers are using on banks now is hitting them with denial-of-service (DoS) attacks not just to jam up their systems but to distract the banks’ security staff from their real target.  They keep hitting multiple domains that a bank is running with DOS attacks so that more and more of a bank’s internal security team get dragged into fighting back. Meanwhile, the hackers breach another of the bank’s domain names and use that opening to defraud the bank and its clients while everyone in the bank is looking the other way.  Like the best magic tricks, they get you to look at one hand that is very busy while it’s really the other hand that’s doing the tricky stuff.

The hackers have caught on to some of the personnel problems that banks are facing today, as – in a do-it-yourself world - downsizing staff and IT budgets can mean downsizing security too.

TagsMobile & onlinePayments

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Chris

Blockchain and Financial Markets

08 July 2015  |  1666 views  |  0  |  Recommends 0 TagsPost-trade & opsInnovation

Can you trust Corporate Actions notifications?

05 June 2015  |  159 views  |  0  |  Recommends 0 TagsSecurityPost-trade & ops

Can you trust Corporate Actions notifications?

05 June 2015  |  3502 views  |  1  |  Recommends 0 TagsSecurityPost-trade & ops

US Financial Transparency Act 2015 - a direction to follow?

21 May 2015  |  4216 views  |  0  |  Recommends 0 TagsRisk & regulationPost-trade & ops

E-Identification is the next major crossroads

11 June 2014  |  1323 views  |  0  |  Recommends 0 TagsSecurityRisk & regulation

Chris's profile

job title Consultant
location England
member since 2009
Summary profile See full profile »
I help organisations that work in the financial sector around the world to understand better how the sector works, how regulations impact the business operations of financial institutions, and how to...

Chris's expertise

What Chris reads
Chris writes about

Who's commenting on Chris's posts

Andrew Chilcott