Blog article
See all stories »

Security, DoS attacks and magic tricks

It’s pretty frightening when I hear my colleagues who specialise in security services describe the kind of things that hackers get up to – maybe because I think that I’m pretty clever (38 years in IT, etc) but then something simple catches me out.

For example, on the Eurostar back from Paris last week an email popped up in my Blackberry from Visa, telling me that my card security had been breached and I should contact them immediately.  I remembered using my card in a ticket machine on the metro, so I very quickly clicked on the link to get things sorted out fast and saw that they wanted confirmation of my details.  ALL of my details.  In a moment of panic, the bad guys had almost had me.  Obviously the email wasn’t really from Visa – but it was a close call!

One of the tricks that hackers are using on banks now is hitting them with denial-of-service (DoS) attacks not just to jam up their systems but to distract the banks’ security staff from their real target.  They keep hitting multiple domains that a bank is running with DOS attacks so that more and more of a bank’s internal security team get dragged into fighting back. Meanwhile, the hackers breach another of the bank’s domain names and use that opening to defraud the bank and its clients while everyone in the bank is looking the other way.  Like the best magic tricks, they get you to look at one hand that is very busy while it’s really the other hand that’s doing the tricky stuff.

The hackers have caught on to some of the personnel problems that banks are facing today, as – in a do-it-yourself world - downsizing staff and IT budgets can mean downsizing security too.


Comments: (0)