26 September 2016
Chris Pickles

Chris Pickles

Chris Pickles - Picklesnet Ltd

109Posts 274,744Views 18Comments

Security, DoS attacks and magic tricks

21 January 2013  |  4344 views  |  0

It’s pretty frightening when I hear my colleagues who specialise in security services describe the kind of things that hackers get up to – maybe because I think that I’m pretty clever (38 years in IT, etc) but then something simple catches me out.

For example, on the Eurostar back from Paris last week an email popped up in my Blackberry from Visa, telling me that my card security had been breached and I should contact them immediately.  I remembered using my card in a ticket machine on the metro, so I very quickly clicked on the link to get things sorted out fast and saw that they wanted confirmation of my details.  ALL of my details.  In a moment of panic, the bad guys had almost had me.  Obviously the email wasn’t really from Visa – but it was a close call!

One of the tricks that hackers are using on banks now is hitting them with denial-of-service (DoS) attacks not just to jam up their systems but to distract the banks’ security staff from their real target.  They keep hitting multiple domains that a bank is running with DOS attacks so that more and more of a bank’s internal security team get dragged into fighting back. Meanwhile, the hackers breach another of the bank’s domain names and use that opening to defraud the bank and its clients while everyone in the bank is looking the other way.  Like the best magic tricks, they get you to look at one hand that is very busy while it’s really the other hand that’s doing the tricky stuff.

The hackers have caught on to some of the personnel problems that banks are facing today, as – in a do-it-yourself world - downsizing staff and IT budgets can mean downsizing security too.

TagsMobile & onlinePayments

Comments: (0)

Comment on this story (membership required)

Latest posts from Chris

Will the UK lose its right to issue ISINs?

15 March 2016  |  4748 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationPost-trade & opsBrexit

Using instrument identifiers to reduce latency

27 January 2016  |  3089 views  |  0 comments | recomends Recommends 0 TagsTrade executionPost-trade & ops

Mobile Payments and LSD

21 January 2016  |  2416 views  |  1 comments | recomends Recommends 0 TagsMobile & onlinePayments

MiFIR: How ISINs Work: 7

17 December 2015  |  3809 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationPost-trade & ops

MiFIR: How ISINs Work: 6

14 December 2015  |  2519 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationPost-trade & ops

Chris's profile

job title Consultant
location Waterlooville
member since 2009
Summary profile See full profile »
I help organisations that work in the financial sector around the world to understand better how the sector works, how regulations impact the business operations of financial institutions, and how to...

Chris's expertise

What Chris reads
Chris writes about

Who's commenting on Chris's posts

Bruno  Schütterle
Ketharaman Swaminathan
Andrew Muir
Roger Storm
John Lathouwers