SSL flaws exploited at Swedish banks - Reuters
27 August 2002 | 5419 views | 0
A computer expert claims to have used recently-publicised flaws in Secure Sockets Layer technology to break into the computer systems of three large Swedish banks.
The Swedish hacking expert demonstrated to Reuters how to exploit weaknesses in SSL to crack the security systems at three of Sweden's big four banks in quick succession. He then concealed his tracks, says Reuters, making detection difficult afterward.
The consultant relied on a variation of a weakness in Microsoft's implementation of Secure Socket Layer (SSL), an industry standard for transmitting credit card numbers and account passwords via the Web.
The security gaps, which allow an attacker to bypass digital certification barriers, were first publicised by a San Francisco security consultant and privacy advocate two weeks ago.
The Swedish hacker says the failures in the bank's systems arose from poor implementation of SSL technology.
According to computer experts, many of the world's major financial institutions are similarly vulnerable because they rely on software using the industry-accepted SSL protocol.
Microsoft in Sweden denied that SSL could be breached in the way shown to Reuters, although the company has admitted that there are problems with the technology. All four major Swedish banks said they were not aware of any break-ins into their systems.