Issues: The security of electronic banking, legacy of the c0w
by Thejian - for Help Net Security
Last week, 03-09-00 to be exact, a Dutch television show exposed the Dutch banking organisation ABN AMRO's HomeNet program as being insecure. Computer science students had found a way to trick this electronic banking system into redirecting a user's bank transfers to a different account. As could have been expected, press and consumer organisations fell en masse for the possibilities the idea of "hackers" snooping around in your bank account presented.

The ideas of banks and their vulnerability to attacks always tends to cause a stir like this. Some incidents might even cause a cyberwar :P But how big of a problem is the security factor in electronic banking?

E-commerce has been on the rise for quite a while now (and has been claimed to be on the rise even longer), of course with this developement, banks can't stay behind. Because of this many of them have initiated electronic banking projects like HomeNet. The general idea behind these systems involves a client-server system, in which the user first specifies the transaction information before either calling the banks system or access the Internet to transfer this information to the bank to have it processed.

Obiously, the possibility of anyone tampering with this information is definately something a bank would like to stay clear of. Trust is a major issue in the banking world and even the slightest mention of doubt about the integrity of banks in general and electronic banking in particular could have desastrous effects on customers' confidence.

However, the reality of computers and their interconnection with other computers is that perfect security is quite an impossible feat. Unfortunately this also applies to banks. In a recent MSNBC story, former Hacker News Network editor and L0pht member Space Rogue is quoted about the results of security audits performed on banks by this group as "The audits we have performed tell us [banks] are not invulnerable" and "Banks have a little more security in place, but that security is still not at a level where itíis unbreakable."

Similar statements by him and other renowned security experts around the world of course don't do much good to reputation of banks and the services they provide. But wether this is completely fair.. Banks, like every other institution trying to tag online in what so nicely is referred to as "the Internet-revolution" have to cope with several problems. One of these (and probably the biggest issue in security nowadays) is, as in the ABN AMRO example, the dependability on other's standards and code. Wether you like it or not, when it comes to home-use, the Microsoft Windows operating system is the standard for computers. Obviously this won't result in ABN AMRO having their program ported to NetBSD for security purposes. For those familiar with Windows' track record in server-intrusions, the problem is pretty clear. Often heard expressions amongst home-users are "Why would someone be interested in hacking my system?" and "I have nothing of interest for hackers on my machine, so I don't have to worry about security". Statements like these have "Melissa" and "I love you" written all over them.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th