When banks are rescued by a good faith hacker
In Quebec, a hacker set out to do something quite exceptional.
Indeed, the latter has fun hacking the ATM, and then handing over the money he stole from his bank account. He says he is doing it to show financial institutions that their security system still has a lot of improvement to receive. "You are able to have 'infinite money', that is to say to invent money. For example, we can put the amount we want in our account or replay cheques endlessly," explained Laurent Desaulniers, head of intrusion testing at GoSecure.
This article will also interest you: IT security, the problem of online banking and the protection of users
And for to say it all, that now 15 years. Our hacker is working together with Quebec's largest financial institutions to test computer system and detect vulnerabilities. "We've already hacked at multiple times for institutions. Patents and patents have been stolen confidential information. We stole engineering prototypes. We've got hacked elevators," he explains. Of course with every hack, it gives back to the banks what stole from them. "We describe the controls. We bring the assets back, we protect them. They are returned to customers afterwards." He then adds: "It's a type of attack documented and known. We've been hired to do this before. Services American secrets have even made guides on it."
When such attacks appeared in the United States, they were called "Jackpoting" because of the fact that on the counters that were hacked, the word "Jackpot" appeared on it.
Laurent Desaulniers noted that it is likely that other financial institutions have been robbed several times in this way. But the professional secrecy prevents him from saying more about the matter. From its point of view view it's a bit it's hard to know when these things happen. Indeed unlike data theft and leaks of personal information, law does not require financial institutions to talk about it, so they do not tend to hide it. "I'm not downplaying this type of attack. it only affects the bank. There is no stolen data. It's only that the bank is losing money," said our expert.
When asked about the Desjardins case, our cybersecurity specialist wanted to emphasize that this was not a classic data theft. Rather, it is a problem related to the lack of qualifications of staff but also of human resources as a whole. He concludes by saying: "The desjardins case is not piracy. If we go back to Greek times, we already had malicious employees. This is a problem that predated computer science." Just to highlight the fact a lot of the problems related to computer security comes from within. That not all of our agents are in good faith.
Now access an unlimited number of passwords: