cryptogon.com

news – analysis – conspiracies

• Home
• About
• Archives
• Contact
• Support Cryptogon
• Story Suggestions

Bank Scam ‘Operation High Roller’ Incorporates Attack for Two-Factor Authentication

June 27th, 2012

Via: SC Magazine:

Many banks utilise a two-factor authentication (2FA) system that combines something you know with something you have. Solutions banks use range from clumsy card reader devices to SMS/text messaging, each with their own merits and pitfalls. These systems aim to prove that you are who you say you are, and not to prove that you are doing what you mean to do.

With the High Roller attack, the bad guy gets around 2FA systems by getting the user to enter the valid 2FA information/one-time password (OTP) into their browser. The malware is then able to give this information to the fraudster to use in an attack either directly from the user’s machine, or from a remote server – all while showing the user a fake page. Once the fraudster has a valid and unused OTP they can then use it to process their own fraudulent transaction as if they were the legitimate user.

Sign in | Register

The New Zealand Copyright Act 1994 specifies certain circumstances where all or a substantial part of a copyright work may be used without the copyright owner's permission. A "fair dealing" with copyright material does not infringe copyright if it is for the following purposes: research or private study; criticism or review; or reporting current events. If you are a legal copyright holder, or a designated agent for such, and you believe a post on this website falls outside the boundaries of "fair dealing," and legitimately infringes on your or your client's copyright, please contact Kevin Flaherty. Cryptogon contains both original material and material from external sources. Original material: Copyright Kevin Flaherty. Material from external sources: Copyright the respective owners / authors.

Design by Andreas Viklund | Ported by Matteo Turchetto