Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
535 posts

Ultimate Geek
+1 received by user: 109


  Reply # 965818 13-Jan-2014 00:27 Send private message

TimA: I think we can conclude this by saying we all need Norton and CCleaner to get rid of cookies in our PC's. We shall not watch pron or play Java based games or download Linux ISO's.


But the internet was made for pron! Lol
Cookies are fine to have, by themselves they are harmless.
I've given up on being strict about my security, a few passwords and pins and HTTPS are enough for me.

So much work and with all the leaks about the NSA, sounds like all that hassle was for nothing.




Regards
Stefan Andres Charsley

3079 posts

Uber Geek
+1 received by user: 354

Trusted
Subscriber

  Reply # 965819 13-Jan-2014 00:30 Send private message

charsleysa:
TimA: I think we can conclude this by saying we all need Norton and CCleaner to get rid of cookies in our PC's. We shall not watch pron or play Java based games or download Linux ISO's.


But the internet was made for pron! Lol
Cookies are fine to have, by themselves they are harmless.
I've given up on being strict about my security, a few passwords and pins and HTTPS are enough for me.

So much work and with all the leaks about the NSA, sounds like all that hassle was for nothing.


 According to TelstraClear CEO Allan Freeth, the main result of a faster broadband network would be more downloads of pornography and movies, rather than improvements in productivity.





70Mb/s VDSL @ Home
3273 posts

Uber Geek
+1 received by user: 918

Trusted
Subscriber

  Reply # 965821 13-Jan-2014 00:35 Send private message

nakedmolerat:
charsleysa:
TimA: I think we can conclude this by saying we all need Norton and CCleaner to get rid of cookies in our PC's. We shall not watch pron or play Java based games or download Linux ISO's.


But the internet was made for pron! Lol
Cookies are fine to have, by themselves they are harmless.
I've given up on being strict about my security, a few passwords and pins and HTTPS are enough for me.

So much work and with all the leaks about the NSA, sounds like all that hassle was for nothing.


 According to TelstraClear CEO Allan Freeth, the main result of a faster broadband network would be more downloads of pornography and movies, rather than improvements in productivity.






 


BDFL
49990 posts

Uber Geek
+1 received by user: 4644

Administrator
Trusted
Geekzone
Subscriber

  Reply # 965851 13-Jan-2014 07:48 Send private message

charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.


You can can't use a bank account to load a Paypal account in New Zealand. You can only withdrawn to the bank, not from the bank.

The most common scenario I imagine is the one explained a few replies above: someone (Victim B) answers an email with a "work from home" offer. Victim A's login details are stolen via keyloggers, phishing and the thief uses these to transfer money to the Victim B.

An arrangement of this employment is that Victim B will send 90% of the money overseas to the "headquarters" via Western Union. The thief is nowhere to be seen, there are two vicitms (one lost money, the other helped with the operation even without knowing) and hard to get it back.






428 posts

Ultimate Geek
+1 received by user: 66

Trusted
Subscriber

  Reply # 965873 13-Jan-2014 09:31 One person supports this post Send private message

nakedmolerat: Same experience here on Westpac. I always wonder why the heck I need to setup those questions if I actually never been asked/challenged.

ANZ bank on the other hand always send a code to the mobile phone to verify your login (I love this).

Edit: after reading this thread, i quickly change my assword. the last time I changed it was in 2012!



LOL, assword.

869 posts

Ultimate Geek
+1 received by user: 25


  Reply # 965896 13-Jan-2014 09:39 Send private message

Regarding goods iobtained using stolen credit card details, I have a friend in USA whose account details were gained by someone stealing out of post boxes.

They then bought goods online or in a shop giving the same address associated with the cards, BUT asked for delivery to be either very early in the morning or last thing at night. An associate would then park near the address concerned and when the Fedex van turned up would pretend to be "just walking home now", show ID and take the goods.

2509 posts

Uber Geek
+1 received by user: 245

Trusted
Subscriber

  Reply # 965920 13-Jan-2014 09:53 One person supports this post Send private message

charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


1.  You can't transfer money to PayPal from NZ Bank Accounts.  Credit card only.  And even then, adding a bank account to PayPal (which is withdrawal only) still requires several days as they do a test deposit and ask you to verify to them how much they deposited to validate that you own it.

2. Bitcoin is traceable.  It's not anonymous in the slightest.

3. The banks in NZ with actual 2 factor login are the minority.  ASB does not.  TSB does not.  Westpac does not.  ANZ does not.  Kiwibank does not.  BNZ does.  Westpac may (but in my experience, never has) prompt you for your secret question after logging in, but the questions are preset ones that anyone with access to a public library (birth records, electoral roll) or Facebook (your dog's name) will know.

I don't think you researched this at all, did you?

2229 posts

Uber Geek
+1 received by user: 227

Subscriber

  Reply # 965932 13-Jan-2014 10:01 Send private message

Pretty sure Kiwibank does do 2 factor - it asks for Code and password, then asks you to click to fill in pre-answered questions (so keyloggers will not go).

313 posts

Ultimate Geek
+1 received by user: 47


  Reply # 965940 13-Jan-2014 10:15 Send private message

Keylogging is stoneage tech for this stuff. Modern malware installs in the browser and connects back in real time.  This gives a couple of options for bypassing 2FA.

1. Just generate an fake additional 2FA request via faked failed login or re-authentication required message. Then harvest the 2FA token for a session proxied through the victims computer, so the bank sees everything from the same IP.

2. When the victim goes to login, throw up a fake "We're improving our mobile security" page that asks for the users mobile type and phone number.  User is then txt'd a link to an appropriate app that just so happens to require access to their txt messages.


34 posts

Geek
+1 received by user: 7


  Reply # 965951 13-Jan-2014 10:20 Send private message

Kyanar..
" The banks in NZ with actual 2 factor login are the minority. ASB does not. TSB does not. Westpac does not. ANZ does not. "

Gosh, I just checked to make sure my ANZ account still had my pennies in it, as I've been using 2 Factor authentication...

From ANZ website....
" OnlineCode is our 'two-factor authentication' system that gives you an additional layer of protection when you're using Internet Banking.

You'll need OnlineCode – two-factor authentication registration if you're making an online transaction over $10,000 or sending money overseas. You can also use it for all your online transactions, for added peace of mind. Transactions needing OnlineCode – two-factor authentication registration mean you need a special code number – called OnlineCode – that's sent to your mobile phone."

Great, but I'm not sure your "research" is sufficient to criticise the lact of research of others.

862 posts

Ultimate Geek
+1 received by user: 282


  Reply # 965954 13-Jan-2014 10:25 Send private message

Kyanar: I don't think you researched this at all, did you?

Pot, meet Kettle

1295 posts

Uber Geek
+1 received by user: 9


  Reply # 965963 13-Jan-2014 10:35 Send private message

Kyanar:
charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


1.  You can't transfer money to PayPal from NZ Bank Accounts.  Credit card only.  And even then, adding a bank account to PayPal (which is withdrawal only) still requires several days as they do a test deposit and ask you to verify to them how much they deposited to validate that you own it.

2. Bitcoin is traceable.  It's not anonymous in the slightest.

3. The banks in NZ with actual 2 factor login are the minority.  ASB does not.  TSB does not.  Westpac does not.  ANZ does not.  Kiwibank does not.  BNZ does.  Westpac may (but in my experience, never has) prompt you for your secret question after logging in, but the questions are preset ones that anyone with access to a public library (birth records, electoral roll) or Facebook (your dog's name) will know.

I don't think you researched this at all, did you?


Kiwibank does, they ask for some letters from a series of predefined questions.
Pretty sure TSB does as well, they have had those keychain dongles for years but this might only be for business accounts.

Bitcoin is pretty anonymous. Yes it is completely traceable and all transactions are publicly viewable but it is very hard/immpossible to trace a transaction to a person assuming they have taken reasonble precautions. Do you really think sites like Silk Road would be around if the police could trace all those transactions?

68 posts

Master Geek
+1 received by user: 7


  Reply # 965965 13-Jan-2014 10:37 Send private message

I didn't know ANZ uses two-factor, I'll have to go turn that on.

As for BNZ. I find their 2-factor excellent as I only need to use it when sending money to someone else. For all my internal transfers (I love YouMoney) I don't have to bother which is 90% of the time I log in there. Perfect!

347 posts

Ultimate Geek
+1 received by user: 56


  Reply # 966054 13-Jan-2014 11:51 Send private message

As two folks have mentioned above, the classic money-mule sending money offshore via WU is often used. Money mule recruitment ads are one of the most common types of scam.

There is another similar technique used in NZ. People lend their bank account and ATM card to another person on the understanding that they will get it back in a couple of weeks and there will be an extra $200 in the account. That has been written up in the Herald.

As far as getting valuable stuff delivered goes, that is pretty easy. Get it delivered to an address that will be unoccupied during the day. Perhaps that parcel will just be left on the veranda and you can just drop by and pick it up. If not, perhaps you can get the courier's delivery card from the mailbox. Or, recruit a mate who lives in apartment 76 in some block. He needs a window or balcony overlooking the entrance. Have the parcel delivered to number 71 and wait at your mate's place. When you see the delivery man arrive and ring the bell you stick your head out of the window and shout out "Hi, is that for me at 71? I'll be right down." Go down, meet the courier and take the parcel. Explain that the intercom is not working in your flat. Wait for the courier to go and then take the parcel out to your car and off you go. This has been a standard MO in London for over 20 years so I expect that it works worldwide by now.


535 posts

Ultimate Geek
+1 received by user: 109


  Reply # 966134 13-Jan-2014 13:38 Send private message

This debate should iron out all the issues for the people stealing bank details. We're doing their work for them! Lol

On a serious note, my response about the method was based off the top of my head which means I didn't validate every single component of the method.

There probably are a few flaws but they could be ironed out if given some good thought.

I also made the statement that it was most likely someone who knew the victim because the victim seemed (I made the assumption) to be of young age and most likely wouldn't respond to money making spam (again I'm making the assumption that they knew the basics of internet security to stay away from their spam box unless they know what they're doing).

And because of this and the fact that all major (if not all) banks in NZ use 2 factor authentication, I ruled out key logging from malicious software to be a cause of the penetration.

As for plugins / malicious browser software trapping the details directly from the Web Page, that is very hard to do since browsers such as Chrome alert you to the fact that the plugin will access certain Web pages, though it's not impossible.




Regards
Stefan Andres Charsley

1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Government Limos
Created by networkn, last reply by Bung on 31-Oct-2014 12:39 (94 replies)
Pages... 5 6 7


Snap refuses to replace faulty gear
Created by Brendan, last reply by MadEngineer on 28-Oct-2014 19:07 (92 replies)
Pages... 5 6 7


How good is your general Science Knowledge?
Created by Aredwood, last reply by joker97 on 31-Oct-2014 20:31 (28 replies)
Pages... 2


Sky will be 'upgrading software' of My Sky to connect to internet. What does that mean?
Created by Geektastic, last reply by hio77 on 31-Oct-2014 19:14 (23 replies)
Pages... 2


Shutup and take my money (via NFC on my mobile phone)
Created by sxz, last reply by afe66 on 31-Oct-2014 19:19 (22 replies)
Pages... 2


Speed limit when overtaking? Teach me please.
Created by nakedmolerat, last reply by joker97 on 28-Oct-2014 17:13 (123 replies)
Pages... 7 8 9


Uber: a cheaper taxi ride?
Created by kingdragonfly, last reply by livisun on 31-Oct-2014 14:47 (34 replies)
Pages... 2 3


DDos Protection from ISP
Created by charsleysa, last reply by freitasm on 31-Oct-2014 12:11 (46 replies)
Pages... 2 3 4



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.