In this hypothetical case study, you should use the Internet to assist you in developing responses to three questions. Use of the text only is not sufficient to attract full marks.
SafeBank recently received a series of reports from customers concerning security breaches in online banking. Customers reported having money transferred from their accounts, usually after they have found that their password has changed. A full security audit revealed that the money transfers and changes to user passwords all originated from an Eastern European country on servers within the domain of crazyhackers.com – however – the question remained: how did the hackers undertake the attack?
Given that legitimate account numbers and passwords were used, it was initially assumed that it could be some form of phishing attack. However, no evidence of such emails was found. The only commonality between the victims was that they all used the same ISP.
You are required to answer the following questions. Please reference all sources – do not copy directly from sources.
Based on the information provided, what type of attack has been performed? Justify your answer.
Hint: In order to capture account numbers and passwords, how would a hacker “redirect” users to their servers instead of SafeBank’s?
Describe in detail how the attack occurred – you may wish to include one or more diagrams. You will need to make assumptions about host names, domains and IP addresses – document these. You need not concern yourself with the technical details of the capture and reuse of SafeBank’s customer details (eg. Fake web sites/malware) – you are documenting how it was possible from a network perspective.
What steps would you advise to prevent such attacks? What limitations does this form of attack have?
Hint: Would this attack only have to be performed once?