top | item 5043836

(no title)

You don't hear of any high-profile bank disclosures, which I imagine is probably because they have security teams that keep up with everything religiously. Most old brick banks have internal systems architected in ways that a younger intruder in the Anonymous mold wouldn't know anything about, as well; you're starting to get into big iron Cobol land.

That said, I don't think it's an impossible task (is anything?), and I'm sure some day there will be a large disclosure through some means, internally-assisted or otherwise.

discuss

jballanc|13 years ago

Nothing is impossible, but remotely hacking a bank is pretty damn close. A number of years ago, a friend worked for a large multi-national bank. He once described to me some of the key components of the security system. While the details are hazy (such as I understood them at the time), I do remember that one of the key points was that one of the "very important" servers that handled transactions between outside entities (i.e. other banks) and internal systems was double-firewalled. That is, you couldn't initiate connections from the internet or the intranet. The server would only make connections to hosts of its own choosing, on its own schedule.

Modifying or updating anything on the server required physical access.

That server was located in a secure vault.

makomk|13 years ago

There was actually a high-profile incident not too long ago with one of the big banks' online banking system. Users could view other people's account information just by incrementing an integer in the URL as I recall. It's not necessarily so much that banks are secure, but hacking them is much riskier than hacking Bitcoin sites, especially for white-hats.

tedunangst|13 years ago

Are you thinking of Heroku? Heroku isn't a bank.