It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
They simply logged on to the part of the group's site reserved for credit card customers - and substituted their account numbers which appeared in the browser's address bar with other numbers.
One expert, who is part of the investigation and wants to remain anonymous because the inquiry is at an early stage, told The New York Times he wondered how the hackers could have known to breach security by focusing on the vulnerability in the browser.
Originally posted by CommunistCapitalist
Creepy, already this is scary. To think that such a simple hacking skill was used to do this is sad. I figured some form of complex code breaking, firewall trojan horse was used. But simple coding? Wow.
Security is getting worse, you are right. I will never trust these accounts now.
Originally posted by wheresthetruth
The stupidity of this security fail by CitiBank reminds of the two guys that hacked a bunch of Cisco switches at various telcom companies and ran a business netting over a million dollars. They bought GO style phones, used the hacked routers to set up service plans and sold them to people.
How? The network admins forgot to change the Cisco default login & password before deploying the routers.
This is what is known as an extreme I-D-10-T error on their part.
How could CitiBank's cyber security not catch this? The account numbers in the URL? Really? Not encoded or encrypted, just openly and plainly right there. Even Google encrypts your email account information in the URL.
I just logged into my online bank account to see if my bank does this. Whew! Thankfully, two brain cells were rubbed together that sparked an actual thought and they do not do this.
Originally posted by davespanners
They simply logged on to the part of the group's site reserved for credit card customers - and substituted their account numbers which appeared in the browser's address bar with other numbers.