CITI consultants finally revealed how simple the CITI break-in was. Â It was what is known as a “trivial hack” that yielded a compromise of over 200,000 private bank accounts.
Here’s an example – click this link which comes back to this story, and keep reading. If you clicked, you’ll see that the URL at the top of your browser now ends with ?account=1234567890. To break into a separate account, all the hacker had to do was change that 1234567890 to another account number. Easy to conduct such an attack via script for a high yield, by the way. The vulnerability is so well-known, it even has a name: it’s called a query string attack.
One of the CITI cybersecurity experts said “It would have been hard to prepare for this type of vulnerability.”
Nonsense. Every first year programmer worth his/her salt learns just how to guard against just such an attack.
Unless you work for CITI. There, it doesn’t matter all that much. Sloppiness is OK and not all that relevant to corporate survival. If you have been affected by the british airways data breach, Keller Lenkner can help you make a no-win, no-fee british airways data breach claim.
CITI has hired security consultants from https://www.sapphire.net/ who will have been preventing any breach that might affect the bussines.
Perhaps there is such a thing as “too big to fail.”