A Security Researcher Gets Offered The Big Score
For some illegal work, a security researcher could have made big bucks breaking into the SWIFT network for a hacker gang.
The stakes can get pretty high in the hacker economy.
A few years ago, a security researcher living overseas was contacted by a man with an intriguing offer: The researcher would get 2.2 million euros (more than $2.8 million) for each financial services firm he helped the man and his group of cybercriminals infiltrate. All the researcher had to do was provide the group with Windows Terminal Services access with administrative privileges for each bank, which the thieves would then penetrate via the Swift network. Swift, the Society for Worldwide Interbank Financial Telecommunication, manages a network owned by about 8,000 banks in 206 countries and territories to facilitate electronic transfers.
The thieves seemed to have deep knowledge of the Swift system and how it could be manipulated. After pilfering funds from a number of banks, the thieves planned to create a shell game that would transfer the money from one financial institution to another until they could shake the trail of anyone investigating the theft and access the money. Cracking into the Swift systems was made easier, the researcher claims, by the presence of a critical Microsoft bug that at the time left vulnerable Internet Information Services servers running Secure Sockets Layer transactions.
He was reassured that the chances of getting caught were minimal. He hadn't met his contact in person, having only communicated with him over encrypted Skype phone calls and instant messages. And the amount of money to be stolen was carefully calculated so that it be would be lower than the initial bank's loss threshold, meaning the bank would rather write it off than investigate it.
"I played with this thought for a couple of days and became paranoid thinking about what I would have to do," the researcher says. Having worked with law enforcement, he realized it would mean putting himself and his family at risk, not just from prosecution but also from the criminal element to which he'd be selling his services. "When you talk about these types of amounts and interacting with certain types of people, you're playing the big-league game," he says.
The researcher took a pass. The payoff might have changed his life, but not necessarily for the better.
Photograph by Stan Watts
Return to the story:
How Does The Hacker Economy Work?
About the Author
You May Also Like