Most people learning hacking always have a keen interest in knowing that how they can hack bank accounts of other people. But most of them find it pity much difficult such that now they have made a perception that bank account information like credit cards or debit cards or net banking passwords cannot be hacked. Its truth to an extent that hacking Banking account information and credit or debit cards passwords is most difficult and almost impossible part. Today i will discuss with you why hacking bank account information is tough and always considered as impossible task. We will also discuss the different methods that hackers use to hack bank account information nowadays.
I am quite sure that almost everybody using internet nowadays uses that internet to pay online bills, book reservation tickets, purchase online things or simply transfer money i.e. involved in at least some kind of online transaction that is related to money i.e. banking information, credit or debit card payments or simply Net banking. Most of banks uses SSL(Secured Sockets Layer) connection (to read more click here )and at least 128 or 256 bit encryption for online banking and transaction purposes. Also now an extra layer of security is introduced that is called transaction PIN layer means for each and every online transaction you have to enter your passwords and during transaction you have to enter PIN (a type of password that varies 4 to 8 chars in length). Thus bank do alot of work to protect your secret information and credentials from the eyes of the world that may wish to gain access to your such a vital information.
Below example will illustrate you how powerful the encryption method is:
40 bit encryption, means there are 2^40 possible keys that could fit into the lock that holds your account information. That means there are many billions of possible keys that means brute forcing such thing is imposable. Only thing now left is dictionary and rainbow attack. But its not only the security measure that banks used to secure there information. Also its only 40 bit encryption.
128 bit encryption means there are 2^88 times as many as key combinations that are being possible for 40 bit encryption.That means a computer would require exponentially more processing power and time than for 40-bit encryption to find the correct key.
That's a very powerful method of encrypting data sent from your machine to bank machine. But unfortunately it's all is useless to you once your system has been compromised or hacked.
Now How these all security Encryption can be bypassed and your system can be compromised online. There are several methods for exploiting and bypassing such account information. Note : This is for educational purposes only( For more details read Disclosure).
Some of them are:
1. Phishing : We have discussed phishing on this website alot of times in tutorials like how to hack Gmail accounts password or hacking Facebook accounts and others too. But for new Guys I explain what is Phishing. Phishing is a technique to hack password and login details of a particular website using Phish pages. Now what are Phish pages? Phish Pages are simply the fake pages that looks the original webpage. The only difference between phish page and original page is the Address bar link (for normal user) and redirection post and get method( inside source for advanced users). How to identify a fake link? Just check the address bar URL for a fake page or Phish page it will be showing different URL than the original URL. Also if you want that everything is done automatically then install a Web security tool bar in your browser (AVG and Crawler web security tool bars are good choices) as it detects the phishing automatically and do not allows you to visit Phishing Pages.
2. Trojans: Trojans are type to viruses that steals your information. It can be in many forms like Keyloggers or RAT's( remote administration tools). What a keylogger do is that it monitors all the keys that you have pressed from your physical keyboard and stores them in form of a log and send these details to hackers. RAT's are advanced form of Keyloggers that remotely monitors all your activities where keylogger is simply a functionality. Using RAT hacker can connect to your system anonymously i.e. without your information when you are online. RAT's have a huge list of functionality and these are best type of hacking tools available in the market. Now How you will protect yourself from Keyloggers? Just keep your antivirus updated and install Keyscramber that encrypts your keystrokes. Now why i haven't mentioned RAT there is because once the RAT enters your system you cannot do anything other than formatting your system. So RAT's attack only can be prevented before they enters in your system. For preventing from RAT's Please do not download any software or cracks or keygens online. Also avoid downloading freewares from new websites use certified websites only like CNET, filehippo etc.. Also please avoid testing fake hack tools (recommended for hackers) because most hacking tools have keylogger and RAT's attached to them. Test it under secured conditions like on Virtual Users. Means install virtual operating system user Virtual PC or Virtual Box and then test them there.
3. Hijacking: Most of us uses Wireless Networks to access the internet and data flow in form of packets and channels. And we know that Wireless are easier to hack as they have very weak encryption. So Hackers hack the wireless networks and using ******* Hijacking they take control of the internet data transfer and redirects the user from original path to their path. Means suppose you are visiting Google or Gmail or Facebook, then hacker when get access then he can redirect you to any of the page and capture you account details. Packet sniffing is another way to hack the account information and credentials using the wireless networks where Hackers captures packets and decrypt these encrypted information to get the information in form of plain text. Now how you will prevent this? Its also pity simple to prevent this, you need to hide you SSID and BSSID from being discovered by the other networks. Just leave the SSID or BSSID empty for that. Now hacker will not be able to discover your wireless router so he will not been able to hack it.
I am quite sure that almost everybody using internet nowadays uses that internet to pay online bills, book reservation tickets, purchase online things or simply transfer money i.e. involved in at least some kind of online transaction that is related to money i.e. banking information, credit or debit card payments or simply Net banking. Most of banks uses SSL(Secured Sockets Layer) connection (to read more click here )and at least 128 or 256 bit encryption for online banking and transaction purposes. Also now an extra layer of security is introduced that is called transaction PIN layer means for each and every online transaction you have to enter your passwords and during transaction you have to enter PIN (a type of password that varies 4 to 8 chars in length). Thus bank do alot of work to protect your secret information and credentials from the eyes of the world that may wish to gain access to your such a vital information.
Below example will illustrate you how powerful the encryption method is:
40 bit encryption, means there are 2^40 possible keys that could fit into the lock that holds your account information. That means there are many billions of possible keys that means brute forcing such thing is imposable. Only thing now left is dictionary and rainbow attack. But its not only the security measure that banks used to secure there information. Also its only 40 bit encryption.
128 bit encryption means there are 2^88 times as many as key combinations that are being possible for 40 bit encryption.That means a computer would require exponentially more processing power and time than for 40-bit encryption to find the correct key.
That's a very powerful method of encrypting data sent from your machine to bank machine. But unfortunately it's all is useless to you once your system has been compromised or hacked.
Now How these all security Encryption can be bypassed and your system can be compromised online. There are several methods for exploiting and bypassing such account information. Note : This is for educational purposes only( For more details read Disclosure).
Some of them are:
1. Phishing : We have discussed phishing on this website alot of times in tutorials like how to hack Gmail accounts password or hacking Facebook accounts and others too. But for new Guys I explain what is Phishing. Phishing is a technique to hack password and login details of a particular website using Phish pages. Now what are Phish pages? Phish Pages are simply the fake pages that looks the original webpage. The only difference between phish page and original page is the Address bar link (for normal user) and redirection post and get method( inside source for advanced users). How to identify a fake link? Just check the address bar URL for a fake page or Phish page it will be showing different URL than the original URL. Also if you want that everything is done automatically then install a Web security tool bar in your browser (AVG and Crawler web security tool bars are good choices) as it detects the phishing automatically and do not allows you to visit Phishing Pages.
2. Trojans: Trojans are type to viruses that steals your information. It can be in many forms like Keyloggers or RAT's( remote administration tools). What a keylogger do is that it monitors all the keys that you have pressed from your physical keyboard and stores them in form of a log and send these details to hackers. RAT's are advanced form of Keyloggers that remotely monitors all your activities where keylogger is simply a functionality. Using RAT hacker can connect to your system anonymously i.e. without your information when you are online. RAT's have a huge list of functionality and these are best type of hacking tools available in the market. Now How you will protect yourself from Keyloggers? Just keep your antivirus updated and install Keyscramber that encrypts your keystrokes. Now why i haven't mentioned RAT there is because once the RAT enters your system you cannot do anything other than formatting your system. So RAT's attack only can be prevented before they enters in your system. For preventing from RAT's Please do not download any software or cracks or keygens online. Also avoid downloading freewares from new websites use certified websites only like CNET, filehippo etc.. Also please avoid testing fake hack tools (recommended for hackers) because most hacking tools have keylogger and RAT's attached to them. Test it under secured conditions like on Virtual Users. Means install virtual operating system user Virtual PC or Virtual Box and then test them there.
3. Hijacking: Most of us uses Wireless Networks to access the internet and data flow in form of packets and channels. And we know that Wireless are easier to hack as they have very weak encryption. So Hackers hack the wireless networks and using ******* Hijacking they take control of the internet data transfer and redirects the user from original path to their path. Means suppose you are visiting Google or Gmail or Facebook, then hacker when get access then he can redirect you to any of the page and capture you account details. Packet sniffing is another way to hack the account information and credentials using the wireless networks where Hackers captures packets and decrypt these encrypted information to get the information in form of plain text. Now how you will prevent this? Its also pity simple to prevent this, you need to hide you SSID and BSSID from being discovered by the other networks. Just leave the SSID or BSSID empty for that. Now hacker will not be able to discover your wireless router so he will not been able to hack it.
0 comments:
Post a Comment