Nytro Posted November 18, 2013 Report Posted November 18, 2013 Money-making machine cashes in on currency trades By Mark Ward Technology correspondent, BBC News Dr Furtuna built a machine to read security codes on bank authentication devices A money-making machine that exploits rounding errors in currency exchanges in favour of bank customers has been built by a security researcher. If left to run at its top speed, the device could generate almost 70 euros (£58) a day by carrying out thousands of small transactions. The device was built to test the security of online banking systems. However, said experts, banks' anti-fraud systems would probably prevent the machine cashing in. Tiny trades The device was created by Romanian security researcher Dr Adrian Furtuna, who noticed what happened when certain amounts of Romanian leu were exchanged for euros. These transactions were rounded up in a customer's favour so they ended up with cash worth slightly more than they started with. "The trick is that users can choose the amounts that they want to exchange such that the rounding will be always done in their favour," Dr Furtuna told the BBC. The amounts involved are so small, 0.005 of a euro, that thousands of transactions are needed to generate a significant amount of money. Dr Furtuna, who works for KPMG Romania as a security analyst, set out to see if banks' online currency trading systems were vulnerable to large scale exploitation of this rounding error. The machine was needed because many banks use authentication gadgets to secure online transactions. These devices typically generate a short sequence of numbers that must be entered alongside other credentials when moving or exchanging money online. He automated the sequence by building a machine that could press buttons on the security device and read the code it generated as part of the authentication process. The response rate of the device limited the number of transactions that could be carried out, Dr Furtuna told the BBC. At most, he said, it could carry out 14,400 transactions per day. This means, at most, it could generate about 68 euros per day if left to run unchallenged. So far the device has been only proven to work in the lab, as the bank that asked Dr Furtuna to test its security did not give him permission to try it against its live online banking system. Swapping Romanian leu for euros let the machine cash in Separate research had shown that the online systems of at least five banks in Romania might be vulnerable to the money-machine attack, he said. Other banks in other nations might also be susceptible, he added. "Banks believe that nobody can do a high number of transactions in a feasible time since each transaction requires to be signed using the [authentication] device," he said. "By building this machine I proved that this assumption is wrong and transactions can be automated with or without an [authenticator]." Tod Beardsley, a security engineer at Rapid7, said such "salami slicing" attacks were well known, having been depicted in films such as Superman III, Hackers and Office Space. "Salami slicing attacks are usually illegal, since they usually add up to some kind of bank or tax fraud, or run afoul of anti-money laundering laws," he added. Many banks avoided falling victim to such attacks by imposing a minimum transaction size that removed the fractional error, said Mr Beardsley. Penetration tester Charlie Svensson, from security firm Sentor, said banks' anti-fraud mechanisms would probably spot and stop anyone trying to carry out thousands of tiny trades all day, every day. "I have the feeling that he would not be the first to do this, but banks tend to take notice when money goes missing," he said. "If there's one thing that banks worry about, it's money."Sursa: BBC News - Money-making machine cashes in on currency tradesNota: Tipu' e aproape la fel de bun ca mine Quote
Nytro Posted November 19, 2013 Author Report Posted November 19, 2013 Si Realitatea pulii:http://www.realitatea.net/un-roman-a-inventat-masina-de-facut-bani-cum-stoarce-legal-averi-din-banci_1320382.html Quote
TheTime Posted November 19, 2013 Report Posted November 19, 2013 O varianta beta a "masinii de facut bani" a fost prezentata la Defcamp, anul trecut. Presa e in urma cu un an de zile. Quote
NullCode Posted November 21, 2013 Report Posted November 21, 2013 Lol,Cu tipul ala am dat eu interviu acum muuult timp la KMPG Quote
Andrei Posted November 26, 2013 Report Posted November 26, 2013 O varianta beta a "masinii de facut bani" a fost prezentata la Defcamp, anul trecut. Presa e in urma cu un an de zile.Asa este. Anul trecut presa ne-a bagat foarte putin in seama cu ea, dar tot raul spre bine. Quote
mgt Posted December 1, 2013 Report Posted December 1, 2013 Da preluat de BBC a devenit subit stire si in RO... Quote
LLegoLLaS Posted December 10, 2013 Report Posted December 10, 2013 Trebuie sa ne confirme strainii ca e o stire demna de citit,ca noi nu ne dam seama (no sarcasm in there)BTW nice thinking Quote