ricky l • Remove
Compromising 1,560 accounts enmass are quite unusual.Reply
Keyloggers malware that infect so many accounts' end devices at one time though is possible but seems remote. Wonder how does the keyloggers malware infected the end-devices of so many Singpass users at one time to steal the userid and password?
Hacking by brute force also seems not realistic because :-
(1) when attempting to login with userid and supply a wrong password, security verification using Optical character will be needed.
(2) subsequent login with a few more try will casue the account to get locked up.
(3) too many failed attempts should also raised alarm - because i believe the application system log will pick up the many failed attempts on a particular account - and fit the profile of a brute force attack.
The likely way to steal a userid and password enmass is to compromise :-
(1) compromise the Directory Service or Identity Management System or Authentication System that keep all the userid and password of users.
(2) compromise the Database that store the userid and password
But the above seems to be ruled out because the Singpass system is not compromised.
Then wonder how is the authentication system compromised to steal so many id and password enmass (bearing in mind that other web sites will be directed to this authentication system for access management. And when the authentication system has successfully authenticated the user as valid and authorised will be redirecred to other authorised web sites for entry for eTransaction)?
ricky l • Remove
Unless the hacker can successfully do a "hijack" or "man-in-the-middle" attack by hijacking the userid and password when redirecting from the authentication system to other authorised websites or when other websites are redirected to this authentication system for access management.
If this happen, some authorised websites are compromised that cause the hijacking.
This is one route that investigation can focus on.
ricky l • Remove
One way to track "hijacking" or "man-in-the-middle" attack by compromising other websites before re-directing to the Authentication system or vice versa - is to check the profile of all the compromised SingPass users - what are the common websites they go to using Singpass?
Eg. is it checking motor website or what other website ?
ricky l • Remove
Eg. a hacker put a motor car for advertisement in a motor site and embed a keylogger script.
When an unsuspecting user click on the motorcar advertisement to check on the profile of the motorcar in the compromise website, it will need redirect to a lookalike Singpass webpage first, when user key in the userid and password, the keylogger script will capture the Singpass userid and password.
Thereafter, the keylogger will then send the Singpass userid and password for authorised login - and the Singpass user have no clue that their userid and password have been stolen by the phishing site through the keylogger script.
ricky l • Remove
The lookalike Singpass webpage - can be easily duplicated.
ricky l • Remove
Yap experimented - and the hijacking is possible.
ricky l • Remove
No need to hack the Singpass Authentication System - userid and password easily captured.
Caveat :-
For demo only - so that investigation can also look at this aspect of hacking to see is this how the hacker has stolen so many account ---- but don't look for me hor ---- for i am not the hackers ---- just have some insights on such tecnique of hacking that can steal userid and password enmass.....
No comments:
Post a Comment