Entering By The Backdoor: Understanding Cybersecurity and Online Banking in Singapore
June 1, 2018
Carelessness among Internet-banking users and trust issues combine to make financial accounts increasingly vulnerable in a world where greed is the motivation for successful backdoor on-and-offline penetration.
You recently used your local Singapore bank account to make payment for a loan as well as to transfer money to your wife’s foreign account in Hong Kong. Perhaps unknown to you is that someone apart from bank officers are monitoring your online financial transactions. All Singapore banks must adhere to Monetary Authority of Singapore (MAS) guidelines which many complain are onerous but others believe are necessary to safeguard retail and corporate customers. This comes after a wave of hackers who successfully hacked into the Ministry of Defence (MINDEF) and other government accounts. That itself came after the anonymous hacker threatened Singapore leaders and Singaporeans through an incredibly invidious announcement that appears across the computer screen in the form a Messianic message.
The next effect thereafter is a rise in online purchases of security software. Yet, cybersecurity cleaners also are known to deliver malware ads that sometimes embed themselves secretly deep within the PC or Mac (despite the secure sockets layer, SSL, and other security implants) while most Mac malware remain dormant for years. The main culprit in PCs involves exchanges of bits of information through cookies. The web-surfing application browser requests an ID tag and an exchange of SSL certificates ensues. Further checking within seconds enables digital acknowledgements that initiate SSL encrypted sessions. While this exchange has worked well for many years, hackers have invented new means of entering through the backdoor of the PC, say for example when the user logs off but keeps the PC on or Mac in sleep mode. Hackers damage security tools to enable malicious tools to become activated when Web sites are visited again or whenever the time clock changes. This is particularly dangerous when financial software that is used by stock exchanges and banks for online banking contain free and hence partially installed security tools that contain such malware, adware, and time-initiated apps. SSL does not provide any security encryption and remains open to security breaches in the process after the handshake occurs.
Other compromising situations often arise over and above such issues and problems. Many online banking security tools that demand specific administrative privileges can also act as convenient tools for compromising their own processes. Even the double authentication keys employing hardware and software components, user-friendly passwords, and identity authentication modalities are insufficient to safeguard identity and online financial theft. Cyber crime is after all also a crime just that it is committed effectively online without the users’ knowledge.
In a recent illustration, Apple’s new High Sierra Mac operating system (OS) which was launched in September 2017 has a single security vulnerability vis-à-vis the keychain password. Some American-based cyber-analysts believe that this is the main vulnerability in High Sierra’s high performance OS. However, the Mac users I spoke to who use the new Mac OS have not experienced any hacking attempts. But cyber analysts believe those passwords would enable hackers to run malicious codes designed to steal the saved passwords from the Mac OS keychain. However, I am relatively confident that while the keychain password may fall prey to successful malicious codes, it remains virtually impossible to unlock what is known as the master password without root privilege authentication for the user or unless the user had left the master password soft prompt blank. Banking or financial application software Internet banking users who make use of the new Mac OS however do not appear to have given feedback of any known or suspected hacking attempts or loss of identity or notifications (on the handphone or other devices) signifying or showing a message that allows for keying in a new password or an existing one.
Most people who have suffered identity theft are not aware of such theft. Many presume that having simple virus protection software is sufficient. People are also not aware of the profile of Web hackers specialising in banking identity theft activities. The United Kingdom (UK) counterterrorism police for example were secretly informed of a British retiree, an old lady, who committed an act in contradiction to the UK Official Secrets Act in the summer of 2016. The lady is believed to be a disgruntled ex-civil servant who had used old passwords that were unchanged in order to hack into other people’s banking accounts via documents the victims had submitted online to government as payments from their own local banks.
In conclusion, backdoor entry into user accounts share the following commonalities: (1) purchase of refurbished or secondhand hardware that contain unwashed malware and other hidden executable files; (2) sharing of online passwords and other personal information with family members, so-called “experts” who sell their PC and Mac solving solutions; (3) carelessness and saving of information on multiple devices for multiple accounts; (4) trusting unused and foreign or alien invitations to freebies riding on Internet banking and online rewards Web sites and login accounts; and (5) leaving the computer on for weeks with data sharing and remote access functions in the “on” mode. Carelessness among Internet-banking users and trust issues come together to make financial accounts increasingly vulnerable in a world where greed is the motivation for successful backdoor penetration both online and offline.
Copyright © 2018 Singapore Institute of Management
Article Found In
Issue 2, 2018