facebook security, do change your password regularly

That's kind of like asking whether a really clever thief could pick this $300 deadbolt lock on your front door next to the bay window.

If he were that clever, he'd just chuck a rock through the window.

In the same way, it is harder to hack into a bank than it is to get a job working on their computers. Which, in turn, is harder than getting a job working at the teller counter. Which is harder than putting on a suit and running con games in the parking lot. Which is harder than sending out a bunch of phishing spam.

I've worked on bank security. It's obscenely difficult to break into it, because that's what people worry about: could someone break into the computer and steal the data? And honestly, it's so close to impossible, you might as well just go ahead and say it can't be done. You could do it, but you'd get caught, and fast. You'd have good data in your hands for a couple of days at best, and then you'd just have a thumb drive full of incriminating evidence.

Real criminals don't even bother anymore. It's not the bank they attack, it's the customers. It's much easier to get YOU to install some funky toolbar on your machine that watches for you to log into banking sites, then silently forwards information to an organised crime ring.

Here's some food for thought. Remember Superman 2, where Richard Pryor sent all the rounded-off partial cents to his own account and stole millions of dollars? The modern version of that is to make bogus charges of just a few dollars. Most people don't read their statements. Those who do aren't going to sit on hold for twenty minutes over a $4 charge. It's just not worth it. So the real financial fraud people are casually tossing out thousands of $4 charges a week, knowing that hardly anybody is even going to notice.

Inquiring minds want to know ....
Why in the world are you asking?

There's something most people don't take into account with electronic banks, currently the law is setup to make it a felony to hack a bank, getting worse, if you're in one state and the bank is in another it's a federal felony. Most convictions for something along these lines come with the stipulation that you'll not be allowed to use a computer again for 5-10 years after getting out of prison, hackers generally are computer enthusiasts it's more about can they do something than any particular gains for doing it. With this particular topic though, the risks are just too high.

This is something not entirely related, but it has certain similarities. I've read some post a few months ago about how social engineering works perfect if you want to do dirty movie-kind schemes. If only I could find that post now...

Ah yea, here it is - good ol' shoemoney

Think You Can Disappear?

However, I doubt that it would be an easy task to hack the bank account, although I've read somewhere that it's possible for hackers to shut down virtually all Internet cuz of some "Weak points". Now you can kill me, but I don't know where I read that - I think it was Wikipedia about some famous "hacker's summit" taking place around the world once every year.

Well, Facebook is clearly not a bank is it?!

Well, I happen to have been involved with 2 stings, read two famous books on the subject, and have known two world famous hackers. I also read TONS of security books, etc....

NOW, as for hacking into a bank in a MEANINGFUL way, it would PROBABLY require some specialized knowledge, etc... A decent bank won't even allow you to do online banking! What YOU would be doing when you THINK you are doing online banking is having an application run another application on ANOTHER system and the only way you could access it outside of the website would be to logon to the primary system, and use IT to access the secondary system in a proprietary way. Any programs should be C or java, etc..., so it would not be so easy to figure what they are doing.

Of course, there are ALWAYS stupid companies, etc...

But the deal about just any good programmer being able to break into ANY system and start transferring funds is a MYTH!

ALSO, I don't know if ANY bank uses windows for its accounts. I have yet to see ANY that do. FURTHER, updating the system would require superuser privileges which are usually not able to be accessed, so EVEN if viruses existed, they wouldn't work. Maybe THAT is why I have NEVER heard of an antivirus for HP/UX, AIX, solaris, IBM mainframes, etc...

AGAIN, some routines, like Email, webservers, etc... USED to be run as root. Due to the use of buffer overruns to get access, any DECENT UNIX admin now runs those under a special RESTRICTED user!

FURTHER, databases are generally NORMALIZED! THAT means that customer data is kept SEPARATE from meaningful accoount data so joining THAT data requires MORE access/knowledge.

BTW one of the hackers I knew broke into AT&Ts system. He got locked up, in jail, for several years because of it. Sometimes the mere ATTEMPT could be considered a felony.

And DON'T think it is that easy either. I was once working with a bank, LEGITIMATELY. I had trouble finding something, so I looked for it, with find. Less than a minute later, the admin called me up on the phone to ask me WHY! He saw what I did, traced it to the access, and called me. And that was just a harmless non invasive thing to only look at the directory.

Look at wargames, and office space. The way they break into computers, steal funds, are VERY realistic, even if little else is.

BTW I ALSO researched deadbolts and lockpicking. The BEST one DOES have a model that, in the 1990s cost $300! Don't waste your money, most can't copy the key on the $100 version, and the only difference is that the $300 version requires the company to send you a duplicate. The only way to break in is really to drill into the core, and trip the mechanism, but they added a sleeve to prevent that. Like CDarklock said, the best way is to just break the window, or cut through.

Steve