Wednesday, June 20, 2012

CoBank & CitiBank - Internal Access - Hacked!


Moreover, I have internal access to three or so banks. Amongst those affected include:

[+] Citibank
[+] CoBank

[+] CoBank:

I've roughly had access to CoBank for over a year now. I was just waiting for the golden moment. I knew that over the years more systems would be copulated. I decided I'd just wait till more data got en route. If I were to post this last week, Bank Information would be spilled and spread all over the Internet internationally. I didn't though, I'm doing the right thing. My job is simple, I fill out a report for you guys to read, and I pass it onto the ones vulnerable.

Keep in mind, I did this when I was the bad guy!

----------
MX Records:
----------
NS      sdnpdnse2.cobank.com    199.197.25.20   sdnpdnse2.cobank.com
NS      schrdnse1.cobank.com    199.120.173.3   schrdnse1.cobank.com
NS      sdnpdnse1.cobank.com    199.197.25.19   sdnpdnse1.cobank.com
----------
Mail Exchange:
----------
=> mailbox.cobank.com   199.197.25.18
=> relay.cobank.com     199.197.25.17
-----------
Logins:
-----------
karthik.b512@gmail.com:cobank:9492966714
Surya@gmail.com:N'Account:9490348032
-----------

Access to affiliated Banking Software >> Uplink >> Update >> FTP info >> FTP User: Admin - FTP Pass: 123456 >> Access to key systems CoBank was using.

I setup some Malware to play with sometime go. I'm sure you'll get a laugh out of this:

http://leakster.net/external/Data.txt

Stupid dev, huh? I removed everything that could be used to harm the safety of customers. I've got access to internal and external systems. I plan on calling CoBank sometime next morning to resolve the Security issue.

[+] Citibank

Basically, deja-vu.

Access to affiliated Banking Software >> Uplink >> Update >> FTP info >> Access to key systems Citibank was using. I didn't have much time to play with this, I did have some Malware running though. I got thousands of logins from it. I grave-digged some logs for you guys:

0001    0003    006     000     3G      008     3G TECHNOLOGIES 3G TECHNOLOGIES                 A       1/1/2008        22-12-1428              006     060005          203010100001    000076  QASIM   U       7/23/2008 4:05:29 PM                  
        0001    0003    006     000     ABDULLH 008     Abdullha Fuad Holding Co.       Abdullha Fuad Holding Co.                       A       1/1/2008        22-12-1428              006     060013          203010100001    000086  BCS     N       11/5/2008 11:08:29 AM                 
        0001    0003    006     000     ACP     008     Arabin Computer Projects Co Ltd Arabin Computer Projects Co Ltd                 A       1/1/2008        22-12-1428              006     060005          203010100001    000080  QASIM   U       7/23/2008 4:05:19 PM                  
        0001    0003    006     000     ACS     008     Access Control - Added by Injazat       Access Control - Added by Injazat                       S       1/1/2008        22-12-1428              006     060001          203010100001    000067  QASIM   U       7/23/2008 4:05:35 PM                                  
        0001    0003    006     000     ADAPTIV 010     Adaptive Measuring & Control LLC        Adaptive Measuring & Control LLC                        A       1/1/2008        22-12-1428              006     060005          203010100001    000082  QASIM   U       7/26/2008 10:58:34 AM                 
        0001    0003    006     000     AFLAK   008     AFLAK ELectronic Industries Co. ÃÝáÇß ááÕäÇÚÇÊ ÇáÇáßÊÑæäíÉ                      A       8/2/2010        21-08-1431              006     060001          203010100001    000098  HAMID   N       8/2/2010 4:41:41 PM                   
        0001    0003    006     000     AFT     008     ADVANCED FIREFIGHTING TECHNOLOGY GMBH   ADVANCED FIREFIGHTING TECHNOLOGY GMBH   0       0       A       1/1/2008        22-12-1428      AFT     006                     203010100001    000001  BCS     N       1/27/2008 8:39:04 PM                                  
        0001    0003    006     000     AFTDUBAI        008     HITECH FZE      HITECH FZE      0       0       S       1/1/2008        22-12-1428      AFTDUBAI        006     060002          203010100001    000002  BCS     U       3/19/2008 6:06:16 PM                                  
        0001    0003    006     000     ALBAES  008     Alia Banajah Est. 2 The Point   Alia Banajah Est. 2 The Point   0       0       S       1/1/2008        22-12-1428      ALBAES  006     060005          203010100001    000003  QASIM   U       4/15/2008 4:18:01 PM                                  
        0001    0003    006     000     ALIAN   008     Alian International Corp.       Alian International Corp.       0       0       A       1/1/2008        22-12-1428      ALIAN   006                     203010100001    000004  BCS     N       1/27/2008 8:39:04 PM                                  
        0001    0003    006     000     ALMANS  008     AL MANAMAH SERVICES     AL MANAMAH SERVICES     0       0       S       1/1/2008        22-12-1428      ALMANS  006     060005          203010100001    000005  QASIM   U       4/15/2008 4:19:04 PM                                  

The Malware has been affective since '08.