Once again about the security of RBS systems

The information security forum Positive Hack Days , held these days at the Digital October technocenter, presents a separate section called “How do they protect money?”, In which leading Russian and foreign experts consider the problems facing the banking security industry.

For one of the contests (“ Big $ h ”), we have developed our own RBS system from scratch, which contains typical vulnerabilities identified by Positive Technologies experts during security analysis of such systems.



The bidders had to demonstrate their knowledge and skills in the field of exploiting typical vulnerabilities in the RBS systems. In our “secure” Internet bank (as close as possible to the real one) there was a certain amount of money.
')
Hackers had to detect the vulnerabilities of the RBS system and at the second stage of the competition for a limited time to use them for unauthorized withdrawal of funds. The amount withdrawn eventually went to the winner. After the end of the competition, hackers could cash in prizes at an ATM using PHDays branded cards (photo report here ).



However, this is not all! We will repeat this competition, only now the teams participating in Positive Hack Days CTF will work on protecting the RBS systems (they will have 4 hours to find and fix vulnerabilities), and the Internet users will conduct attacks during the Online HackQuest competition. May 31 at 18:00 through VPN Internet users will get into the CTF network and start attacking the RBS systems.

Using the vulnerabilities of RBS systems and transferring money from the accounts of CTF members, you can influence the rating of participating teams in PHDays CTF 2012 .



RBS test systems are available at the following links:

• Only application source with a test base ;
• virtual machine with an installed RBS system .

To withdraw funds, you can use any of the four accounts:

• 91307430600804200281 - Anonymous;
• 91307430600372200346 - LulzSec;
• 91307430600128500473 - Offshore of Potato;
• 91307430600296700514 - International Fund for French Fries Welfare.

Repeat the success of the participants of the competition "Big ku $ h"! Enjoy the hacker battle with the participants of CTF and “pump over” the skills of detecting and using typical vulnerabilities of RBS systems.

PS Recall that the above-mentioned RBS system was developed by the specialists of Positive Technologies company specifically for the competitions within the framework of the PHDays 2012 forum. It is NOT a system that actually works in any of the existing banks; while it is as close as possible to similar systems and contains their characteristic vulnerabilities.