"Credit hackers": the method of bank manipulation
We continue to cover the most interesting reports from the hacker conference Defcon. In addition to purely technical topics, they also discussed other topics that are not directly related to IT. For example, technology fraud with obtaining bank loans. A detailed report ( full text ) on this topic was presented by renowned expert Christopher Soghoian. It was his apartment for similar tricks in 2006 that searched the FBI (at that time he made a website that helps print out fake air tickets that are no different from real ones).
Credit hacking is a list of legal methods that are not prohibited by law and that do not involve penetration into other people's computer systems. But in fact, these techniques are designed to deceive banks and credit bureaus. Due to the knowledge of the technology of their work, and due to the excessive formalization of the issuance of loans by them, smart consumers can receive loans with a zero rate and erase some information from their credit histories.
Reception first
Submission of multiple loan requests within a few hours to a number of banks Since the request for credit history is processed for several days, banks are not able to take into account parallel requests. That is, each of them acts as if the person has no other debts.
')
This method can be used by citizens with a high credit rating. If you pump the rating to an acceptable level (it’s pretty simple), then you can at one moment get cards with an aggregate limit of hundreds of thousands of dollars, use bonuses for opening a card, and also get a loan with zero interest rate for repayment of old debts, it is practiced in almost all banks for luring customers away: a credit hacker can put the entire credit limit on a deposit instead of paying off debts.
Second reception
A peculiar version of the well-known hacker overflow buffer. Two of the three largest US credit institutions - Equifax and Transunion - store records of credit history, which are issued in response to requests from banks, in a buffer of a certain size. That is, if we establish a constant flow of requests to this paid service, the buffer will be completely updated in 2-4 days. And if your file has disappeared from the buffer, the bank will not receive information in response to its request, on the basis of which it could deny you a loan.
In fact, credit hacking aims at breaking into the largest credit bureaus, of which there are three in America. These center organizations play a role at the same time as reputation systems and social responsibility systems. For more information about attacks on reputation systems, see here .
via Wired
Credit hacking is a list of legal methods that are not prohibited by law and that do not involve penetration into other people's computer systems. But in fact, these techniques are designed to deceive banks and credit bureaus. Due to the knowledge of the technology of their work, and due to the excessive formalization of the issuance of loans by them, smart consumers can receive loans with a zero rate and erase some information from their credit histories.
Reception first
Submission of multiple loan requests within a few hours to a number of banks Since the request for credit history is processed for several days, banks are not able to take into account parallel requests. That is, each of them acts as if the person has no other debts.
')
This method can be used by citizens with a high credit rating. If you pump the rating to an acceptable level (it’s pretty simple), then you can at one moment get cards with an aggregate limit of hundreds of thousands of dollars, use bonuses for opening a card, and also get a loan with zero interest rate for repayment of old debts, it is practiced in almost all banks for luring customers away: a credit hacker can put the entire credit limit on a deposit instead of paying off debts.
Second reception
A peculiar version of the well-known hacker overflow buffer. Two of the three largest US credit institutions - Equifax and Transunion - store records of credit history, which are issued in response to requests from banks, in a buffer of a certain size. That is, if we establish a constant flow of requests to this paid service, the buffer will be completely updated in 2-4 days. And if your file has disappeared from the buffer, the bank will not receive information in response to its request, on the basis of which it could deny you a loan.
In fact, credit hacking aims at breaking into the largest credit bureaus, of which there are three in America. These center organizations play a role at the same time as reputation systems and social responsibility systems. For more information about attacks on reputation systems, see here .
via Wired
Source: https://habr.com/ru/post/66083/
All Articles