Tagovi

mirko-test

Poštovani PBZ i ostali, dragi prijatelji, suradnici i znanci /
Dear Privredna Banka Zagreb and others, dear friends, associates and acquaintances,

Dugogodišnji sam korisnik sam Privredne Banke Zagreb, vjernog, pouzdanog i u svijetu prepoznatog partnera kako u privatnom životu tako i u poslovnom svijetu.
Kad god sam imao zahtjev prema PBZ-u, bilo privatne ili poslovne naravi, bilo moguće suradnje, uvijek su mi vrata Vaše banke bila širom otvorena. /
I'm a longtime user of PBZ (and may other banks), faithful, reliable and worldwide recognized partner both in private life and in the business world.
Whenever I had a request to PBZ (or any other bank), whether private or business nature, any possible cooperation, we always have the door of your (or any other) bank wide open.

Obraćam Vam se ovim putem u povjerenju, radi važne i za PBZ možebitno presudne eventualne buduće suradnje. /
I turn to you this way in confidence, for the important future cooperation, possibly decisive for PBZ (and may other banks) in near future.

Naše poduzeće se između ostalog, a prema posebnim narudžbama, bavi penetracijskim testovima na sustavima visokog rizika za poslovanje.
Nedavno smo izveli mirko-test, kao pripremni test za Grand Scenario: kolaps Privredne Banke Zagreb. /
Among other things, our company deals with penetration tests on high-risk systems, always ordered by special request.
We recently performed a Micro-test, as a preparatory test for the Grand Scenario: the collapse of Privredna Banka Zagreb.

Uvod / Introduction :
Prema javno dostupnim podacima može se dovoljno precizno izračunati broj aktivnih kreditnih kartica „American Express kartica sa srcem“ te količina dnevnih transakcija na sustavu.
Uz znanje prethodnih podataka može se dovoljno precizno pretpostaviti vremenska i lokacijska distribucija transakcija.
PBZ American Express kartica sa srcem deklarativno nema limita, no mirko testom je ustanovljeno kako je on postavljen negdje oko 100.000,00 kn /
According to publicly available data, the number of active credit cards "American Express Card with a heart" and the amount of daily transactions on the system can be calculated sufficiently accurate.
The knowledge of previous data may be accurate enough to assume timeline and locations of distributed transactions.
PBZ American Express card with a heart is declarative no limit card. Micro test confirmed that limit is set at amount around 100,000.00 HRK.

Obavljene pripremne radnje / Performed preparatory tasks :
Podignut Amex kredit cca 50.000,00 kn
Provučeno cca 10.000,00 kn kroz transakcije. /
Raised Amex credit approx 50,000.00 HRK
Swiped approximately 10,000.00 HRK through the transactions.

Prvi set zaključaka / The first set of conclusions:
Prvi upiti iz PBZ-a dolaze putem telefona nakon nekoliko dana.
Unutar roka R-NB, telefonom je sugerirano kako je kartica blokirana. /
The first inquiries from PBZ came by phone a few days later.
Within the time limit of tR-NB, it was t suggested by phone that the card has been blocked.

mirko-test / Micro test:
Unutar vremenskog perioda tT/0-24 u trajanju maksimalno 24 sata /realno trajanje je bilo 5-6 sati/ kartica preko POS-a zadužena daljnjih 40.000,00kn /
Within a time period tT/0-24 lasting a maximum of 24 hours / real duration was 5-6 hours / card was charged further 40.000,00 HRK via POS.

Drugi set zaključaka / The second set of conclusions:
Kartica nije bila blokirana unatoč sugestiji iz poziva. (vidi: Prvi set zaključaka)
Sistem ranog alarma je dozvolio zaduživanje preko POS-a u iznosu cca 40.000,00kn unutar vremenskog intervala tT/0-24, na kartici prethodno zaduženoj cca 10.000,00kn preko POS-a i cca 50.000,00kn kreditom.
Uz odgovarajuću pripremu pojedinac se može zadužiti do 100.000,00kn, bez poluge osiguranja naplate. /
The card has not been blocked despite the suggestion given before. (see: The first set of conclusions)
Early alarm has allowed raising of debt on card through POS in the amount of approximately 40,000.00 HRK within the time interval tT/0-24, at the card previously in debt approx 10,000.00 HRK via POS and approximately 50,000.00 HRK loan.
With adequate preparation any individual can be indebted up to 100,000.00 HRK, without any collateral leverage.

Zaključak, rezultat mirko-testa / The conclusion, the result of Micro test:
Imajući u vidu gore navedeno, dokazano je kako je Grand Scenario izvediv.
Štoviše, izvediv je unutar intervala t-GS vremenskog trajanja 24 sata. /
Bearing in mind all the above, it has been shown that the Grand Scenario is feasible.
Moreover, it is feasible within the interval t-GS of 24 hours.

Objašnjenje:
Na tržištu Republike Hrvatske, prema našim procjenama izdano je dovoljno American Express i ostalih PBZ kartica (osobno sam korisnik dvije Mastercard, jedne Visa, i jedne American Express kartice) da napad bude izvediv. /
According to our estimates, there is enough American Express and other PBZ Cards on the Croatian market (I personally use two Mastercard, one Visa, and one American Express card) to preform full, wide range attack.

Post festuum / Post factum:
Jednom izvučen iz banke, novac se može uz faktor 0,37 – 0,64 pretvoriti u crypto valutu (Bitcoin npr.) nakon čega mu se gubi svaki trag. /
Once pulled from the bank, money can be converted to crypto currency (Bitcoin for example) at the factor from 0.37 to 0.64. After that action money has disappeared without a trace.

Naš prijedlog / Our proposal:
Suradnja u kojoj PBZ-u i drugim bankama nudimo sustav rane zaštite i prepoznavanja ovakvih i ostalih malicioznih napada. /
Cooperation with PBZ and other banks in which we offer a system of early detection, recognition and prevention of these and other malicious attacks.

p.s. Sadržaj ovog pisma mogao bi uskoro biti distribuiran putem društvenih mreža, kao i drugim kanalima, neovisno o daljnjem razvoju događaja. /
P.S. The contents of this letter may be distributed through social networks soon, regardless of further development of situation.

Prilozi / Attachments:
Usporedna tablica broja upotrijebljenih kreditnih kartica, jačine financijskog udara na PBZ, čista dobit od napada. /
Comparative table with the number of credit cards used, the strength of the financial impact on the PBZ, and the pure profit from the attack.

Srdačan pozdrav,

Harlekino

Tagovi

Najkomentiraniji članci

Najviše ocijenjeni članci

Najčitaniji članci