CPIS 606 - IS Auditing Assignment 4: Hacking Credit Cards

Verified

Added on 2023/04/11

AI Summary

This assignment delves into the realm of information system auditing, specifically examining credit card hacking vulnerabilities. It begins by identifying the SSL (Secure Socket Layer) exploit as the primary vulnerability targeted by hackers, detailing how they exploit it through the SSL MITM (Man-in-the-Middle) attack. The assignment then outlines the type of sensitive information and data, such as credit card details, that hackers can gain, emphasizing the potential for financial theft and identity compromise. It proceeds to explain the methodology of the hack, including Wi-Fi network compromise, redirection of data, and DNS spoofing to replace SSL certificates, and the use of tools such as Arpspoof and Cat Command. The student's interest in this particular hack is rooted in the widespread use of credit cards and the misconception about SSL security. The assignment concludes by proposing mitigation strategies from both the user's and corporate's perspectives, including careful inspection of SSL certificates and the implementation of advanced security features. The assignment is supported by references to relevant research papers.

Running head: INFORMATION SYSTEM AUDITING
Information System Auditing
Name of the student:
Name of the university:
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION SYSTEM AUDITING
Hacking Credit Cards with RFID chip
a. What is the vulnerability being exploited?
In today’s era of digital world, online shopping and fund transfers are
commonly done and while doing this the credit card or the debit cards play a function
able role there. All types of fund transfers related to internet banking or credit cards
are done on the e-commerce websites using the method known as SSL or secure
socket layer. It is believed that this layer provides a secure connection and prevents
the credentials from being hacked but it is this SSLs only which hackers’ exploits by
easily breaking them (Krishnakumar). Thus the whole process of hacking takes place
with the well-known exploit called as the SSL MITM.
b. What information or data can be gained by a hacker exploiting this
vulnerability?
The reasons for which hackers often targets the e-commerce websites are
many. While exploiting the vulnerability of the Secure Socket Layer protocol present
in every website, the hackers tries to disrupt the services of the website and as a result
tries to steal important information about user’s credit card or banking system which
are later used by them to steal money (Cao, Yinzhi, Xiang Pan, and Yan Chen). With
the advent of online transaction methods, it has become much easier for the hackers to
steal money by merely just breaking the SSL layer. Another main reason for hackers
to exploit the websites security vulnerability is to get hold of important information
about some valuable persons. Hackers get hold of the credit card details knowing the
social security number and thus creating an open line for crediting and draining
accounts of the user.

2INFORMATION SYSTEM AUDITING
c. How is the hack performed?
A hacker performing this attack first hacks the Wi-Fi network to which the
user is connected. A series of utilities gets sent to redirect the information and data of
other users through the machine. Along with this utility more number of sniffing data
which are acting as the SSL certificate server. The hacker then acts as the man in the
middle and using the technique called Arpspoof the IP address off the user is easily
determined. This enables him to connect to the Wi-Fi network. In the next step the
hacker performs the DNS spoofing in order to replace the original SSL certificate
with his fake and thus controls the whole web session. A simple Cat Command is
operated in order to view the hacked data by decrypting the SSL information.
d. What about this particular hack interested you specifically?
This particular hack seems to be much interesting than the others as we use
credit cards in our daily life to process our daily transactions online. It is necessary to
know the vulnerabilities associated with it as major of our credential information are
stored there hacking of which will lead to major disruption. There are many ways by
which a hacker can get hold of the credit card information but exploiting the SSL is a
unique and most probably the easiest one. SSL which are provided in every website
are believed to be one of the secured route in order to proceed with online transaction
but this misconception about it is something new and thus the whole hacking process
seems to be interesting to me.
e. How do you think this particular hack could be mitigated?

3INFORMATION SYSTEM AUDITING
In order to mitigate this hack steps should be taken from both the user end as
well as from the business end where the attack is taking place. For the user end
following some mitigating techniques will prevent this hack which are as follows:
i. It is better to click the no option after viewing the SSL certificate (Felt et al.).
ii. They should take enough time to read and understand the security message as
displayed on the screen.
For the corporates end some measures that can mitigate the hack are as mentioned:
i. Providing detailed knowledge to the end users about the hack and how it takes
place.
ii. Asking end users to use advanced features like the Juniper’s Secure Application
Manager in order to protect the SSL from being exploited (Leu et al.).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION SYSTEM AUDITING
References:
Cao, Yinzhi, Xiang Pan, and Yan Chen. "SafePay: Protecting against credit card forgery with
existing magnetic card readers." 2015 IEEE Conference on Communications and Network
Security (CNS). IEEE, 2015.
Felt, Adrienne Porter, et al. "Improving SSL warnings: Comprehension and
adherence." Proceedings of the 33rd Annual ACM Conference on Human Factors in
Computing Systems. ACM, 2015.
Krishnakumar, S. "Vulnerabilities in credit card security." Editorial Board 3.8 (2014): 86.
Leu, Fang-Yie, Yi-Li Huang, and Sheng-Mao Wang. "A Secure M-Commerce System based
on credit card transaction." Electronic Commerce Research and Applications 14.5 (2015):
351-360.