“Credit Hackers": a banking manipulation technique

    We continue to cover the most interesting reports from the Defcon hacker conference. In addition to purely technical topics, other topics that were not directly related to IT were discussed there. For example, fraud technology with obtaining bank loans. A detailed report ( full text ) on this topic was presented by a well-known specialist Christopher Soghoian. It was his apartment for such antics in 2006 that the FBI searched (at that time he made a website to help print fake airline tickets that are no different from the real ones).

    Credit hacking is a list of legal tricks that are not prohibited by law and which do not include penetration into other people's computer systems. But in fact, these tricks are intended to deceive banks and credit bureaus. Due to the knowledge of the technologies of their work, and due to the excessive formalization of granting loans by them, smart consumers can receive loans with a zero rate and erase some information from their credit histories.

    First reception
    Filing multiple credit requests within a few hours to a number of banks. Since the request for a credit history is processed for several days, banks are not able to take into account parallel requests. That is, each of them acts as if a person has no other debts.

    This method can be used by citizens with a high credit rating. If you upgrade the rating to an acceptable level (this is quite simple), then you can start cards with an aggregate limit of hundreds of thousands of dollars at one point, take advantage of bonuses for opening a card, and also get a loan with a zero interest rate (this is a special offer for 12-18 months to repay old debts, it is practiced in almost all banks to lure customers: a credit hacker can instead of repaying debts put the entire credit limit on a deposit).

    Second reception
    A peculiar version of the famous hacker buffer overflow. Two of the three largest US credit organizations - Equifax and Transunion - store credit history records that are issued in response to requests from banks in a buffer of a certain size. That is, if you establish a constant flow of requests for this paid service, then the buffer will be completely updated in 2-4 days. And if your dossier has disappeared from the buffer, then the bank in response to its request will not receive information on the basis of which it could refuse you a loan.

    In fact, credit hacking aims to hack the largest credit bureaus, of which there are three in America. These center organizations play the role of both reputation systems and social responsibility systems. Read more about attacks on reputation systems here .

    viaWired

    Also popular now: