What if China is using their well known hacker resources to secretly build a giant list of username password combos like this guy, but on a massive scale.
They could use botnets to log in to hundreds of thousands of bank accounts and transfer money. There wouldn't be an easy way to detect them because they'd look like legitimate transactions, and the only option would be to temporarily shut down online banking transactions.
I wonder how much of a disruption they could cause?
Targeted stikes, yeah, it can work. Massive downloading of gmail account passwords, NOPE. It will set off internal alarms. But yeah, to target one individual, it is indeed possible and they did a string of those when they cracked the rotating RSA key.
Do you have a reference for people doing an online brute force attack in the RSA attack? IIRC the only brute forcing they did was offline (i.e. cracking hashes that they had locally).
Or maybe that's what you were saying, and I'm just misunderstanding you :).
They could use botnets to log in to hundreds of thousands of bank accounts and transfer money. There wouldn't be an easy way to detect them because they'd look like legitimate transactions, and the only option would be to temporarily shut down online banking transactions.
I wonder how much of a disruption they could cause?